Skip to content

Instantly share code, notes, and snippets.

View Tethik's full-sized avatar
👾
Up to no good

Joakim Uddholm Tethik

👾
Up to no good
68 followers · 64 following
View GitHub Profile
@Tethik
Tethik / bitbucket-build-spoofing.py
Created February 26, 2024 21:58
import sys
import requests
import dotenv
import os
dotenv.load_dotenv()
domain = os.environ["BITBUCKET_DOMAIN"]
user = os.environ["BITBUCKET_USER"]
password = os.environ["BITBUCKET_TOKEN"]
@Tethik
Tethik / README.md
Last active June 21, 2021 23:13
Quick and dirty writeup for WeCTF 2021 CSP2/3

CSP2/3 Not-Writeup

My solution for CSP2 and CSP3 challs in WeCTF 2021. https://github.com/wectf/2021/tree/master/csp3

The python app was hosted on a server we controlled (http://bln.nu:1337), the payload sent to the "admin" browser was simply that url.

The server would first create a post on the CSP site, the content did not matter, I just needed the hash. The page would open an iframe containing the hash, as well as an injection for the unserialize call being made in the PHP code on the &user GET parameter (see serialize.php). This would tamper with the CSP Header sent back to set

@Tethik
Tethik / requests-brute.py
Last active February 25, 2021 00:23
Example of a quick and dirty way to bruteforce requests
import requests
import sys
import threading
def trial(sem: threading.BoundedSemaphore, token):
while True:
try:
resp = requests.get(f"http://whatever?token={token}")
if resp.status_code == 200:
@Tethik
Tethik / commit-msg.sh
Created August 13, 2020 16:42
#!/bin/bash
TICKET_REGEX="^(([a-zA-Z]+)\-([0-9]+))"
BRANCH_REGEX="^(feature|chore)\/(([a-zA-Z]+)\-([0-9]+))\-.*"
branch=$(git branch --show-current)
if [[ $branch =~ $BRANCH_REGEX ]]; then
ticket="${BASH_REMATCH[2]}"
content=$(cat $1 | grep -v '^#')
@Tethik
Tethik / search.go
Last active August 1, 2020 13:28
not so efficient file searching
type Searcher struct {
data []*DesktopApp
}
func SearcherNew() *Searcher {
// TODO: might be worth caching / indexing here somehow.
var all []*DesktopApp
paths := applicationDirs()
log.Infof("Application dirs:\n %s", paths)
@Tethik
Tethik / keybase.md
Created April 3, 2020 17:25

Keybase proof

I hereby claim:

  • I am tethik on github.
  • I am tethik (https://keybase.io/tethik) on keybase.
  • I have a public key ASAx8Zs02f7OxxMrjCjskgQCTznakU-E7dUDQd1fwOMRFwo

To claim this, I am signing this object:

@Tethik
Tethik / sample-haproxy.cfg
Last active August 27, 2018 22:34
Sample microservice haproxy.cfg to be used with the filebeat haproxy module via syslog
global
# send logs to syslog on port 9001.
log 127.0.0.1:9001 local0 info
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
@Tethik
Tethik / validate-example.go
Created June 13, 2018 23:13
package main
import (
"fmt"
"net/http"
"github.com/labstack/echo"
"github.com/labstack/echo/middleware"
"github.com/labstack/gommon/log"
validator "gopkg.in/go-playground/validator.v9"
@Tethik
Tethik / stats.py
Created May 8, 2018 22:23
import os
from collections import defaultdict
import requests # get from pypi
import crayons # get from pypi
pagination = "null"
query = """
query($orderBy: LanguageOrder!, $pagination: String) {
viewer {
name
@Tethik
Tethik / bullshit.py
Last active July 7, 2017 16:54
magic_numbers = [0,1,2,3,0.1,0.2,0.3,1.1,1.2,1.3,2.1,2.2,2.3,3.1,3.2,3.3]
results = dict()
for x in range(10):
# multiply
results[x] = set([round(x*m) for m in magic_numbers])
results[x] |= set([int(x*m) for m in magic_numbers])
# divide