Skip to content

Instantly share code, notes, and snippets.

View SanariSan's full-sized avatar
😯
1 2 Fizz 4 Buzz

SanariSan

😯
1 2 Fizz 4 Buzz
  • krak.ai
  • Georgia, Tbilisi
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active November 16, 2024 12:28
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

This is a collection of Ubuntu fixes for Lenovo Legion 5i

Tested on: Lenovo Legion 5i with below specs:
AMD® Ryzen 7 4800h with radeon graphics × 16
NVIDIA Corporation / NVIDIA GeForce RTX 2060/PCIe/SSE2

1. GPU ISSUES for RTX 2060:

nvidia-driver-470 - HDMI doesn't have to work from the beginning
nvidia-driver-495 - HDMI works from the beginning, unstable (random reboots)\

@avivace
avivace / telegramRestore.md
Last active November 9, 2024 16:02
Restore deleted Telegram messages from groups

Restore deleted Telegram messages, medias and files from groups

There's not telegram API method for this, we need to call MTProto methods to retrieve messages from the "Recent Actions" (Admin Log) since deleted messages (and medias) gets moved there for 48 hours before the permanent deletion.

from telethon import TelegramClient, events, sync
from telethon.tl.types import InputChannel, PeerChannel
@f0r34chb3t4
f0r34chb3t4 / keys.txt
Created April 9, 2019 16:42
Proxifier.txt
Portable Version KEYS:
P6Z3T-UYJC9-YAK3F-APN9M-6ZDSD
FGZPK-93CWX-Q33Y6-D5URV-YXC3X
9CZQX-9YAQA-PF33L-XVUQH-NSD48
8RZ3L-H3Y5L-W2RY5-Z5M8N-C7Z2U
CCZNU-LW3LF-K9V2T-MYZFF-94667
EWZM6-3W4UX-KH922-C96GK-VGBH2
Standard Version KEYS:
4AZNW-S2YHE-LLMWM-J6EL8-7QKDL
@anabadce
anabadce / alb-redirect-only.yaml
Created March 21, 2019 02:10
AWS CloudFormation template: ALB (Application Load Balancer) that only redirects requests (http and https) to new host, no targets
AWSTemplateFormatVersion: '2010-09-09'
Description: 'ALB Application Load Balancer for redirection only'
Parameters:
MyALBName:
Type: 'String'
Default: 'alb-redirect'
VPC:
Type: 'AWS::EC2::VPC::Id'
Default: 'vpc-********'

Demo:

Spoiler warning

Spoiler text. Note that it's important to have a space after the summary tag. You should be able to write any markdown you want inside the <details> tag... just make sure you close <details> afterward.

console.log("I'm a code block!");
@gboudreau
gboudreau / AuthyToOtherAuthenticator.md
Last active November 17, 2024 04:56 — forked from Ingramz/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Exporting your 2FA tokens from Authy to transfer them into another 2FA application

IMPORTANT - Update regarding deprecation of Authy desktop apps

Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.

And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export to tokens.

If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.

@moehlone
moehlone / make_writable.js
Created March 17, 2016 08:27
Make JavaScript readonly propertys writable (example for overwriting navigator.userAgent; useful for unit tests -> browser detection)
/**
* Creates a read/writable property which returns a function set for write/set (assignment)
* and read/get access on a variable
*
* @param {Any} value initial value of the property
*/
function createProperty(value) {
var _value = value;
/**
@19h
19h / reset.js
Created February 19, 2013 22:51
Node.js — Clear Terminal / Console. Reset to initial state.
console.reset = function () {
return process.stdout.write('\033c');
}