bennofs

#!/usr/bin/env python3
"""Process PayPal transaction exports for ledger import

Usage:
  process.py TRANSACTIONS ACTIVITY

where TRANSACTIONS is the csv export of PayPal transactions (https://www.paypal.com/reports/statements/custom)
and ACTIVITY is the csv export of PayPal activities (https://www.paypal.com/reports/dlog) for the same time range.
"""
from docopt import docopt

bennofs

#!/usr/bin/env python3
"""Contains code for parsing the IDL file."""
from hashlib import sha256
from keyword import kwlist
from dataclasses import dataclass, field, asdict, make_dataclass, fields as dc_fields
from types import MappingProxyType
from typing import List, Union, Optional, Dict, Any, Literal, Tuple, TypedDict, TypeVar, Type, Mapping, cast, Protocol
import re
import typing

bennofs

# Maintainer GI Jack <GI_Jack@hackermail.com>

pkgname=aflplusplus
pkgver=3.13c
_pkgver=3.13c
pkgrel=1
pkgdesc="afl++ is afl with community patches, AFLfast power schedules, qemu 3.1 upgrade + laf-intel support, MOpt mutators, InsTrim instrumentation, unicorn_mode and a lot more!"
arch=('x86_64')
url="https://github.com/vanhauser-thc/AFLplusplus"
license=('Apache')

bennofs

#![allow(unused)]
use std::{collections::HashSet, path::Path};
pub use std::{process::ExitStatus, fs::File, io::Read, net::SocketAddr, net::SocketAddrV4, net::UdpSocket, path::PathBuf, time::Duration, time::Instant};
pub use std::collections::HashMap;
pub use bincode::serialize;
use itertools::izip;
pub use log::*;
 
use solana_bpf_loader_program::{ThisInstructionMeter, solana_bpf_loader_deprecated_program, solana_bpf_loader_program, solana_bpf_loader_upgradeable_program};
pub use solana_bpf_loader_program::{BPFError, bpf_verifier};

bennofs

#![allow(unused)]
use std::{collections::HashSet, path::Path};
pub use std::{process::ExitStatus, fs::File, io::Read, net::SocketAddr, net::SocketAddrV4, net::UdpSocket, path::PathBuf, time::Duration, time::Instant};
pub use std::collections::HashMap;
pub use bincode::serialize;
use itertools::izip;
pub use log::*;
 
use solana_bpf_loader_program::{ThisInstructionMeter, solana_bpf_loader_deprecated_program, solana_bpf_loader_program, solana_bpf_loader_upgradeable_program};
pub use solana_bpf_loader_program::{BPFError, bpf_verifier};

bennofs

MathSH Writeup

MathSH was a very innovative challenge in the category sandbox escape. Three members of our team - ALLES! - worked for several hours and eventually drew first blood on this challenge. This writeup is split into several parts, namely: dumping the binary, analysing the sandbox, gaining a better primitive for code execution and finally escaping the sandbox.

The description Calculator as a Service (CAAS) already hints to CAS, a legacy .NET technology to run code in various level of trusts.

We are given a restricted "shell" to calculate math expressions:

bennofs

#!/usr/bin/env python3

attack = b'''POSt //admin HTTP/1.1
Connection: Keep-Alive
Cookie: IMPERSONATE=,KEY;KEY
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

username=admin
'''.replace(b'\n',b'\r\n')

bennofs

always += rockchip/rk3328-rock64.dtb

bennofs

; enable python version switching
(defvar +python-interpreter-executable-history nil
    "History list for recently selected python interpreters.")

(defun +set-python-interpreter-executable (command)
    "Set the python interpreter for the current buffer to the given executable."
    (interactive
     (list
      (read-shell-command
       "Python interpreter: " nil '+python-interpreter-executable-history "python"

bennofs

Keybase proof

I hereby claim:

• I am bennofs on github.
• I am bennofs (https://keybase.io/bennofs) on keybase.
• I have a public key ASADrX5aq3SMqRLWif2ffaklwmU4B6AvU0XkuQywqnJqwwo

To claim this, I am signing this object: