Skip to content

Instantly share code, notes, and snippets.

View correabuscar's full-sized avatar
💭
I'm probably somewhere else

Emanuel Czirai correabuscar

💭
I'm probably somewhere else
View GitHub Profile
@phosphore
phosphore / scan.js
Created October 24, 2018 14:10
Simple JS localhost portscan
var portsCheck = function(callback, target, port, timeout) {
var timeout = (timeout == null) ? 100 : timeout;
var img = new Image();
img.onerror = function() {
if (!img) return;
img = undefined;
callback(target, port, 'open');
};
@ssokolow
ssokolow / escape_non_utf8_paths.rs
Last active April 11, 2024 05:42
Code for storing Rust Path/PathBuf data as valid UTF-8 (eg. JSON) strings
/* POSIX paths in JSON via escaping which
doesn't alter valid UTF-8 paths.
The trick is recognizing that JSON can store binary nulls in strings
but nulls are the only character that can't occur in POSIX paths,
so we can use it as an escape character that won't change how existing
serialized paths get interpreted.
Copyright 2018-2020, Stephan Sokolow
# Here is my Python implementation of the hash table data structure.
# And here's my video where I talk about it in depth: https://youtu.be/sfWyugl4JWA
class Hashtable:
# Assumption: table_length is a prime number (for example, 5, 701, or 30011)
def __init__(self, table_length):
self.table = [None] * table_length
## An internal search function.
# If it finds the given key in the table, it will return (True, index)
# If not, it will return (False, the index where it would be inserted)
@eirikb
eirikb / qemu-arch-linux-raspi2.sh
Last active March 29, 2024 18:12
Arch Linux in QEMU for Raspberry Pi 2
#!/usr/bin/env bash
echo
echo "Arch Linux in QEMU with love from eirikb"
echo
set -x
TARGET=ArchLinuxARM-rpi-armv7-latest.tar.gz
wget "http://os.archlinuxarm.org/os/$TARGET"
@thesamesam
thesamesam / xz-backdoor.md
Last active November 20, 2024 01:44
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@q3k
q3k / hashes.txt
Last active November 11, 2024 17:38
liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)
0810 b' from '
0678 b' ssh2'
00d8 b'%.48s:%.48s():%d (pid=%ld)\x00'
0708 b'%s'
0108 b'/usr/sbin/sshd\x00'
0870 b'Accepted password for '
01a0 b'Accepted publickey for '
0c40 b'BN_bin2bn\x00'
06d0 b'BN_bn2bin\x00'
0958 b'BN_dup\x00'