投稿時間:2022-05-29 18:13:41 RSSフィード2022-05-29 18:00 分まとめ(21件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
python	Pythonタグが付けられた新着投稿 - Qiita	【Python】Word CloudによるInstagramハッシュタグの可視化	https://qiita.com/Nagayu71/items/acd9bd5b99375003d50c	cloud	2022-05-29 17:33:33
python	Pythonタグが付けられた新着投稿 - Qiita	さくらのクラウドのコンテナレジストリ(Lab)からリポジトリ情報を取得する	https://qiita.com/salmon111/items/8d6161ffa9c4b5fade42	curlkilh	2022-05-29 17:07:22
python	Pythonタグが付けられた新着投稿 - Qiita	EDA解析後所定のフォルダに図を保存する	https://qiita.com/TaichiEndoh/items/826c1f5dbd9d26ac4ee0	output	2022-05-29 17:05:13
js	JavaScriptタグが付けられた新着投稿 - Qiita	React好きの少年「あそこを見て！デフォルトインポートと名前付きインポートが混在しているよ！」	https://qiita.com/danon/items/5337a58a5c8a676a7e4f	codesand	2022-05-29 17:55:04
js	JavaScriptタグが付けられた新着投稿 - Qiita	BigQueryのユーザー定義関数（UDF）をJavaScriptで定義	https://qiita.com/yo16/items/88addc4779e3c774df8d	bigquery	2022-05-29 17:24:05
AWS	AWSタグが付けられた新着投稿 - Qiita	今からでも間に合う！AWS Summit Onlineのオンデマンド視聴お勧めコンテンツと、自己流時短ウォッチ	https://qiita.com/pict3/items/603e4e45741519bb3f2d	awssummit	2022-05-29 17:31:04
GCP	gcpタグが付けられた新着投稿 - Qiita	iPadから接続出来る環境を無料でGCP上に作ってみた	https://qiita.com/monya_net/items/715db0f7e04df4d2bf0c	作ってみた	2022-05-29 17:26:57
海外TECH	DEV Community	Building a Video Calling App using Python & Flask	https://dev.to/yash_makan/building-a-video-calling-app-using-python-flask-17m5	Building a Video Calling App using Python amp Flask flask webrtc youtube A basic WebRTC video audio chat app made using python Flask Create and join video chat rooms The users connects to each other in a peer to peer mesh network using WebRTC They share their audio and video directly with each other without going through a centralized server However a centralized server is needed to initiate the connections at first using a process called signaling This signaling server is made using Flask in python and data is shared between server and clients using SocketIO For demo amp explaination visit Source codeSource Code is Available in the description box below in the video So do check it out InstallationTo run this on your machine install the following Requirements python xFlaskFlask SocketIOInstall requirements using pip pip install r requirements txtTo start a server on localhost python server py Subscribe For More Contact MeWebsite yashmakan co inTwitter Yash Makan Contributebuymeacoffee Here Other Interesting ArticlesHow to Run Python Code in Your Flutter App with pyFlut must read books for kids beginner advanced amp interview with PDF Improve your workflow using Automation in Python ways to create modern GUI in python in the easiest way possible Free hosting platforms for python web app with step by step process Python one liners that will speed up your coding process AI bot that could answer your questionsGenerate your own favourite TV episode using python	2022-05-29 08:18:21
海外TECH	DEV Community	Android Pentesting: Writeup of DIVA Access Control Issues for Parrot OS	https://dev.to/christinecdev/android-pentesting-writeup-of-diva-access-control-issues-for-parrot-os-15pp	Android Pentesting Writeup of DIVA Access Control Issues for Parrot OSIf you ve seen any of my previous write ups on the DIVA APK s you would know that today we are going to cover the last and final section Access Control Issues Access Control Issues arise when we as normal users can gain access to data that we are not suppose to access either directly or via malicious methods This is mostly due to poor data access protection mechanisms put in place by developers Now with this section there are three parts Without any further lollygagging let s jump into it Access Control Issues Part OneWhen we open the Access Control Issues Part section on our device we are met with the following objective try to access the API credentials from outside the app This means that instead of just clicking the View API Credentials button we should try and access the credentials on the activity using other methods such as via the terminal For coverage sake this is what happens when we do press the View API Credentials button directly We can see that we get instant access to credentials that we shouldn t have access to Okay let s start with the fun things Let s see if we can see what happened in our LogCat after we opened the api credentials LogCat is powerful since it can reveal useful information for us as the attacker such as the activity that was opened which we can use to exploit Open up your terminal using CTRL ALT T and enter the following command adb shell logcat We can see that it opens an activity called APICredsActivity Let s open jadx gui and see if we can see where the activity pulls the credentials from Okay so the data is hardcoded Now that we know which activity is used to store the hardocded api credentials we can use the terminal to bypass the View API Credentials button and show us the credentials directly In other words we will start the activity s Intent directly from the terminal adb shell am start n jakhar aseem diva APICredsActivityamis used to manage the activity start is used to start the activity n is used to indicate the name of the activity to open APICredsActivity Hooray When we go back to our application we can see that we have successfully opened the activity and revealed the credentials without pressing the button Access Control Issues Part TwoWhen we open the Access Control Issues Part Two section on our device we are met with the following objective try to access the API credentials from outside the app without knowing the pin This means that we cannot go ahead and just view the registered credentials via the interface nor can we register new credentials but we should try and access the credentials on the activity using other methods such as via the terminal just like before For interest sake this is what happens when we click the already registered button We can see that we get immediate access to the API credentials When we click the register now button we are prompted to enter a pin after registering We cannot register as this feature does not exist Okay as we learnt previously LogCat will show us everything we need to know Let s open up our terminal and run the same command as before adb shell logcatWe can see that it returns the APICredsActivity activity that opened the API credentials layout when we launched the section layout Let s head into JADX GUI and open up this activity to see what we can find in the source code As we can see this value was also hardcoded but this time there is a difference We can see that we need a pin to access the credentials whereas previously we had direct access We will need to bypass this pin check Okay from here on we need to disable our authentication checks so that we can just view our APICredsActivity activity without having to do a pin check I recommend having a look at this ADB Command List before you continue Go back to your terminal and enter the following command adb shell am start n jakhar aseem diva APICredsActivity a jakhar aseem diva action VIEW CRED ez check pin falseamis used to manage the activity start is used to start the activity n is used to indicate the name of the activity to open APICredsActivity a is used to view our credentials It s syntax elaborates better a ez check pin false is used to bypass the checks made by the application at the receiving side so we don t need a pin And as easy as when we head back to our application we can see that our activity launched We have completed our activity objective Access Control Issues Part ThreeWhen we open the Access Control Issues Part Three section on our device we are met with the following objective try to access the private notes from outside the app without knowing the pin This means that we cannot go ahead and just create a pin to access the notes but we should try and access the notes using other methods not necessarily by launching the activity as prior such as via the terminal we know Christine we know For interest sake this is what happens when we register a pin I entered a basic pin Let s open up our terminal and see what activity our LogCat reveals to us adb shell logcatWe can see that it logs two activities AccessControlActivity and AccessControlNotesActivity Let s open up our JADX GUI and have a look at both We can see our AccessControlActivity stores our pin via a SharedPreferences object which we covered way back when When we enter the pin saved in shared prefs it launches the AccessControlNotesActivity activity which validates this pin before showing the notes via a query NotesProvider CONTENT URI content query This content provider will dump all of the notes and allow us to meet our objective We can dump this content provider via the following command in our terminal adb shell am content query uri content jakhar aseem diva provider notesprovider notes Thus we have accessed all the notes from outside of the application without having to register for a pin or launch the activity as before ConclusionCongratulations you have successfully completed all the sections of the DIVA APK I hope this was easy enough to follow understand If you have recommendations on any cool tools techniques or tutorials that I too can follow feel free to leave them below and I ll check it out Pull this on my GitHub for future reference	2022-05-29 08:01:54
海外科学	NYT > Science	Manhattanhenge 2022: Dates, Times and Where to Watch	https://www.nytimes.com/article/manhattanhenge-sunset-time.html	dates	2022-05-29 09:00:12
ニュース	@日本経済新聞 電子版	東京都、新たに2194人感染　7日平均で前週の80.2% https://t.co/jzFqfpsWXY	https://twitter.com/nikkei/statuses/1530826595912384513	東京都	2022-05-29 08:21:16
ニュース	@日本経済新聞 電子版	株主へのプレゼント=優待、外食など活用も全体数は減少 https://t.co/EERM7bNNhm	https://twitter.com/nikkei/statuses/1530823059627659264	活用	2022-05-29 08:07:13
海外ニュース	Japan Times latest articles	Support surges for Kishida pledge to boost defense spending	https://www.japantimes.co.jp/news/2022/05/29/national/politics-diplomacy/support-fumio-kishida-defense-spending/	ruling	2022-05-29 17:12:21
海外ニュース	Japan Times latest articles	How to engage with China	https://www.japantimes.co.jp/opinion/2022/05/29/commentary/world-commentary/china-global-relations/	china	2022-05-29 17:43:58
海外ニュース	Japan Times latest articles	Why so few big rats have fled Putin’s ship	https://www.japantimes.co.jp/opinion/2022/05/29/commentary/world-commentary/abandoning-putin/	putin	2022-05-29 17:42:26
ニュース	BBC News - Home	Lester Piggott: Record-breaking jockey dies aged 86	https://www.bbc.co.uk/sport/horse-racing/61623271?at_medium=RSS&at_campaign=KARANGA	derby	2022-05-29 08:44:19
ニュース	BBC News - Home	In Pictures: BBC Radio 1's Big Weekend in Coventry	https://www.bbc.co.uk/news/newsbeat-61592569?at_medium=RSS&at_campaign=KARANGA	coventry	2022-05-29 08:11:13
北海道	北海道新聞	ビンセントがプレーオフ制し優勝　ミズノ・オープン	https://www.hokkaido-np.co.jp/article/686938/	瀬戸内海	2022-05-29 17:07:25
北海道	北海道新聞	茨城県で震度４　津波の心配なし、Ｍ５・４	https://www.hokkaido-np.co.jp/article/686949/	津波の心配	2022-05-29 17:14:00
北海道	北海道新聞	札第一が決勝進出　春の全道高校野球	https://www.hokkaido-np.co.jp/article/686940/	北海道新聞社	2022-05-29 17:04:10
海外TECH	reddit	Lost my wallet, what should I do?	https://www.reddit.com/r/japanlife/comments/v06iyp/lost_my_wallet_what_should_i_do/	Lost my wallet what should I do I lost my wallet which had my passport residence card and credit card inside it I only had it in my neighborhood and I asked at all the stores that I had been to I also went to ask at the kouban and filled out a report super awkward I speak very little Japanese They gave me a little piece of paper and then that was it Now I m wondering what to do next How long do you think I should wait to see if it turns up Will they call me if it does I don t know if I can get a new residence card because my passport was lost as well Will I be arrested if I go out without it now I ve literally been here for days and I ve already f cked myself so badly and I m so scared I just really don t know what to do now submitted by u ahok to r japanlife link comments	2022-05-29 08:04:53