python |
Pythonタグが付けられた新着投稿 - Qiita |
Pythonを使って精神世界を計測してみる① |
https://qiita.com/tatsui/items/ac534291cdd6135ae037
|
精神世界 |
2022-06-13 01:47:40 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
学び直しのJS ~ var・let・const編 ~ |
https://qiita.com/nabecima/items/28fa2f2c97201b5425df
|
const |
2022-06-13 01:40:10 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
【2022年版】 Windows10/11 への Jekyll (4.2.2) インストールにおけるトラブルシューティング |
https://qiita.com/juggernautjp/items/20cc4f66dee27b02bf8a
|
edition |
2022-06-13 01:43:52 |
Git |
Gitタグが付けられた新着投稿 - Qiita |
git resetを2回やってunknown revision or path not in the working tree.と出た時の対処法 |
https://qiita.com/mikazukin/items/386039ae0121afaf948e
|
gitreset |
2022-06-13 01:29:42 |
海外TECH |
MakeUseOf |
13 Essential Ways to Customize Your Samsung Galaxy Phone |
https://www.makeuseof.com/tag/ways-customize-samsung-phone/
|
personalization |
2022-06-12 16:45:14 |
海外TECH |
MakeUseOf |
How to Select Multiple Files or Folders on a Windows Computer |
https://www.makeuseof.com/windows-select-multiple-files/
|
windows |
2022-06-12 16:15:14 |
海外TECH |
DEV Community |
A Real “Buildless” Modern Web Development Workflow? Oh Yes! |
https://dev.to/jaredcwhite/a-real-buildless-modern-web-development-workflow-oh-yes-d9a
|
A Real “Buildless Modern Web Development Workflow Oh Yes It s this closeto becoming a reality and you can get a sneak peek today tl dr Show it to me Demo RepoFor the entire history of the web we ve never had a modern web development workflow which didn t absolutely and unconditionally require build toolingーeither as a one time process what s become known as SSG or continuously upon request what s become known as SSR But the times they are a changing The era of buildless is nearly upon us What does that even mean First a quick definition of terms BuildlessThe files you edit are the files delivered to the web browser There s no intermediate build step Modern Development WorkflowReusable units of structure HTML styles CSS and behavior JS are encapsulated and scoped via components Essentially we ve grown accustomed to the latter in all of our projects so matter how small or minimalist…yet even in those simple cases say a single landing page or a small page website or a weekend side project there s been no way to ditch all the extra trappings of the typical development workflow and just edit a freakin HTML file on the filesystem While I m not about to advocate for the bad old days of cowboy coding where we zipped up folders and FTP d them over to a server somewhere that s fun the first time and then it s a total PITA ever after there s certainly a great deal of appeal to this website is literally this folder with some files in it No commands to run other than a bare bones localhost web server to test with No tools to installs No configuration to tweak No dependencies to break Just HTML CSS and JavaScript As vanilla as vanilla can get So…what is it exactly which purports to turn the tide now It s a constellation of recent and emerging web specs thatーwhen combinedーoffer a whole new way of packaging up and delivering the nuts and bolts of a website…build free I ll run through them one at a time and then show you what s possible using these new technologies Custom Elements aka Web Components The ability to add arbitrary tags anywhere in your HTML markup is revolutionizing the industry Suddenly if you want to add tabs or a sidebar or a dropdown menu you don t need a high level template language and gobs of lt div gt and lt span gt tags everywhere as in the days of old Just write lt nifty tabs gt or lt spiffy sidebar gt or lt sl dropdown gt hey that s a real thing in your HTML content and then define those tags using the web component spec or source them from a third party Mind Blown Import MapsIn order to write useful web components or anything useful really in your JavaScript code these days you need to be able to import at least a small handful of key libraries But without a build step how can you import say lit Or dayjs And I don t mean the old school way where everything s global and hanging off of window…I mean the new way using ES modules The answer is…you can That is if you use import maps They create a literal map between the bare module specifiers lit dayjs etc and ES module packages hosted either locally or more likely on simple projects on CDNs CSS Module Scripts Constructable StylesheetsThis part might be optional for some people but I for one like authoring my styles in real honest to goodness css files Problem was there was no easy way to import these CSS files such that they could be used within the shadow DOM of web components So instead of your lt a gt styling remaining contained within the single component you re trying to author it d bust out and change lt a gt tags everywhere…all while not working your shadow DOM D oh ️Thankfully the oddly worded but definitely cool one two punch of CSS module scripts plus constructable stylesheets lets us import a css file directly into a js file apply those styles to a web component and Bob s your uncle It Just Works And Lest We Forget…CSS Itself Has Gotten Freakishly GreatAll the aforementioned whiz bang goodness of component authoring wouldn t help us all that much if we were still saddled with a frustrating amp limited amp hacky vanilla styling experience Thankfully all is well now on that front The CSS of is so far superior to the CSS of that it might as well be a whole new language It s such a dramatic leap forward that I m writing a whole Spicy Web course on it Oh yeah But for now let s just for the sake of argument take it as a given that vanilla CSS is fantastic and move on to the demonstration of how all these puzzle pieces fit together First Tokens and a Polyfill If you want to skip down to the demo link go for it Otherwise keep reading to implement this yourself Let s save the simplest HTML page imaginable lt doctype html gt lt html gt lt head gt lt title gt Hello World lt title gt lt head gt lt body gt lt h gt Hello Buildless World lt h gt lt p gt The future is now lt p gt lt body gt lt html gt Fire up a web server of your choosing and you ll see the page appear in all its retro Times New Roman glory Let s modernize things a bit We ll add a styles index css file import some design tokens from Open Props and make a few improvements import body background var yellow font family var font sans p font size var font size Now we ll add a link tag to our HTML lt head gt lt link href styles index css rel stylesheet gt Refresh and you should see a more streamlined sans serif font and a creamy background color Now before we get into the JavaScript side of things we ll need to add a couple of polyfillsーunless you only care about Chromium based browsers I personally use Safari and Firefox and occasionally Edge I run a Chrome free household here so it s important to me to use technologies which will work cross browser We ll add a couple of polyfills to our lt head gt one for import maps module scripts and one for constructable stylesheets lt Polyfill CSS JSON module imports gt lt script gt window esmsInitOptions polyfillEnable css modules json modules lt script gt lt script async src es module shims dist es module shims js gt lt script gt lt script async src dist adoptedStyleSheets js gt lt script gt I know it looks odd to use two different CDNs but I wasn t able to get these working with only one or another Go figure Here Comes the Import MapWith that out of the way we can go ahead and create an import map I m using Lit a fast web component base library to demonstrate how easy it is to write components with a modern DX but if you wanted to write purely vanilla web components you wouldn t even need this particular map Anyway let s try adding the following map to lt head gt right below the polyfills lt Add import for Lit etc gt lt script type importmap gt imports lit lit index js scopes lit reactive element lit reactive element development reactive element js lit element lit element js lit element development lit element js lit html lit html development lit html js lt script gt Don t worry if that all looks confusing There are tools to help you generate import maps just by typing in your NPM dependency name s Let s try writing a very simple web component Create a components index js file import example component js and the components example component js file to go with it import LitElement html from lit class ExampleComponent extends LitElement render return html lt p gt Rendering a Lit component This is cool lt slot gt lt slot gt lt p gt customElements define example component ExampleComponent Time to add our script tag to the bottom of lt head gt lt script src components index js type module gt lt script gt And then add the custom element somewhere in our HTML lt body gt lt example component gt lt example component gt Refresh the page and you should see a paragraph which reads Rendering a Lit component This is cool Construct Those StylesheetsIf you re a big fan of SFCs Single File Components as seen in other front end frameworks such as Vue amp Svelte you ll probably appreciate that you can write vanilla CSS right inside of tagged template literals inside of Lit components import LitElement css html from lit class ExampleComponent extends LitElement static styles css p color var cyan render return html lt p gt Rendering a Lit component This is cool lt slot gt lt slot gt lt p gt customElements define example component ExampleComponent In case you re wondering with the right IDE plugin like lit plugin for VSCode you get syntax highlighting and all the niceties you d expect And of course because you re using the shadow DOM the lt p gt style here will only affect markup inside of example component and nowhere else on your page However as I ve mentioned before I really do like keeping my component CSS in css filesーwhat are sometimes referred to as sidecar stylesheets For larger more complex components I definitely appreciate being able to maintain the structure behavior of the component as a separate concern from the styling Also if I m working with designers on a team or developers with past experience with Sass and so forth it s a huge win So we should just be able to import styles like this right import example component css LOL no That simply does not work at all which has been a problem for the longest time Thankfully we have a savior on the horizon CSS module scripts to the rescue I really think that s kind of a confusing term for this but nobody asked me Also it s totally different from the prior art known as CSS Modules though in the end it sort of accomplishes the same goal Go figure Anyway by using a default import name combined with a special assert type css ending we receive a CSSStyleSheet object representing the styles in those files We can then apply those styles to our component courtesy of the new constructable stylesheets spec Lit supports this already so we can simply rewrite our component like so import LitElement html from lit import sheet from example component css assert type css class ExampleComponent extends LitElement static styles sheet render return html lt p gt Rendering a Lit component This is cool lt slot gt lt slot gt lt p gt customElements define example component ExampleComponent We can then add a true sidecar stylesheet in the example component css file p color var cyan Are you getting it yet Using nothing but the browser polyfills notwithstanding with no build tools required you can author encapsulated components with scoped styles save those js css file combos right there in your project folders import them into your HTML as ES modules and It Just Works The only thing keeping this from being truly gobsmackingly fantastic is we still don t have native HTML imports So for example if we wanted to have a few HTML pages in our project folder to share a common header or nav bar or footer we couldn t do it unless we encapsulated all of those inside of web componentsーwhich I honestly can t recommend at all for several reasons not the least of which is your page layout will be horribly broken without client side JavaScript enabled and executed So…in the end…we really do need some kind of build time or server side tooling to offer a template syntax of some sort so it s easy to share template partials across pages And we probably also want a way to author content in some nice format like Markdown And…yeah Perhaps we re not quite ready to embrace this buildless future Nevertheless we re getting close Reeeeally close Perhaps once we arrive at the th anniversary of the web in we ll have a way to import a chunk of HTML into another chunk of HTML ️All joking aside there are some promising discussions along these lines as well as various custom elements example another example to provide workarounds…given the aforementioned caveats It really does feel like a concept that s long overdue See This All In ActionDemo RepoHere s a simple project which shows all of this working as well as a vanilla web component sitting alongside a Lit based web component The Node js web server is only there to be an utterly basic web server As you can see by inspecting the package json file there are zero front end dependencies Our import map is what allows Lit to work when the page loads By the way if you want just a smidge more tooling at your disposal check out Web Dev Server It will handle rewriting bare module import specifiers for you automatically and even let you use local node modules without needing to add import maps at all I wouldn t necessarily recommend this as a soup to nuts buildless workflow as it results in a sort of dependency on using this particular server hence the name Web Dev Server I suppose Still it s an astonishingly simple way to spin up a new web project to kick the tires on some new library or feature approach So there you have it folks a sneak peak at the future of buildless modern web development We re not quite there yet I ll be the first to admit But perhaps for the first time in forever I m reaching for my shades Because…the future It s…bright Keep up people Find this and much more all at The Spicy Web a blog chat community and soon educational platform to help you learn how to use “vanilla web specs like HTTP HTML CSS JavaScript amp Web Components Join the Discord todayーit s entirely free |
2022-06-12 16:12:28 |
海外TECH |
DEV Community |
Daily Bugle: A Spiderman Themed Try Hack Me CTF 🕸️ |
https://dev.to/christinecdev/daily-bugle-a-spiderman-themed-try-hack-me-ctf-492e
|
Daily Bugle A Spiderman Themed Try Hack Me CTF ️If you had to choose between Marvel and DC who would you choose I think we all have a favorite but we cannot deny the fact that we all like Spiderman This is not a fact but an opinion so don t hold me to this bold statement Today we are going to hack the Daily Bugle are you ready ️ ️ Access the web server who robbed the bank Once your machine is loaded let s open up the IP address in our browser We won t have to scroll far before we see who robbed the bank Spiderman What is the Joomla version Okay now that we ve launched our machine and had a look around our main page we can start enumerating Open up your terminal and start up a nmap scan to see which services are running nmap sV Pn lt your machine IP gt We can see that ssh http and mysql are running Let s continue with running a gobuster scan to see which hidden directories we can find gobuster dir w usr share wordlists dirbuster directory list small txt u http lt your machine IP gt t When we head over to lt ip gt administrator we see that it opens up a Joomla login page Okay now we need to find the version that is running We can do this with joomscan joomscan u http lt your machine IP gt administrator Tada We ve found our Joomla version What is Jonah s cracked password Okay so we can do this via finding a python exploit or by running SQLMap which takes forever I ll show you the python script way since the lab instructions encourage us to try it Let s see if there is a valid exploit with searchsploit searchsploit joomla We can see that there is a valid SQL Injection exploit available for us to use Now you can go over to Exploit DB and download this exploit if you are doing the SMLmap method but we won t be able to use this Instead we need a python conversion of this exploit Luckily I got you Download the python exploit from here I renamed this file as exploit py and saved it in my Downloads directory Now go back into your terminal and cd into the directory of the downloaded exploit If you read the instructions from the GitHub page above you will see that we need to install two packages so let s do that While we re at it let s also turn our exploit py into an executable pip install artpip install beautifulsoupchmod x exploit pyOnce you ve done all of the above we can run our exploit python exploit pyAfter a bit you will se the user s password Let s copy it and create a new file called pass txt I just did it in my Downloads directory Paste this value into this new file Now to crack this password We can use John The Ripper for this Run the following command in your terminal john pass txt wordlist usr share wordlists rockyou txt Thus we now know that Jonah s password is spiderman What is the user flag Okay now that we have our username and password Jonah spiderman we can attempt to log into our Joomla site Once in you will be met with a control panel for Jonah Since our site is built with PHP we can create a reverse shell to gain access to the ssh service found above You can download the reverse shell from Pentestmonkey s website or via the following command wget Let s get that netcat listener out of the way We can keep our port as it doesn t really matter unless you feel finicky about it sudo nc nlvp Head over to your Joomla dashboard and navigate to the Template Customizer Now grab that reverse shell file that you just downloaded it will be in your Downloads directory and you ll have to extract it and paste it into your index php or error php file Remember to change the IP address of your reverse shell to the IP of your attacking machine OPENVPN and save Click on Preview Template and check on your netcat listener we now have a shell If the preview template shell doesn t work just navigate back to index php in your browser and that should work Let s run the cat etc passwd command so that we can view the list of the system s accounts We can identify a user named jjameson we will use this for our ssh login later Next let s cd into our var www html directory which is the base directory for our site and it will list all the root files One file of interest is the configuration php file you can read each file as this is all trial and error to find a file that has valuable information Reading the contents of this configuration php file we see a password for our jjameson user Let s log into ssh using these credentials jjameson nvuzrZEDzVjNu We can see our user txt file listed immediately ssh jjameson lt your machine IP gt Read the contents of user txt and voila you have your flag What is the root flag Okay so we are in the final stretch of completing this CTF Let s see what sudo privileges we have via the sudo l command I apologize for the poor screenshot I took What is important is that we can run the yum command Let s head over to GTFObins and see how we can use yum If the yum binary is allowed to run as superuser by sudo it does not drop the elevated privileges and may be used to access the file system escalate or maintain privileged access Follow this section of our yum page to get to root Now we can view our root txt file that is found in cat root txt We have our flag ConclusionYou just hacked the Daily Bugle congratulations I hope that this was easy enough for you to follow and until next time happy hacking See more on my GitHub |
2022-06-12 16:04:47 |
海外TECH |
Engadget |
Watch the Xbox and Bethesda games showcase here at 1PM ET |
https://www.engadget.com/xbox-bethesda-games-showcase-summer-game-fest-2022-163031709.html?src=rss
|
Watch the Xbox and Bethesda games showcase here at PM ETE might not be happening this year but Summer Game Fest kicked off on Thursday and today is arguably its biggest event the Xbox and Bethesda games showcase The stream starts at pm ET and should feature a bunch of new Xbox exclusives from Microsoft s many many internal studios We already got some news on the company s cloud gaming TV app early this week and today we re hoping to hear more about Starfield and Redfall ーtwo Bethesda games that have been delayed into It d be nice to get some more news on Elder Scrolls VI which was announced almost exactly four years ago Away from Bethesda Microsoft has a bunch of exclusives we re waiting to hear more on There s the next generation Forza the new Fable and that gorgeous looking Hellblade sequel all on the way and plenty more beyond that Given it s Xbox there s a percent chance we ll hear something about Halo as well The stream is available on Twitch and YouTube or you can watch it in the embed below |
2022-06-12 16:30:31 |
ニュース |
BBC News - Home |
Bipartisan group of US senators agrees limited gun safety measures |
https://www.bbc.co.uk/news/world-us-canada-61777310?at_medium=RSS&at_campaign=KARANGA
|
background |
2022-06-12 16:45:34 |
ニュース |
BBC News - Home |
Dragons' Den star Hilary Devey dies aged 65 |
https://www.bbc.co.uk/news/uk-england-61777466?at_medium=RSS&at_campaign=KARANGA
|
confirms |
2022-06-12 16:28:28 |
ニュース |
BBC News - Home |
Scandinavian Mixed: Linn Grant becomes first female winner on DP World Tour |
https://www.bbc.co.uk/sport/golf/61778152?at_medium=RSS&at_campaign=KARANGA
|
Scandinavian Mixed Linn Grant becomes first female winner on DP World TourSweden s Linn Grant makes history with a nine shot victory in the Scandinavian Mixed to become the first female winner on the DP World Tour |
2022-06-12 16:29:30 |
ニュース |
BBC News - Home |
Andy Murray beaten by Matteo Berrettini in Stuttgart Open final |
https://www.bbc.co.uk/sport/tennis/61776574?at_medium=RSS&at_campaign=KARANGA
|
stuttgart |
2022-06-12 16:54:36 |
ニュース |
BBC News - Home |
England v Barbarians: Danny Care recalled after four-year absence |
https://www.bbc.co.uk/sport/rugby-union/61777596?at_medium=RSS&at_campaign=KARANGA
|
appearance |
2022-06-12 16:49:52 |
コメント
コメントを投稿