Skip to content

Instantly share code, notes, and snippets.

Avatar

Simon/Jinyu Liu passos

View GitHub Profile
@adolli
adolli / 如何使用python3逃逸沙箱,获得进程上下文权限提升.md
Last active Nov 28, 2020
如何使用python3逃逸沙箱,获得进程上下文权限提升
View 如何使用python3逃逸沙箱,获得进程上下文权限提升.md

如何使用python3逃逸沙箱,获得进程上下文权限提升

最近突发奇想,想对所掌握的python知识进行总结一下,目前其实还停留在python层面如何使用,还没有深入到虚拟机部分,如果下面有哪些错误,欢迎指出。

背景

OJ(Online judge, 在线编程测评提交代码到后台运行检查)网站一般都允许各种各样的代码提交,其中很有可能包含python3,于是决定尝试通过python3的代码执行,进行沙箱逃逸,以及绕过各种限制。

我随便找了一个OJ网站,这个站点的python3有如下限制

@rajatdiptabiswas
rajatdiptabiswas / Binary Indexed Tree.py
Last active Nov 22, 2020
Implementation of Binary Indexed Tree/Fenwick Tree in Python
View Binary Indexed Tree.py
#!/usr/bin/env python3
"""
Binary Indexed Tree / Fenwick Tree
https://www.hackerearth.com/practice/notes/binary-indexed-tree-made-easy-2/
https://www.topcoder.com/community/data-science/data-science-tutorials/binary-indexed-trees/
https://www.youtube.com/watch?v=v_wj_mOAlig
https://www.youtube.com/watch?v=kPaJfAUwViY
"""
@alswl
alswl / hosts
Last active Feb 17, 2021
(deprecated, I bought xiaomi VIP)hosts for OpenWRT, for disable AD in xiaomi TV
View hosts
127.0.0.1 api.ad.xiaomi.com
127.0.0.1 sdkconfig.ad.xiaomi.com
127.0.0.1 ad.mi.com
127.0.0.1 ad.xiaomi.com
127.0.0.1 ad1.xiaomi.com
127.0.0.1 adv.sec.miui.com
127.0.0.1 test.ad.xiaomi.com
127.0.0.1 new.api.ad.xiaomi.com
@gaearon
gaearon / slim-redux.js
Last active Feb 10, 2021
Redux without the sanity checks in a single file. Don't use this, use normal Redux. :-)
View slim-redux.js
function mapValues(obj, fn) {
return Object.keys(obj).reduce((result, key) => {
result[key] = fn(obj[key], key);
return result;
}, {});
}
function pick(obj, fn) {
return Object.keys(obj).reduce((result, key) => {
if (fn(obj[key])) {
@Kartones
Kartones / postgres-cheatsheet.md
Last active Feb 23, 2021
PostgreSQL command line cheatsheet
View postgres-cheatsheet.md

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h or --help depending on your psql version):

  • -E: will describe the underlaying queries of the \ commands (cool for learning!)
  • -l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)
@chaitanyagupta
chaitanyagupta / _reader-macros.md
Last active Feb 17, 2021
Reader Macros in Common Lisp
View _reader-macros.md

Reader Macros in Common Lisp

This post also appears on lisper.in.

Reader macros are perhaps not as famous as ordinary macros. While macros are a great way to create your own DSL, reader macros provide even greater flexibility by allowing you to create entirely new syntax on top of Lisp.

Paul Graham explains them very well in [On Lisp][] (Chapter 17, Read-Macros):

The three big moments in a Lisp expression's life are read-time, compile-time, and runtime. Functions are in control at runtime. Macros give us a chance to perform transformations on programs at compile-time. ...read-macros... do their work at read-time.

@wbroek
wbroek / genymotionwithplay.txt
Last active Feb 8, 2021
Genymotion with Google Play Services for ARM
View genymotionwithplay.txt
NOTE: Easier way is the X86 way, described on https://www.genymotion.com/help/desktop/faq/#google-play-services
Download the following ZIPs:
ARM Translation Installer v1.1 (http://www.mirrorcreator.com/files/0ZIO8PME/Genymotion-ARM-Translation_v1.1.zip_links)
Download the correct GApps for your Android version:
Google Apps for Android 6.0 (https://www.androidfilehost.com/?fid=24052804347835438 - benzo-gapps-M-20151011-signed-chroma-r3.zip)
Google Apps for Android 5.1 (https://www.androidfilehost.com/?fid=96042739161891406 - gapps-L-4-21-15.zip)
Google Apps for Android 5.0 (https://www.androidfilehost.com/?fid=95784891001614559 - gapps-lp-20141109-signed.zip)
@raven
raven / Breakpoints_v2.xcbkptlist
Last active Aug 30, 2019
Symbolic breakpoint for dynamically linking libReveal against UIApplicationMain
View Breakpoints_v2.xcbkptlist
<?xml version="1.0" encoding="UTF-8"?>
<Bucket
type = "2"
version = "2.0">
<Breakpoints>
<BreakpointProxy
BreakpointExtensionID = "Xcode.Breakpoint.SymbolicBreakpoint">
<BreakpointContent
shouldBeEnabled = "Yes"
ignoreCount = "0"
@BlakeGardner
BlakeGardner / Install HTTPie.md
Last active Nov 5, 2020
Install HTTPie Mac OS X
View Install HTTPie.md

This is a quick guide on installing HTTPie for Mac OS X systems. This is also useful if you want the python package management utility pip. An installed copy of Homebrew is a prerequisite.

HTTPie

The easy way

brew install httpie
@lg0
lg0 / gist:3481797
Last active Oct 9, 2015
解决 OSX 上原生 VPN (Cisco IPSec)每隔一小时要求输入密码的情况
View gist:3481797

解决方案来自:[Apple Support Communities] (https://discussions.apple.com/thread/3275811?start=0&tstart=0)

  1. 连接 VPN Cisco IPSec (让系统生成配置文件)
  2. 拷贝配置文件到/etc/racoon打开终端执行:
    $ sudo cp /var/run/racoon/xxx.xxx.xxx.xxx.conf /etc/racoon
  3. 修改 racoon 配置文件:
    $ sudo vim /etc/racoon/racoon.conf
  4. 将最后一行注释掉(目的是不使用系统生成配置):
    # include "/var/run/racoon/*.conf" ;
  5. 将下面一行添加到文件末尾,包含分号(使用定制的配置文件):