Rudra Sarkar rudSarkar

Hacking smart contracts for fun and profit

Description of the game

The goal of the game to break as many contracts as possible! Note: one of these contracts is a HONEYPOT! BE CAREFUL!!

Claim your Ropsten test ether here!

The contracts you need to break and their addresses:

Docker image to Virtualbox disk

https://stackoverflow.com/questions/23436613/how-can-i-convert-a-docker-image-into-a-vagrant-virtualbox-box by user blueskin (CC by-sa 3.0)

Find the size of the docker image from docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

Generating Authy passwords on other authenticators

There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.

Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.

His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

	# -------------------------------------------------
	# Protect your .git directory!
	# (You don't want anyone to download a copy of your website)
	# -------------------------------------------------

	# Add to .htaccess

	# For Apache 2.4

	<DirectoryMatch "^/.*/\.git/">

	## AWS
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

	#!/bin/bash
	#Performs port scan using nmap

	print_usage() {
	cat << _EOF_
	Utility to scan open ports. Can be used to scan ports for a domain or a list of domains specified in a file.
	Example Usage:
	-h, --help Show brief help
	-d, --domain Domain name or ip to scan
	-f, --file Spefify a file containing domains/IPs to scan

	id: nuclei-rce

	info:
	name: Nuclei Template RCE by Chromium
	author: c3l3si4n
	severity: critical
	tags: rce,hackback

	headless:
	- steps:

	id: apk-recon

	info:
	name: APK Recon
	author: nullenc0de
	severity: info
	tags: android,file

	file:
	- extensions:

	NOTE: Easier way is the X86 way, described on https://www.genymotion.com/help/desktop/faq/#google-play-services

	Download the following ZIPs:

	ARM Translation Installer v1.1 (http://www.mirrorcreator.com/files/0ZIO8PME/Genymotion-ARM-Translation_v1.1.zip_links)

	Download the correct GApps for your Android version:
	Google Apps for Android 6.0 (https://www.androidfilehost.com/?fid=24052804347835438 - benzo-gapps-M-20151011-signed-chroma-r3.zip)
	Google Apps for Android 5.1 (https://www.androidfilehost.com/?fid=96042739161891406 - gapps-L-4-21-15.zip)
	Google Apps for Android 5.0 (https://www.androidfilehost.com/?fid=95784891001614559 - gapps-lp-20141109-signed.zip)