Micro-CMS v2 CTF

Update: I’ve realised I don’t necessarily need SLEEP I have been trying my hand at the Hacker101 CTF challenges. On Micro-CMS v2 I had successfully extracted Flag 1 using SQL injection but was struggling with Flag 2 with the hints not really helping me out. In search of further hints I came across this write up. Important to note on this problem is that the server is returning the error messages back to the client and so makes the SQL injection for Flag 1 relatively easy to work out.
Read more →

Hello world

For a long time I’ve wanted to start blogging again but kept on getting stuck on wanting to implement my own rather than using some existing software. I was writing something in Elixir, but it was very much bells-and-whistles and I never got round to finishing it. More recently I wrote a very simple blog in Go and deployed it with kubernetes, mostly to play around with kubernetes. In the end the k8s hosting was too expensive so I had to drop it.
Read more →

Konsole internal border

Some terminal emulators, such as xterm and urxvt, allow an internal border to be defined, offsetting the terminal text from the edge of the window. I find this to be very aesthetically pleasing. As urxvt was giving me issues with copy and paste I thought I’d try using Konsole. Unfortunately Konsole has no equivalent option to internalBorder so I thought all hope was lost. However, recently I’ve been playing around with KDE and Qt and I happened upon this nugget of information: Qt applications can be styled with CSS and this can be applied by passing a stylesheet as a command-line option to the application:
Read more →

Shen infix notation

Here’s an implementation of infix notation for Shen; it’s effectively Dijkstra’s shunting-yard algorithm. Custom precedence can be defined by setting prec. (define prec ** -> 4 * -> 3 / -> 3 + -> 2 - -> 2) * power is defined in the maths library *\ (define ** X Y -> (power X Y)) (define shunt [] Output [] -> Output [] [] [X Op Y | Rest] -> (shunt [Op] [(shunt [] [] Y) (shunt [] [] X)] Rest) where (element?
Read more →

thunner: A Google Play Music curses client

In December I released a curses client allowing playback of music stored/purchased with Google Play. The client is written in python and uses Simon Weber’s unofficial Google Music API. Details can be found on the github page. It’s still a work in progress but I have been able to use it as my sole music player. Here’s a picture of what it looks like: Figure 1: Screenshot of thunner running in terminal
Read more →