Skip to content

Instantly share code, notes, and snippets.

galaxy001

Block or report user

Report or block galaxy001

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View 如何使用python3逃逸沙箱,获得进程上下文权限提升.md

如何使用python3逃逸沙箱,获得进程上下文权限提升

最近突发奇想,想对所掌握的python知识进行总结一下,目前其实还停留在python层面如何使用,还没有深入到虚拟机部分,如果下面有哪些错误,欢迎指出。

背景

OJ(Online judge, 在线编程测评提交代码到后台运行检查)网站一般都允许各种各样的代码提交,其中很有可能包含python3,于是决定尝试通过python3的代码执行,进行沙箱逃逸,以及绕过各种限制。

我随便找了一个OJ网站,这个站点的python3有如下限制

@galaxy001
galaxy001 / git-pull-all
Created Jun 21, 2019 — forked from grimzy/git-pull-all
Git pull all remote branches
View git-pull-all
#!/usr/bin/env bash
git branch -r | grep -v '\->' | while read remote; do git branch --track "${remote#origin/}" "$remote"; done
git fetch --all
git pull --all
View ss_v2ray_plugin.md
View gollum_baiduyun_v3.4.5.js
/**
* 贪灵Gollum for Baiduyun, Ver.3.4.5
* 立即执行函数:百度云盘批量转存用户分享。
*
* 【特点】
* - 可保持或无视原分享者的目录结构。
* - 支持差分转存。
* - 自动分解转存,可突破单次转存总文件数5000的限制。
* - 可在分享主页下,进入某文件夹来转存其下级子文件夹。
* - 支持专辑转存。
View dns2https.swoole.php
<?php
/*
tcp dns client for google dns over https (https://dns.google.com)
ubuntu上使用:
在/etc/rc.local里加/usr/bin/php /home/<your_name>/dns2https.php
执行:
sysv-rc-conf unbound off
sysv-rc-conf dnscrypt-proxy off
@galaxy001
galaxy001 / how-clowwindy-design-Shadowsocks.md
Created Feb 17, 2017
clowwindy设计Shadowsocks的思路分析以及设计理念
View how-clowwindy-design-Shadowsocks.md

clowwindy设计Shadowsocks的思路分析以及设计理念

鄙人不才,尝试站在原作者clowwindy的角度,来分析一下原版协议的设计思路和理念。 没参与过最初开发,不过设计了AEAD这个协议。读了一些资料,评论。

7:58 PM, 31 Aug 2015 作者发了这么一段话,我很好奇其中的指代内容,遂有本文。

眼睁睁看着一群人把一个东西搞错然后朝着错误的方向走了。不过懒得管了 =。=

View com.google.Chrome.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.google.Chrome</key>
View keybase.md

Keybase proof

I hereby claim:

  • I am galaxy001 on github.
  • I am galaxy001 (https://keybase.io/galaxy001) on keybase.
  • I have a public key whose fingerprint is 3209 312F EC81 F062 CAD0 96FF 55BB D8CD 9969 AEA7

To claim this, I am signing this object:

@galaxy001
galaxy001 / parse_h265.py
Created Apr 19, 2016 — forked from figgis/parse_h265.py
H.265/HEVC bitstream parser
View parse_h265.py
#!/usr/bin/env python
"""
- ae(v): context-adaptive arithmetic entropy-coded syntax element. The parsing process for this descriptor is
specified in clause 9.3.
- b(8): byte having any pattern of bit string (8 bits). The parsing process
for this descriptor is specified by the return value of the function
read_bits( 8 ).
- f(n): fixed-pattern bit string using n bits written (from left to right)
You can’t perform that action at this time.