Skip to content

Instantly share code, notes, and snippets.

View My1's full-sized avatar

My1

25 followers · 3 following
View GitHub Profile
@atoponce
atoponce / dicekey-wordlist-14400.txt
Last active February 16, 2021 00:30
14,400 word list for the DiceKey
AB1N a
AB1E aah
AB1S abacus
AB1W abide
AB2N able
AB2E abroad
AB2S absurd
AB2W acadia
AB3N ace
AB3E aced
@babelouest
babelouest / hmac-secret-demo.html
Last active January 3, 2023 02:14
might be usable in a foreseen future (this was written in 2019), but hmac-secret still isn't available in the browser I know of
<!doctype html>
<html lang="en">
<head>
<!--
inspired by Mozilla Webauthn documentation: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
copyright: 2019 Nicolas Mora <[email protected]>
license: MIT
-->
<title>Hmac-Secret webauthn Extension</title>
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/cbor.min.js"></script>
@hannob
hannob / squirrelmail-fix-file-disclosure.diff
Created March 14, 2018 16:23
squirrelmail quick fix for file disclosure vuln presented at Troopers 2018 (#TR18)
--- squirrelmail.stable/squirrelmail/class/deliver/Deliver.class.php 2017-01-27 21:31:33.000000000 +0100
+++ htdocs/class/deliver/Deliver.class.php 2018-03-14 17:21:10.320000000 +0100
@@ -281,6 +281,7 @@
global $username, $attachment_dir;
$hashed_attachment_dir = getHashedDir($username, $attachment_dir);
$filename = $message->att_local_name;
+ if(!ctype_alnum($filename)) die();
// inspect attached file for lines longer than allowed by RFC,
// in which case we'll be using base64 encoding (so we can split
@gboudreau
gboudreau / AuthyToOtherAuthenticator.md
Last active April 28, 2025 19:21 — forked from Ingramz/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Exporting your 2FA tokens from Authy to transfer them into another 2FA application

IMPORTANT - Update regarding deprecation of Authy desktop apps

Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.

And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export your tokens.

If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.

@epixoip
epixoip / 1080ti.md
Last active November 5, 2023 14:18

Nvidia GTX 1080 Ti Hashcat Benchmarks

Software: Hashcat v3.40-49-g20057d8, Nvidia driver 378.13

Accelerator: 1x Nvidia GTX 1080 Ti FE

Highlights

  1. This card is clock-for-clock identical to the Titan X Pascal, so the numbers should not be new or surprising to anyone.
@mgol
mgol / ie11-only.md
Last active March 25, 2025 00:51
How to easily not serve JS and/or CSS to IE<11

Here's how to make your site not load CSS and/or JS in IE older than 11:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=8,9,11">
        <title>Page title</title>
        <!--[if !IE]>-->
@magnetikonline
magnetikonline / dumprequest.php
Last active March 21, 2025 08:29
PHP script to dump full HTTP request to file (method, HTTP headers and body).
<?php
// https://gist.github.com/magnetikonline/650e30e485c0f91f2f40
class DumpHTTPRequestToFile {
public function execute($targetFile) {
$data = sprintf(
"%s %s %s\n\nHTTP headers:\n",
$_SERVER['REQUEST_METHOD'],
$_SERVER['REQUEST_URI'],
$_SERVER['SERVER_PROTOCOL']