This concept is very much like .jar
or .war
archives in Java.
NOTE: The built
.pyz
zipapp can run on both Python 2 & 3 but you can only build.pyz
zipapps with Python 3.5 or later.
This concept is very much like .jar
or .war
archives in Java.
NOTE: The built
.pyz
zipapp can run on both Python 2 & 3 but you can only build.pyz
zipapps with Python 3.5 or later.
In order of first appearance in The Morning Paper.
#!/usr/bin/env python3 | |
# | |
# Exploit for "ragnarok" of HITCON CTF 2017. | |
# | |
# Bug: | |
# ---- | |
# In Odin::add_weapon, the following line of code is executed: | |
# | |
# cast_spell(shared_ptr<Figure>(this)); | |
# |
# | |
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
# | |
# Note this version requires Apache 2.4+ | |
# | |
# Save this file into something like /etc/apache2/redirect.rules. | |
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
# | |
# Include /etc/apache2/redirect.rules | |
# |
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
# generate server.pem with the following command: | |
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
# run as follows: | |
# python simple-https-server.py | |
# then in your browser, visit: | |
# https://localhost:4443 | |
import BaseHTTPServer, SimpleHTTPServer | |
import ssl |
Businesses are machines producing mountains of data about sales, usage, customer, costs, etc... Traditionally data processing is highly centralised with teams of staff and computer running hot a whirling ready to process. We can do better than moving the mountain of data into the corporate data machine - so long as that machinary is light enough to be moved to the data.
We've had this problem; a huge directory of files in CSV format, conataining vital information for our business. But it's in CSV, requires analysis, and don't you don't feel like learning sed/grep/awk today - besides it's 2017 and no-one thinks those tools are easy to use.
//////////////////////////////////////////////////////////////////////////// | |
// | |
// The vulnerability was that the following line of code could change the type of the | |
// underlying Array from JavascriptNativeIntArray to JavascriptArray: | |
// | |
// spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE; | |
// | |
// As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed | |
// was removed. If the aItem then is not a JavascriptArray, the following code path is taken: | |
// else |
function remove-docker-containers | |
echo "Stop running shit" | |
docker stop (docker ps -q) | |
echo "Remove the whale shit" | |
docker rm (docker ps -a -q) | |
end | |
function remove-docker-images | |
remove-docker-containers |
#!/usr/bin/env python3 | |
""" | |
An async server for base64-encoded reverse shells | |
Allows rashell-cipher clients to connect and get commands | |
Expects network data in base64 wrapping xor enciphered data | |
The XOR key in this script needs to match the client key. | |
Written by Leo Tindall / SilverWingedSeraph | |
This code is covered by a CC-BY-SA 4.0 license. | |
Give attribution and share under the same license. |
Principles of Adult Behavior