galaxy001

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files

galaxy001

Create a local account on Windows 11 22H2 clean install ( and first boot ):

NEW METHOD

Feel free to try this method if it works, if not switch back to the old one below.

1. Reach the account creation and choose Personal Account
2. Use as email test@test.com
3. Use as password test
4. Let Windows 11 fail the login and click Next

galaxy001

git config --global https.proxy http://127.0.0.1:1080

git config --global https.proxy https://127.0.0.1:1080

git config --global --unset http.proxy

git config --global --unset https.proxy


npm config delete proxy

galaxy001

In case there's already a DHCP config for netplan for the private IP address:

File: /etc/netplan/50-cloud-init.yaml

Contents:

# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:

galaxy001

This method doesn't require an internet connection…

1. base64-encode the <svg> markup (eg. paste svg at base64encode.org)
2. URL-encode the base64-encoded string (eg. paste base64 string at urlencoder.org)
3. Put the resulting string in ![alt text](data:image/svg+xml,<paste_your_svg_string_here> "title")

The result would be a string similar to the following that can be inserted into a Jupyter Notebook Markdown cell…

galaxy001

Google Public NTP [AS15169]:

time.google.com

time1.google.com

time2.google.com

time3.google.com

galaxy001

参考

• https://www.right.com.cn/forum/thread-826399-1-1.html
• https://www.right.com.cn/forum/thread-783813-1-1.html
• http://tieba.baidu.com/p/6204027918
• https://yans.io/275.html
• https://aluigi.altervista.org/mytoolz.htm

时间： 2019-09-30 设备型号： 吉比特GM220-S 地域： 江苏移动（徐州）

galaxy001

The following shell transcript shows how to:

• Create a GPG key
• Create a pass database
• Add git support to the pass database
• Create a remote git repository
• Push the pass database to the remote git repository
• Fetch and display your passwords from another host

It is assumed that the pass package has been installed on both the first and second computers.

galaxy001

#!/bin/bash
# data: 2020-03-31
# author: muzi502
# for: Fuck GFW and download some raw file form github without proxy using jsDelivr CDN 
# usage: save the .she to your local such as /usr/bin/rawg, and chmod +x /usr/bin/rawg
# use rawg https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh to download

set -xue
# GitHub rul: https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh
# jsDelivr url: https://cdn.jsdelivr.net/gh/ohmyzsh/ohmyzsh/tools/install.sh

galaxy001

如何使用python3逃逸沙箱，获得进程上下文权限提升

最近突发奇想，想对所掌握的python知识进行总结一下，目前其实还停留在python层面如何使用，还没有深入到虚拟机部分，如果下面有哪些错误，欢迎指出。

背景

OJ(Online judge, 在线编程测评提交代码到后台运行检查)网站一般都允许各种各样的代码提交，其中很有可能包含python3，于是决定尝试通过python3的代码执行，进行沙箱逃逸，以及绕过各种限制。

我随便找了一个OJ网站，这个站点的python3有如下限制