- Web Wormhole https://webwormhole.io/ https://github.com/saljam/webwormhole
- ToffeeShare https://toffeeshare.com/
- FilePizza https://file.pizza/
- ShareDrop https://www.sharedrop.io/ https://github.com/szimek/sharedrop
- A clone SnapDrop https://snapdrop.net/ https://github.com/RobinLinus/snapdrop
- A fork PairDrop https://pairdrop.net/ https://github.com/schlagmichdoch/pairdrop
- A clone SnapDrop https://snapdrop.net/ https://github.com/RobinLinus/snapdrop
- Instant.io https://instant.io/
- FileTC https://file.tc/
- javascript:alert(origin)
- @maple3142
[Unit] | |
Wants=network-pre.target | |
Before=network-pre.target shutdown.target | |
[Service] | |
User=root | |
ExecStart=/bin/sh -ec '\ | |
[ -x /usr/bin/wslinfo ] && [ "$(/usr/bin/wslinfo --networking-mode)" = "mirrored" ] || exit 0;\ | |
echo 1 > /proc/sys/net/ipv4/conf/all/route_localnet;\ | |
nft add rule ip nat WSLPOSTROUTING "iif \"loopback0\" ip saddr 127.0.0.0/8 ip daddr != 127.0.0.0/8 counter masquerade comment mirrored"\ |
# https://gist.github.com/anonhostpi/fe3c88c8371b0a495ff39942d8aeadac | |
function global:Get-WSLNetMapping { | |
# Notify user if Mirroring Mode is not enabled | |
param( | |
[Alias("d")] | |
$Distribution | |
) |
//bookmarklet-title: Canvas DL | |
//bookmarklet-about: When playing skribbl.io and someone has made a nice drawing, this lets you download the current drawing as a PNG. | |
var w = window.wdq || (window.wdq = document.createElement("a")); | |
var p = /The word was '([^']*)'/g, | |
pp = /<span>([^<>]+) is drawing now!/g, | |
tt = document.body.innerHTML; | |
var mm, nn, xx; | |
while (mm = p.exec(tt)) nn = mm; | |
while (mm = pp.exec(tt)) xx = mm; |
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException()
and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.
FROM ubuntu:20.04 | |
RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y \ | |
python3 build-essential | |
WORKDIR /root |
The rumor tells that adm1n stores their secret split into multiple documents. Can you catch 'em all? https://postviewer-web.2022.ctfcompetition.com
The challenge consisted of an all client-side simple page, i.e. no backend code was involved. A user can upload any file which will be then locally stored in indexedDB. They can preview their files by either clicking on the title or by visiting file's URL, for example https://postviewer-web.2022.ctfcompetition.com/#file-01d6039e3e157ebcbbf6b2f7cb2dc678f3b9214d. The preview of the file is rendered inside a blob created from data:
URL. The rendering occurs by sending file's contents to the iframe via postMessage({ body, mimeType }, '*')
Additionally, there is a /bot
endpoint which lets players send URLs to an xss-bot
imitating another user. The goal is to steal their documents.
#!/bin/bash -ex | |
LIBC=$(ls * | grep -P '^(libc\.so\.6|libc-.*\.so)$') | |
LIBC_DBG_DEB="$(~/package/libc-database/identify $LIBC | sed s/libc6_/libc6-dbg_/g).deb" | |
if [[ ! -e $LIBC_DBG_DEB ]]; then | |
wget http://archive.ubuntu.com/ubuntu/pool/main/g/glibc/$LIBC_DBG_DEB | |
fi | |
DEBUGID=$(file $LIBC | grep -Po '(?<=BuildID\[sha1\]=)[0-9a-f]{40}') |