This post originated from an RSS feed registered with Ruby Buzz
by Red Handed.
Original Post: Handing Out IRB Like It's Sardines
Feed Title: RedHanded
Feed URL: http://redhanded.hobix.com/index.xml
Feed Description: sneaking Ruby through the system
I’m sort of obsessed with getting people into a Ruby prompt without any installation. The new sandbox_server kicks huge in that direction.
This won’t work so well with 1.8.4, so you’ll probably want the latest ruby_1_8 from CVS. It sorta works under 1.8.4 until you have multiple connections and the threads kick in.
Anyway, run the balloon. Then, in another window, you’ll telnet to localhost:5000. Each socket is given its own session. Just hit ENTER and you’ll be given a session id and your IRB session will start.
Connected to localhost.
Escape character is '^]'.
(Enter)
BwDG7bniEo5l44UumTig
>> ticket = [12, 47, 35]
=> [12, 47, 35]
>> ticket.object_id
=> 71618820
>> ^]
So, the session id is that 20-character string that gets spewed. Let’s open another session and be sure the ticket variable isn’t showing up in the other session.
Connected to localhost.
Escape character is '^]'.
(Enter)
1rf1EED07tJXi9kkmj80
>> ticket
=> nil
>> ticket.object_id
=> nil
The nil means an exception was thrown. I’m still trying to figure out how to actually catch exceptions which get thrown from the sandbox. You see, rescue won’t catch sandboxed exceptions because they don’t actually descend from Ruby’s normal classes. (However, the stack frames are intact.)
So, to log back into your session. Use LOGIN [SESSID] instead of just hitting ENTER.
Connected to localhost.
Escape character is '^]'.
LOGIN BwDG7bniEo5l44UumTig
BwDG7bniEo5l44UumTig
>> ticket
=> [12, 47, 35]
The best part is: since this is just a plain socket connection with a very braindead protocol, you can easily write scripts for the shell or wrap it in SSH or put up CGIs which interface with this.
Oh, cool: and you can have multiple peoples logged into the same session at once. Pass the dutchie.
Previous Topic
