Skip to content

Instantly share code, notes, and snippets.

View chrisparnin's full-sized avatar

Chris Parnin chrisparnin

View GitHub Profile
bakerx run so.io focal --ip 192.168.100.120
whoami

Install prereqs.

@chrisparnin
chrisparnin / StackPromise.js
Created February 19, 2020 14:48
Trace stack traces when a promise resolves.
class StackPromise extends Promise {
constructor(args) {
super((myresolve, myreject) =>
{
let fn = function(result) {
console.log(new Error("Promise resolved").stack);
myresolve(result);
}
args.call(null, fn, myreject );
@chrisparnin
chrisparnin / Python-PackageMappings.json
Created March 22, 2019 00:46
Package name resolution data. Example: `pip install biopython` yields Bio and BioSQL modules.
{"fawn": {"2.1.1": {"dependencies": [], "resources": ["fawn"]}}, "juju-docean": {"0.6.0": {"dependencies": [], "resources": ["juju_docean"]}}, "kafka-tools": {"0.1.9": {"dependencies": [], "resources": []}}, "pyirsdk": {"1.1.7": {"dependencies": [{"type": "python-module", "name": "yaml"}], "resources": []}}, "biopython": {"1.71": {"dependencies": [], "resources": ["Bio", "BioSQL"]}}, "sphinxcontrib-actdiag": {"0.8.5": {"dependencies": [{"type": "python-module", "name": "sphinxcontrib"}], "resources": ["sphinxcontrib"]}}, "django-stdimage": {"3.0.1": {"dependencies": [{"type": "python-module", "name": "django.core.files.base"}], "resources": ["stdimage"]}}, "pafy": {"0.5.4": {"dependencies": [], "resources": ["pafy"]}}, "f5-openstack-lbaasv2-driver": {"12.0.0": {"dependencies": [], "resources": ["f5lbaasdriver", "test"]}}, "dump1090exporter": {"16.10.5": {"dependencies": [], "resources": ["dump1090exporter"]}}, "django-dowser": {"0.1.4": {"dependencies": [{"type": "python-module", "name": "django.utils.html"}]
@chrisparnin
chrisparnin / README.md
Last active October 7, 2018 17:27
Example injection attack

Vulnerability

The application allows for unsanitized data from a user to be displayed on the page.

app.get('/', function (req, res) 
{
    res.send('<div id="share"><h1>Share a token with a friend!</h1><p>Alice shared:</p></div>' + token);
});
@chrisparnin
chrisparnin / README.md
Last active October 7, 2018 17:15
iTrust - unprotected endpoint

Vulnerability

iTrust does not use access control protection on some of the user api endpoints.

    /**
     * Creates a new user from the RequestBody provided, validates it, and saves
     * it to the database.
     *
     * @param userF
class Customer extends DomainObject
{
public Customer(String name) {
_name = name;
}
public String statement() {
double totalAmount = 0;
int frequentRenterPoints = 0;
Enumeration rentals = _rentals.elements();
String result = "Rental Record for " + name() + "\n";
@chrisparnin
chrisparnin / baker.yml
Created August 31, 2018 01:29
Hibernate-spring example
name: hibernate-spring
vm:
ip: 192.168.8.8
ports: 8080
vars:
- mysql_password:
prompt: Type your password for mysql server
tools:
- maven
services:
@chrisparnin
chrisparnin / baker.yml
Created August 31, 2018 00:34
Brain-jupyter
name: brain-jupyter
vm:
ip: 192.168.88.11
ports: 8888
lang:
- python2
tools:
- jupyter
commands:
serve: jupyter notebook --no-browser --NotebookApp.token=''
@Test
public void postMessage()
{
driver.get("https://csc510-fall16.slack.com/");
// Wait until page loads and we can see a sign in button.
WebDriverWait wait = new WebDriverWait(driver, 30);
wait.until(ExpectedConditions.visibilityOfElementLocated(By.id("signin_btn")));
// Find email and password fields.
@chrisparnin
chrisparnin / cal-heat-map.js
Created July 9, 2016 00:47
Demo Calendar Heat map
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Focus sessions</title>
<meta name="description" content="pomodoro">
<meta name="author" content="Chris Parnin">