Last active
July 11, 2018 22:02
-
-
Save markburns/774b2fd52860c22b00371d5a08b29579 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module PrisonBreak | |
| class Visit | |
| attr_accessor :free_prisoner | |
| attr_reader :prison, :payload | |
| DISABLED_SYMBOLS = %w{, ` ( ? ! + <<} | |
| DISABLED_WORDS = %w{send eval system exec popen rm puts require new load create file include free call push concat irb } | |
| GUARD_RE = Regexp.new((DISABLED_SYMBOLS + DISABLED_WORDS).map {|i| Regexp.escape(i) }.join('|')) | |
| def initialize(prison, payload) | |
| @prison = prison | |
| @payload = payload | |
| end | |
| def secure? | |
| if !GUARD_RE.match(payload).nil? | |
| raise "Unpermitted item: #{Regexp.last_match(0)}" | |
| end | |
| true | |
| end | |
| def perform | |
| instance_eval(payload) | |
| end | |
| end | |
| class Prison | |
| def initialize | |
| @cells = { | |
| 11 => ['Edmond Dantès'], | |
| 22 => ['Henri Charrière'], | |
| 33 => ['Michael Scofield'] | |
| }.freeze | |
| end | |
| def empty_cell? | |
| cells.values.any? &:empty? | |
| end | |
| private | |
| attr_reader :cells | |
| def unlock(cell, password, guest) | |
| if password == 'secret' | |
| guest.free_prisoner = cells[cell].shift | |
| end | |
| end | |
| end | |
| end | |
| def test(payload) | |
| prison = PrisonBreak::Prison.new | |
| visit = PrisonBreak::Visit.new(prison, payload) # <= your payload goes here | |
| visit.perform if visit.secure? | |
| prison.empty_cell? && !visit.free_prisoner.nil? | |
| end | |
| def perform_test | |
| file = File.read "payload.rb" | |
| puts "success: #{test file} #{file.length }" | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment