blueset

Fxliang’s Weasel

stewartmcgown

{
  "version_module": true,
  "title": "Instant Messaging Private API",
  "ownerName": "Google",
  "basePath": "",
  "version": "v1",
  "resources": {
    "group": {
      "methods": {
        "kickgroupusers": {

moesoha

addEventListener('fetch', event => event.respondWith(handleRequest(event.request)));

// Add environment variable `TGBOT_TOKEN` via Worker-Settings
async function requestTelegramBotAPI(method, payload) {
    return fetch(`https://api.telegram.org/bot${TGBOT_TOKEN}/${method}`, {
        method: "POST",
        headers: {
            "Content-Type": "application/json; charset=utf-8"
        },
        body: !payload ? undefined : JSON.stringify(payload)

k4yt3x

# K4YT3X Server/Community Zshrc
# Version: 2024.04.25
# Copyright (C) 2017-2024 K4YT3X.

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,

adolli

如何使用python3逃逸沙箱，获得进程上下文权限提升

最近突发奇想，想对所掌握的python知识进行总结一下，目前其实还停留在python层面如何使用，还没有深入到虚拟机部分，如果下面有哪些错误，欢迎指出。

背景

OJ(Online judge, 在线编程测评提交代码到后台运行检查)网站一般都允许各种各样的代码提交，其中很有可能包含python3，于是决定尝试通过python3的代码执行，进行沙箱逃逸，以及绕过各种限制。

我随便找了一个OJ网站，这个站点的python3有如下限制

haruue

#!/bin/sh

# Copyright 2015, Timothy Redaelli <tredaelli@archlinux.info>

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,

ocornut

// My game is using a Japanese font that doesn't seem to declare codepoint for Kanjis for those which only comprised of a simple radical.
// e.g. https://en.wikipedia.org/wiki/Radical_180
// Radical 180 (U+2FB3) ~~ 音 (U+97F3)
// I am remapping the codepoints in software but couldn't find an easy to parse list, ended up scraping from Unicode webpages

  { 0x4E00, 0x2F00 }, // Kangxi Radical One
	{ 0x4E28, 0x2F01 }, // Kangxi Radical Line
	{ 0x4E36, 0x2F02 }, // Kangxi Radical Dot
	{ 0x4E3F, 0x2F03 }, // Kangxi Radical Slash
	{ 0x4E59, 0x2F04 }, // Kangxi Radical Second

jpbalarini

before_action :cors_set_access_control_headers

def cors_preflight_check
  return unless request.method == 'OPTIONS'
  cors_set_access_control_headers
  render json: {}
end

protected

geoff-nixon

#!/usr/bin/sudo sh

## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.

## From `strings ruby_concealer.so`:
##
## > This obfuscation is intended to discourage GitHub Enterprise customers
## > from making modifications to the VM.
##
## Well, good, as long as its not intended to discourage *me* from doing this!

willurd

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000