allanlw

My favorite challenges for 2021 were Wizlog and Kinder Market, so here are writeups for both. - @Allan_Wirth

allanlw

/*
It's possible to execute arbitrary code during webpack execution by abusing the magic
comment feature documented here: https://webpack.js.org/api/module-methods/#magic-comments

These comments eventually get executed by `vm.runInContext` which is well-known to be unsafe
at https://github.com/webpack/webpack/blob/v4.43.0/lib/Parser.js#L2338

This is an example payload that reads process.env, ps aux and /etc/passwd and posts to localhost:8080.

Reported to NPM security for webpack July 12th, 2020, but considered not a bug.

allanlw

<?php

// simple PHP re-implementation of https://yurichev.com/news/20200621_regex_SAT/
// to take advantage of PCRE jit

ini_set('pcre.backtrack_limit',  (1<<63) - 1);
ini_set('pcre.jit', 1);

function read_text_file($fname) {
  return array_map('trim', explode("\n", file_get_contents($fname)));

allanlw

# Copyright 2019, Akamai Technologies, Inc.
# 
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
# 

allanlw

diff --git a/Makefile.am b/Makefile.am
index 6344b4e..1a3a703 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,13 +5,13 @@ LIBJQ_INCS = src/builtin.h src/bytecode.h src/compile.h                 \
         src/exec_stack.h src/jq_parser.h src/jv_alloc.h src/jv_dtoa.h   \
         src/jv_unicode.h src/jv_utf8_tables.h src/lexer.l src/libm.h    \
         src/linker.h src/locfile.h src/opcode_list.h src/parser.y       \
-        src/util.h
+        src/util.h src/sandbox.h

allanlw

FROM ubuntu:18.04

RUN apt-get update && apt-get install -y \
        build-essential \
        git \
        libncurses5-dev \
        libncursesw5-dev

RUN git clone https://github.com/jmoon018/PacVim.git /PacVim && \
        cd /PacVim && \

allanlw

# Quick script for finding cards that are dupes based on the sort field
from collections import defaultdict
q = defaultdict(list)
for (k,v) in [ (anki.utils.stripHTML(y.fields[y.col.models.sortIdx(y._model)]), y) for y in [mw.col.getNote(x) for x in mw.col.findNotes("deck:Japanese")]]:
  q[k].append(v)
dupes = [(k,v) for (k,v) in q.items() if len(v) > 1]
for k,vs in dupes:
  for b in vs:
    b.addTag("allandup")
    b.flush()

allanlw

#!/usr/bin/env python

from __future__ import print_function
import struct

HTTP2_HDR="PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"

# Does the thing for a frame
def frame(ty, flags, streamid, payload):
  return struct.pack(">L", len(payload))[1:4] + struct.pack(">BBL", ty, flags, streamid) + payload

allanlw

#!/usr/bin/python

import urllib2
import string
import random
import urllib
import cgi

l = list(string.ascii_letters)
random.shuffle(l)

allanlw

<!DOCTYPE html>
<!--
This is a simple script to manually heap sort images.

It loads images from a relative file filelist.txt, which is a list of image (really page) URIs
separate by new lines.

It will prompt the user for comparisons. Press the A key for left image or F key for the right image.

When it's done it logs to console.log.