Skip to content

Instantly share code, notes, and snippets.

View shouc's full-sized avatar
:shipit:

typeform chain builder shouc

:shipit:
586 followers · 107 following
View GitHub Profile
@shouc
shouc / gist:16d2f66f47f2c13fd6fc5fba0380d06b
Last active June 23, 2021 16:11
test.md
We couldn’t find that file to show.
@shouc
shouc / README.md
Last active April 5, 2023 20:21
Offchain Testing Instructions

Demo

Install Docker from https://www.docker.com/ and run our docker image (x86 only, running on non-x86 platform significantly degrades performance):

docker run -p 8000:8000 fuzzland/dev-ityfuzz-2

Then, you can visit the interface at http://localhost:8000

@shouc
shouc / exp.sol
Created May 8, 2023 01:51
Dragonfly CTF Solution (Score: 16406)
// by https://twitter.com/publicqi & https://twitter.com/shoucccc
contract PuzzleBoxSolution {
constructor() payable {}
fallback() payable external {
if (msg.data.length > 32) {
assembly{
// let x := 0x80
let target := 0x69209d8a7d258515ec9a4d25f7be1db85cb1b826
@shouc
shouc / gist:02cd7446743aa75ca715aa71bc309d6d
Created December 28, 2024 03:03
### Keybase proof
I hereby claim:
* I am shouc on github.
* I am shouc (https://keybase.io/shouc) on keybase.
* I have a public key ASBreqhIMBEuTvygWcONLGZVL4mbrI1irDWEItXzfbCdhAo
To claim this, I am signing this object:
@shouc
shouc / rce.md
Created January 18, 2025 02:31

RCE in Risingwave UDF

Summary

An attacker with sufficient privileges to execute SQL queries can exploit a Remote Code Execution (RCE) vulnerability through User-Defined Functions (UDF) in Risingwave. By crafting a malicious UDF in Python, the attacker can execute arbitrary system commands on any compute nodes.

Details

The root cause of this issue is the lack of proper isolation and sanitization in the execution environment for Python UDFs (https://github.com/arrow-udf/arrow-udf/blob/main/arrow-udf-python/src/interpreter.rs#L37-L73). Attackers can abuse this to escalate their privileges from SQL execution to direct system-level access.

PoC

Execute following SQL:




  


  




    


          
    

      

        
        

          

              @shouc
          

          

            
                shouc
                / gist:29715960050f5a538bfa4ad16a8a8e99
            
            

              Created
              March 25, 2025 02:48
            

              
                Andrey_10gwei farming accounts
              
          

        

      

        

  

    
    


        



  


  

        

          
          8L4rzMRbR7jhcNk4b8K21DpWZzuKbH6E2rzK4Bb1Hax7
        

        

          
          3rnGfoT7BetuSKYos73gJHFBU71fVc8VZ7r2ueiL8Z8Q
        

        

          
          S9xEvekhQGjAeUmqSSwaQciRn8exxPKYZCLroG6Q2Xh
        

        

          
          HLkdmrVTMaeEtAUeasgQc4NnQ5bS6tZFMqAKD2Y7xY9t
        

        

          
          9BEXSQvDUc6yeqAWsRtGHn2nKDqogV6yRx17NqJBPGXF
        

        

          
          kLeSXWbdb7ypCyriQm6AWgT8VPGLZ9rq5wiNkqa2q4C
        

        

          
          HEjLQwphRZQuh3y4u3VgWueBAzFCaMsesqVqdEzvLoRc
        

        

          
          9gnm6c3DxihcexxNUA91PUumFp8TWufLmRxEfYRraTCw
        

        

          
          3u1Kk1ekg76e1APnfNEP57yX8u79PoK5GR3FU1UkM1SU
        

        

          
          3LUEzTtheTALFjZaJQJXb3RvHa4quaxkFAbbL8shNSYR
        

  





    


  




    


          
    

      

        
        

          

              @shouc
          

          

            
                shouc
                / gist:d3777f4d453db98194800fae8d190dcd
            
            

              Created
              April 30, 2025 04:36
            

              
                trent monitor
              
          

        

      

        

  

    
    


        



  


  

        

          
          import { TwitterApi } from 'twitter-api-v2';
        

        

          
          import { Configuration, OpenAIApi } from 'openai';
        

        

          
          import yargs from 'yargs';
        

        

          
          import { hideBin } from 'yargs/helpers';
        

        

          
          import TelegramBot from 'node-telegram-bot-api';
        

        

          
          import * as dotenv from 'dotenv';
        

        

          
          

        

        

          
          dotenv.config();
        

        

          
          

        

        

          
          enum Victim {