require 'json' require 'socket' require 'uri' =begin %PDF-1.5 %ÐÔÅØ 9999 0 obj << /Length 10944 >> stream =end port = 8080 if ARGV.length > 0 then port = ARGV[0].to_i end v=TCPServer.new('',port) html=DATA.read().encode('UTF-8', 'binary', :invalid => :replace, :undef => :replace).split(/<\/html>/)[0]+"</html>\n" zip_contents = `unzip -l "#{__FILE__}"` zip = [] indexes = {} i=0 zip_contents.scan(/^\s*(\d+)\s+\d+-\d+-\d+\s+\d+:\d+\s+(.+[^\/])\s*$/).each do |m| zip << [m[0].to_i, m[1]] indexes[m[1]] = i i += 1 end raw_zip = `unzip -p "#{__FILE__}"`.bytes.to_a code = $?.exitstatus if code != 0 then print "Error unzipping #{__FILE__}! unzip exited with code #{code}\n" exit(code) end zip.each do |z| z << raw_zip[0..z[0]] raw_zip = raw_zip[z[0],raw_zip.length-z[0]] end raw_zip = nil zip_index = {} zip[indexes["index.txt"]][2].pack('c*').scan(/^"([^"]+)" +(.*)$/).each do |m| if indexes.has_key? m[0] then zip_index[m[0]] = m[1] end end indexes.keys.each do |i| if !zip_index.has_key? i then zip_index[i] = "" end end zip_index["index.txt"] = "a text version of this feelies index" mime_types = {".pdf" => "application/pdf", ".txt" => "text/plain", ".png" => "image/png", ".bmp" => "image/bmp", ".jpg" => "image/jpeg", ".gif" => "image/gif", ".c" => "text/plain", ".py" => "text/plain", ".bib" => "text/plain"} mime_types.default = "application/octet-stream" print "Listening for connections on port #{port}.\nTo listen on a different port,\nre-run with the desired port as a command-line argument.\n\n" loop do s=v.accept ip = Socket.unpack_sockaddr_in(s.getpeername)[1] request=s.gets if request != nil then request = request.split(' ') end begin if request == nil or request.length < 2 or request[0].upcase != "GET" then s.print "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n" s.close next end req_filename = URI.unescape(request[1].sub(/^\//,"")) print "A neighbor at #{ip} is requesting /#{req_filename}\n" if req_filename == "favicon.ico" then s.print "HTTP/1.1 404 Not Found\r\nContent-Length: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n" s.close next elsif indexes.has_key? req_filename then feelie = zip[indexes[req_filename]] c=mime_types[feelie[1][-4,4].downcase] d=feelie[2].pack('c*') n=feelie[0] elsif req_filename == "ajax/feelies.json" then c="application/json" d=JSON.generate(zip_index) n=d.length elsif req_filename.downcase.end_with? ".pdf" then c="application/pdf" d=File.open(__FILE__).read n=File.size(__FILE__) else c="text/html" d=html n=html.length end s.print "HTTP/1.1 200 OK\r\nContent-Type: #{c}\r\nContent-Length: #{n}\r\nConnection: close\r\n\r\n"+d s.close rescue Errno::EPIPE print "Connection from #{ip} closed; broken pipe\n" end end __END__ <html> <head> <title>PoC‖GTFO Issue 0x11</title> <link rel="icon" href="/favicon.png" type="image/png" /> <style type="text/css"> .tree, .tree ul { margin:0 0 0 1em; padding:0; list-style:none; color:#369; position:relative; } .tree ul {margin-left:.5em} .tree:before, .tree ul:before { content:""; display:block; width:0; position:absolute; top:0; bottom:0; left:0; border-left:1px solid; } .tree li { margin:0; padding:0 1.5em; line-height:2em; font-weight:bold; position:relative; } .tree li:before { content:""; display:block; width:10px; height:0; border-top:1px solid; margin-top:-1px; position:absolute; top:1em; left:0; } .tree li:last-child:before { background:white; height:auto; top:1em; bottom:0; } body{ background-color: #999999; } #main{ margin-left: auto; margin-right: auto; width: 80%; padding: 5mm; } .shadow { -moz-box-shadow: 3px 3px 4px #000; -webkit-box-shadow: 3px 3px 4px #000; box-shadow: 3px 3px 4px #000; /* For IE 8 */ -ms-filter: "progid:DXImageTransform.Microsoft.Shadow(Strength=4, Direction=135, Color='#000000')"; /* For IE 5.5 - 7 */ filter: progid:DXImageTransform.Microsoft.Shadow(Strength=4, Direction=135, Color='#000000'); } .page{ vertical-align: top; padding: 0.5in; background-color: #ffffff; text-align: justify; } h1{ text-align: center; font-size: 300%; line-height: 100%; } h2{ font-size: 125%; } h3 { font-variant: small-caps; text-transform: uppercase; text-align: center; padding-top: 5mm; font-size: 80%; } .subtitle{ text-align: center; font-variant: small-caps; text-transform: uppercase; } .subtitle small{ font-size: 60%; } #download{ font-size: 125%; text-align: center; } #download .link{ display: inline-block; border-style: outset; padding: 5px; } #legal{ border-style: solid none none none; font-size: 80%; } .contents{ width: 60%; left: 20%; position: relative; padding: 20px; } .contents th{ text-align: right; white-space: nowrap; } .contents .middle{ max-width: 10%; } .contents td{ text-align: left; white-space: nowrap; max-width: 45%; } </style> <script> function load(url, callback) { var xhr; if(typeof XMLHttpRequest !== 'undefined') { xhr = new XMLHttpRequest(); } else { var versions = ["MSXML2.XmlHttp.5.0", "MSXML2.XmlHttp.4.0", "MSXML2.XmlHttp.3.0", "MSXML2.XmlHttp.2.0", "Microsoft.XmlHttp"] for(var i = 0, len = versions.length; i < len; i++) { try { xhr = new ActiveXObject(versions[i]); break; } catch(e) {} } } xhr.onreadystatechange = ensureReadiness; function ensureReadiness() { if(xhr.readyState < 4) { return; } if(xhr.status !== 200) { return; } if(xhr.readyState === 4) { callback(xhr); } } xhr.open('GET', url, true); xhr.send(''); } function loadFeelies(files) { var feelies = document.getElementById("feelies"); feelies.style.display = "block"; var tree = document.getElementById("feeliestree"); for(var raw_filename in files) { var dirs = raw_filename.split('/'); var filename = dirs[dirs.length-1]; dirs = dirs.slice(0,-1); var parent = tree; for(var j=0; j<dirs.length; ++j) { var dirname = dirs[j]; var child = null; for(var k=0; k<parent.childNodes.length; ++k) { if(parent.childNodes[k].id === dirname + "tree") { child = parent.childNodes[k].childNodes[1]; break; } } if(child === null) { var li = document.createElement("li"); li.appendChild(document.createTextNode(dirname)); li.id = dirname + "tree"; child = document.createElement("ul"); li.appendChild(child); parent.appendChild(li); } parent = child; } var link = document.createElement("li"); var a = document.createElement("a"); a.href = "/" + raw_filename; a.appendChild(document.createTextNode(filename)); link.appendChild(a); if(files[raw_filename] !== "") { link.appendChild(document.createTextNode(" \u2014 " + files[raw_filename])); } parent.appendChild(link); } } </script> </head> <body> <div id="main" class="page shadow"> <h1>International Journal of PoC‖GTFO Issue 0x11</h1> <h2 class="subtitle"> <small>In a Fit of Stubborn Optimism,</small><br /> Pastor Manul Laphroaig<br /> <small>and His Clever Crew</small></br > Set Sail Toward<br /> <small>Welcoming Shores of</small><br /> The Great Unknown! </h2> <div id="download"> <span class="link"><a href="/pocorgtfo11.pdf">Click here</a> to download the PDF!</span> </div> <div style="clear: both"></div> <table class="contents"> <tr> <th>11.1</th><td>Please Stand and Be Seated</td> <td class="middle"></td> <th>11.6</th><td>Phrasebook for ARM Cortex M</td> </tr> <tr> <th>11.2</th><td>In Praise of Junk Hacking</td> <td class="middle"></td> <th>11.7</th><td>Ghetto CFI for x86</td> </tr> <tr> <th>11.3</th><td>Emulating Star Wars on a Vector Display</td> <td class="middle"></td> <th>11.8</th><td>Tourist’s Guide to the MSP430</td> </tr> <tr> <th>11.4</th><td>Tron in 512 Bytes</td> <td class="middle"></td> <th>11.9</th><td>This PDF is a Webserver</td> </tr> <tr> <th>11.5</th><td>Defeating the E7 Protection</td> <td class="middle"></td> <th>11.10</th><td>In Memoriam: Ben “bushing” Byer</td> </tr> ...
TirNaNog