mchow01’s gists

mchow01 / secure_random.m

Created October 10, 2013 01:21

Generate 100 cryptographically secure random integers between 0 - 99 inclusive in Objective-C.

	FILE *fp = fopen("/dev/random", "r");
	if (!fp) {
	/UIAlertView error = [[UIAlertView alloc]initWithTitle:@"Failure"
	message:@"Sorry, cryptographically secure random numbers could not be generated."
	delegate:self
	cancelButtonTitle:@"Ok"
	otherButtonTitles:nil, nil];
	[error show];*/
	}

mchow01 / create_image_cache.sh

Last active December 25, 2015 11:19

This shell script will batch create image thumbnails, 100x100, preserving aspect ratio, for images in a directory of images. imagemagick is required! To run: bash ./batch_thumbnail_creator.sh

	#!/bin/sh

	for filename in *
	do
	if [ "$filename" != "cache" -a "$filename" != "create_cache.sh" -a ! -f "cache/${filename}"
	]; then
	mkdir "cache/${filename}"
	fi
	done

mchow01 / batch_download.sh

Created December 13, 2013 14:03

Download remote files listed in a given input file of URLs

	#!/bin/bash

	# From http://stackoverflow.com/questions/10929453/bash-scripting-read-file-line-by-line
	while read line
	do
	img=$(echo $line \| sed -e 's/\r//g') # remove carriage return
	wget $img
	done < $1

mchow01 / mongodb_injection_nodejs.txt

Last active December 12, 2021 23:27

MongoDB Request Injection Attack in Node.js + Express Web Applications

	Overview
	========
	Students in my Web Programming class (G. Brown, S. Prassad, et al)
	discovered that MongoDB request injection attacks also work on Node.js
	+ Express web applications. MongoDB request injection attacks have
	been known for PHP web applications.

	Impact
	======
	Attacker can view and download all the data in a MongoDB database

mchow01 / nokogiri_example.rb

Created October 17, 2014 23:03

Using Nokogiri to Parse a XML File (hosted remotely)

	@companies = []
	begin
	doc = Nokogiri::XML(open("https://rss.myinterfase.com/rss/tufts_Fall_Fair_2014_Empl_Reg_xml.xml"))
	doc.css('Row').each do \|elem\|
	# http://stackoverflow.com/questions/13520162/ruby-capitalize-every-word-first-letter
	@companies << {:name => elem.css('orgname').text, :url => elem.css('reg_cnt_website').text}
	end
	@companies = @companies.sort_by{ \|k\| k[:name] }
	rescue
	end

mchow01 / hackme.php

Created October 20, 2014 01:55

Simple yet vulnerable code that is used to demonstrate cross-site scripting, remote code execution, and bypassing client-side input validation,

	<!DOCTYPE html>

	<?php
	if (!empty($_GET["id"])) {
	$id = eval($_GET["id"]);
	$id = $_GET["id"];
	$str = "<h1>id parameter is " . $id . "</h1>";
	}
	if (!empty($_POST["fullname"])) {
	$price = $_POST["price"];

mchow01 / TWTR-mysql.py

Last active May 7, 2020 17:36

Store tweets from a Twitter timeline into a MySQL database using Tweepy

	import tweepy
	import MySQLdb
	import sys

	# Tweepy API doc here: http://pythonhosted.org/tweepy/html/api.html

	# Keys
	consumer_key = ''
	consumer_secret = ''
	access_token = ''

mchow01 / TWTR-psql.py

Last active December 21, 2020 04:25

Store tweets from a Twitter timeline into a PostgreSQL database using Tweepy

	import tweepy
	import psycopg2

	# Tweepy API doc here: http://pythonhosted.org/tweepy/html/api.html
	# psycopg2 API doc here: http://initd.org/psycopg/docs/

	# Keys
	consumer_key = ''
	consumer_secret = ''
	access_token = ''

mchow01 / TWTR-mongo.py

Created March 16, 2015 20:13

Store tweets from a Twitter timeline into a Mongo database using Tweepy

	import tweepy
	import pymongo

	# Tweepy API doc here: http://pythonhosted.org/tweepy/html/api.html
	# PyMongo API doc here: https://pypi.python.org/pypi/pymongo/

	# Keys
	consumer_key = ''
	consumer_secret = ''
	access_token = ''

mchow01 / TWTR-tracker.py

Last active July 6, 2020 21:12

Twitter Stream Tracker + Inserting Data into (MySQL) Database

	import tweepy
	import MySQLdb
	import sys
	import os
	import logging

	# Tweepy API doc here: http://pythonhosted.org/tweepy/html/api.html

	# Keys
	consumer_key = os.getenv("TWITTER_CONSUMER_KEY")

Ming Chow mchow01