From d540ca52ebafc1e8a190e2f30e08ab5101532f6a Mon Sep 17 00:00:00 2001 From: saji Date: Mon, 28 Apr 2025 08:14:47 -0500 Subject: [PATCH] content, build fixes --- _includes/layouts/base.njk | 2 +- _includes/layouts/deck.njk | 2 +- content/blog.njk | 4 +-- content/blog/github-codesarch.md | 34 +++++++++++++++++++ .../hacking-hikmicro-pt1/hacking-hikmicro.md | 4 ++- content/now.md | 6 ++-- 6 files changed, 44 insertions(+), 8 deletions(-) create mode 100644 content/blog/github-codesarch.md diff --git a/_includes/layouts/base.njk b/_includes/layouts/base.njk index 9965b3d..c329563 100644 --- a/_includes/layouts/base.njk +++ b/_includes/layouts/base.njk @@ -19,7 +19,7 @@ - + {% getBundle "html", "head" %} diff --git a/_includes/layouts/deck.njk b/_includes/layouts/deck.njk index c3ca0df..ba1b4fd 100644 --- a/_includes/layouts/deck.njk +++ b/_includes/layouts/deck.njk @@ -1,5 +1,5 @@ - + diff --git a/content/blog.njk b/content/blog.njk index c7e04d6..689daa5 100644 --- a/content/blog.njk +++ b/content/blog.njk @@ -1,10 +1,10 @@ --- layout: layouts/home.njk eleventyNavigation: - key: Archive + key: Posts order: 2 --- -

Archive

+

Posts

{% set postslist = collections.posts %} {% include "postslist.njk" %} diff --git a/content/blog/github-codesarch.md b/content/blog/github-codesarch.md new file mode 100644 index 0000000..8320073 --- /dev/null +++ b/content/blog/github-codesarch.md @@ -0,0 +1,34 @@ +--- +title: Abusing regex in GitHub code search +date: 2025-04-24 +tags: + - short + - cybersec +--- + +I recently discovered that the new(ish) GitHub Code Search feature +supports regular expressions. While dorking on the classic GitHub search +has been documented to death by skids, I haven't seen anyone reference this yet. +I'm sure someone is using it, since it's powerful. + +Case in point: +``` +/"[a-z]{4}(?: [a-z]{4}){3}"/ language:Python SMTP +``` + +That regex is a bit tricky, but it's just matching for 4 space-separated +groups of 4 lowercase letters. What good does that do, you might ask? +The SMTP should be a hint - it's some kind of credential for email. +More specifically, this is the Google app password format. + +This search has 5k hits. + +I think Google will still block suspicious connections, so this isn't a huge +pwn. But I guarantee at least one of these accounts has bad opsec, so you can +determine their location. Combined with a bit of residential proxy work... you +get the idea. + +GitHub should be a lot more proactive about this stuff - blocking it from +search, blocking it from public discovery, or even blocking the commit +itself. Most people who are posting this stuff don't know how they could do it +better. diff --git a/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md b/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md index 80a1fe9..5447eff 100644 --- a/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md +++ b/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md @@ -1,7 +1,9 @@ --- title: Reversing an image format date: 2025-01-15 -tags: [reverse-engineering, hacking-hikmicro] +tags: + - reverse-engineering + - hacking-hikmicro drafts: true --- diff --git a/content/now.md b/content/now.md index 38045be..5da8164 100644 --- a/content/now.md +++ b/content/now.md @@ -1,6 +1,7 @@ --- layout: layouts/base.njk title: Now +draft: true eleventyNavigation: key: Now order: 4 @@ -11,14 +12,13 @@ Rate-Monotonic scheduling my life. ### Playing -- Helldivers 2 {gamepad} +- Helldivers 2 - Ocarina of Time Randomizer Multiworld [link](https://wiki.ootrandomizer.com/index.php?title=Multiworld) ### Doing -- Putting out fires at $dayjob {fire} - Bouldering! -## Breaking +### Breaking - Hacking together servers with [NixOS](https://nixos.org/)