Skip to content

Instantly share code, notes, and snippets.

View h3ct0rjs's full-sized avatar
🦁
O₂⇒CO₂

Héctor F. Jiménez. S h3ct0rjs

🦁
O₂⇒CO₂
164 followers · 204 following
View GitHub Profile
@dergachev
dergachev / setuid-root-backdoor.md
Last active April 20, 2026 05:54
How to use setuid to install a root backdoor.

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

@denji
denji / nginx-tuning.md
Last active April 24, 2026 08:09
NGINX tuning for best performance

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

@gitaarik
gitaarik / git_submodules.md
Last active May 4, 2026 00:53
Git Submodules basic explanation

Git Submodules - Basic Explanation

Why submodules?

In Git you can add a submodule to a repository. This is basically a sub-repository embedded in your main repository. This can be very useful. A couple of usecases of submodules:

  • Separate big codebases into multiple repositories.
@vertexclique
vertexclique / cracking.md
Last active February 19, 2026 11:34
Cracking guide for Sublime Text 3 Build 3059 / 3065 ( Mac / Win x86_64 / Windows x86 / Linux x64 / Linux x86 )

MacOS

Build 3059

MD5: 59bab8f71f8c096cd3f72cd73851515d

Rename it to: Sublime Text

Make it executable with: chmod u+x Sublime\ Text

@raddeus
raddeus / app.js
Last active February 4, 2025 09:42
Basic Express 4.0 Setup with connect-flash
var express = require('express');
var session = require('express-session');
var cookieParser = require('cookie-parser');
var flash = require('connect-flash');
var app = express();
app.use(cookieParser('secret'));
app.use(session({cookie: { maxAge: 60000 }}));
app.use(flash());
@tsiege
tsiege / The Technical Interview Cheat Sheet.md
Last active May 8, 2026 18:12
This is my technical interview cheat sheet. Feel free to fork it or do whatever you want with it. PLEASE let me know if there are any errors or if anything crucial is missing. I will add more links soon.

ANNOUNCEMENT

I have moved this over to the Tech Interview Cheat Sheet Repo and has been expanded and even has code challenges you can run and practice against!






\

@manjeshpv
manjeshpv / passport.js
Last active July 5, 2025 14:15
Passport.js using MySQL for Authentication with Express
// config/passport.js
// load all the things we need
var LocalStrategy = require('passport-local').Strategy;
var mysql = require('mysql');
var connection = mysql.createConnection({
host : 'localhost',
user : 'root',
@voronianski
voronianski / content-length-size.md
Last active January 19, 2021 01:08
What happens if you serve content with a different length than the Content-Length header?

@jakearchibald done a bit of research around this:

###Loading a page with Content-Length < actual content length

  • Chrome: Truncated content - no indication of error
  • Firefox: Truncated content - no indication of error
  • Safari: Truncated content - no indication of error
  • IE: Truncated content - no indication of error

###Loading a page with Content-Length > actual content length

@learncodeacademy
learncodeacademy / gist:ebba574fc3f438c851ae
Created July 24, 2014 14:47
Nginx Node Frontend / Load Balancer / Static Assets Caching
upstream project {
server 22.22.22.2:3000;
server 22.22.22.3:3000;
server 22.22.22.5:3000;
}
server {
listen 80;
location / {
@stefanprodan
stefanprodan / Backup-Postgres.ps1
Last active March 22, 2023 04:28
PostgreSQL cluster base backup automation made easy with PowerShell and Windows Task Scheduler or PgAgent. This script does the following: checks if there is enough free space to make a new backup (based on the last backup size), purges expired backups, creates a new folder for each backup, calls pb_basebackup to begin a tar gzip backup of every…
#############################################
##
## PostgreSQL base backup automation
## Author: Stefan Prodan
## Date : 20 Oct 2014
## Company: VeriTech.io
#############################################
# path settings
$BackupRoot = 'C:\Database\Backup';