Below we have a custom 'list' PythonExtension implemented in C++:
struct DummyList : public Py::PythonExtension<DummyList>
{
std::vector<Py::Object> items;
Py::Object append(const Py::Tuple& args, const Py::Dict& keywords)
{
/* Question (i) and (ii) | |
* Exploit on: Line 13 */ | |
var x = {toString: function(){ alert("1"); return 1 }} | |
/* Question (iii) and (iv) | |
* Exploit on: Line 38 */ | |
var x = "h4x0r"; | |
Object.defineProperty(Array.prototype, '0', { | |
set: function(val) { | |
if (this.length == 0) { // This part is important so that the exploit is only run once |
# Self-elevate as admin (required to make symlinks later) | |
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { | |
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; | |
Exit | |
} | |
# Find RuneLite | |
$RuneliteAppPath = Get-StartApps -Name RuneLite | Select -ExpandProperty AppId |
import copy | |
import requests | |
import pprint | |
import os | |
GQL_URL = "https://gql.twitch.tv/gql" | |
GQL_QUERY = { | |
"operationName": "ChannelPointsContext", | |
"extensions": { |
#include <algorithm> | |
#include <bitset> | |
#include <iostream> | |
#include <vector> | |
using namespace std; | |
typedef long long ll; | |
enum State { |
#include <iostream> | |
#include <unordered_set> | |
using namespace std; | |
typedef pair<int, int> Point; | |
struct pair_hash { | |
inline std::size_t operator()(const std::pair<int,int> & v) const { | |
return v.first * 1024 + v.second; |
// ==UserScript== | |
// @name redirector | |
// @namespace Violentmonkey Scripts | |
// @match *://medium.com/* | |
// @match *://reddit.com/* | |
// @grant none | |
// @version 1.0 | |
// @author - | |
// @description 7/30/2022, 5:34:35 PM | |
// ==/UserScript== |
Workplaces may enforce TOTP 2FA to be enabled Office 365 accounts, which require the Microsoft Authenticator app to be installed.
Regular TOTP applications (such as Aegis, Authy, or LastPass) cannot be used as Microsoft uses a proprietary scheme called phonefactor
. Furthermore, the application requires Google Services Framework (GSF) to be installed (likely to provide device notifications), and will refuse to work when it is not present on the device.
Forunately, after the registration is complete, the underlying mechanism the app uses to generate TOTP codes is regular otpauth
, and its secrets can be exported with a little bit of effort.
syntax = "proto3"; | |
package party; | |
option java_package = "net.runelite.client.party"; | |
// c->s | |
message Join { | |
int64 partyId = 1; | |
int64 memberId = 2; |