dergachev

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

gitaarik

Git Submodules - Basic Explanation

Why submodules?

In Git you can add a submodule to a repository. This is basically a repository embedded in your main repository. This can be very useful. A couple of usecases of submodules:

• Separate big codebases into multiple repositories.

vertexclique

MacOS

Build 3059

MD5: 59bab8f71f8c096cd3f72cd73851515d

Rename it to: Sublime Text

Make it executable with: chmod u+x Sublime\ Text

raddeus

var express = require('express');
var session = require('express-session');
var cookieParser = require('cookie-parser');
var flash = require('connect-flash');
var app = express();

app.use(cookieParser('secret'));
app.use(session({cookie: { maxAge: 60000 }}));
app.use(flash());

tsiege

ANNOUNCEMENT

I have moved this over to the Tech Interview Cheat Sheet Repo and has been expanded and even has code challenges you can run and practice against!






\

manjeshpv

// config/passport.js
				
// load all the things we need
var LocalStrategy   = require('passport-local').Strategy;

var mysql = require('mysql');

var connection = mysql.createConnection({
				  host     : 'localhost',
				  user     : 'root',

voronianski

@jakearchibald done a bit of research around this:

###Loading a page with Content-Length < actual content length

• Chrome: Truncated content - no indication of error
• Firefox: Truncated content - no indication of error
• Safari: Truncated content - no indication of error
• IE: Truncated content - no indication of error

###Loading a page with Content-Length > actual content length

learncodeacademy

upstream project {
  server 22.22.22.2:3000;
  server 22.22.22.3:3000;
  server 22.22.22.5:3000;
}

server {
  listen 80;

  location / {

stefanprodan

#############################################  
##  
## PostgreSQL base backup automation 
## Author: Stefan Prodan   
## Date : 20 Oct 2014  
## Company: VeriTech.io    
#############################################
 
# path settings
$BackupRoot = 'C:\Database\Backup';

tknerr

Vagrant with Ansible Provisioner on Windows

Long story short, ansible does not work on a Windows control machine, so you basically have to:

• either run ansible --connection=local ... in the target vm
• set up a separate control vm where ansible is installed via shell provisioner

Below are Vagrantfile examples for both approaches

Within the Target VM