rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - NaitLee

Pages: 1 2
1
其实这样的例子应该有很多了。但是让我碰见一个:http://193.42.26.37:85/

这货貌似盗了我一个朋友的 Skype 账号,给我发了个“协助商户流程.chm”。这是编译的 HTML 帮助文档,Windows 默认用嵌入的 IE 打开。

我把它拆开,草草解密了一下里面的 JavaScript,是调用 ActiveX 对象来下载上面网站的 Host.exe 病毒程序——毕竟 ActiveX 正是 IE 的不安全所在。

所以,保持警惕!不要乱打开文件!



后记:

1、这货居然用的不是我的 HFS 翻译版本?有点小生气耶…… 🙃
2、我只是个高三党,哪里来的商户?🤪
3、所以话说 HFS “降低了犯罪成本”?真荒唐……呵呵……
4、那个 CHM 文件我给附在下面,你们可以深入地研究研究……解压密码:"virus?" (不包含引号)
    ( I attached that CHM virus file below, have a hack with that ;) unzip password: "virus?" (quote signs not included) )

2
中文 - Chinese / 国内 code.jquery.com jQuery CDN 问题
« on: December 03, 2020, 04:49:38 AM »
包括此论坛的许多网站都在使用 code.jquery.com 作为其获取 jQuery 脚本的 CDN。
但是在我这里试图访问 code.jquery.com 的话对面会关闭连接——而且是在很长时间后。
这导致了我访问这个论坛的时候,如果不全局禁用脚本,加载会卡在这个 jQuery 上,特别慢。
而且就算我不禁用脚本,也不能使用大多数脚本功能,比如登录。

大家有没有这样的情况呢?有解决方法的话会更好 ;)

3
I made a new i18n tool with pure JavaScript: https://github.com/NaitLee/i18-N.js-Lite

You can use this to localize your webpage or template easily.
Just define some languages in your page and include the script. See the example at readme.md.
Even a single page of .html is fine. You can copy-paste all the script into a <script> tag.

Any requests please report :D

4
I think there will always be someone interested in this, so I post this here. :D

I've found the answer here.
When HFS is running with Wine for Linux, it's exactly someway to execute outside GNU/Linux packages:
Code: [Select]
{.exec|cmd /c start /unix /usr/bin/gedit|out=x.}
{.^x.}
This will run gedit.

More usefully:
Code: [Select]
{.exec|cmd /c start /unix /usr/bin/libreoffice --convert-to html --outdir "/home/user/converted_document" "/home/user/document/file.docx"|out=x.}
{.^x.}
This will convert "file.docx" to "file.html" with LibreOffice, so the file can be previewed within a browser.

But seems in this way we cannot execute bash based things (like /bin/sh), with a debug message:
Code: [Select]
0045:fixme:exec:SHELL_execute flags ignored: 0x00000100We may report this to Wine developers? :)

5
There comes another working-in-progress template: the Together template. ;)

It's aim is to create a cooperative environment for text-editing work, both rich text document and code.

It currently have basic editing function for rich text and code, but cannot save & "together" yet.
Please wait, patiently :D

Still only a snap shot is available...

Plan & Progress:
(O) Basic loading function (No macro execution while loading)
(O) Basic editing function
(...) The ability to save files
(...) Better UI
(...) Be "together", cooperatively
(...) Advanced editing function (auto-complete, format clone etc.)

6
How about introducing a document converter (to html) to your template & server?
This can be quite useful if user wants to share documents (like .docx .odt formatted) with HFS.

There are all the codes for such a feature. Besides, you need to install LibreOffice to your server OS.
Code: [Select]
[+special:strings]
EnableDocConvert=1

[ajax.convertdoctohtml|public]
[ajax.convertdoctohtml|public]
{.set|LibreOfficePath|C:\Program Files\LibreOffice\program\soffice.exe.}
{.break|if={.not|{.!EnableDocConvert.}.}|reason=Doc Convert not enabled.}
{.break|if={.not|{.exists|{.^LibreOfficePath.}.}.}|reason=No LibreOffice installed.}

{.set|file|{.urlvar|file.}.}
{.set|target|{.vfs to disk|{.urlvar|path.}.}.}
{.set|folder|{.^target.}\{.^file.}.html.}

{.mkdir|{.^folder.}.}
{.save|{.^folder.}\index.html|{.replace|@@filename@@|{.^file.}|{.no pipe|{.$docview.html.}.}.}.}

{.set|cmd|"{.^LibreOfficePath.}" --convert-to html --outdir "{.^folder.}" --convert-images-to "gif" "{.^target.}\{.^file.}".}
{.^cmd.}
{.exec|{.^cmd.}|out=x.}
{.^x.}
OK

[docview.html]
<!DOCTYPE html>
<html>
<head>
{.$commonhead.}
<title>@@filename@@</title>
<script>
function getdoc () {
var xhr = new XMLHttpRequest();
var docfile = './'+'@@filename@@'.replace(/\..*$/, '')+'.html';
xhr.open('HEAD', docfile);
xhr.onload = function() {
if (xhr.status == '404') { // Conversion not completed yet
setTimeout(function() { getdoc(); }, 1000);
} else if (xhr.status == '200') { // Done, go
window.location.replace(docfile);
}
}
xhr.send();
}
getdoc();
</script>
</head>
<body>
{.$commonbody.upper.}
<h1 style="text-align: center;">{.!Converting document, please wait....}</h1>
{.$commonbody.lower.}
</body>
</html>

[+]
<script>
var converttohtml = function (file, path) {
notice('{.!Converting.} '+file+' {.!to .html format..} {.!Please wait.}', '{.!Conversion Started.}');
var xhr = new XMLHttpRequest();
xhr.open('POST', '/~ajax.convertdoctohtml?file='+file+'&path='+path);
xhr.onload = function() {
var response = xhr.responseText.trim();
if (response.substring('Doc Convert not enabled') >= -1) {
popup('{.!Conversion failed..}<br />{.!Doc Convert not enabled.}', '?alert');
} else if (response.substring('No LibreOffice installed') >= -1) {
popup('{.!Conversion failed..}<br />{.!Server has no LibreOffice installed..}', '?alert');
} else {
// popup('{.!Conversion started.}<br />{.!You may wait for a while to see specified .html file..}', '?alert');
setTimeout(function() {
previewfile('?open', path+file+'.html');
}, 1000);
}
}
xhr.send();
}

// Then use converttohtml('file.docx', '/my shared files/folder/'); to convert your file.
// There will be a folder named "file.docx.html" created, it contains an index.html for auto-refreshing and the converted file.html.
</script>

These codes presents in new preview version of Takeback,
 you may test it. Don't forget to enable that feature by editing it first.
Some code parts above contains APIs in Takeback. Change them to yours as well.

After all, just have fun!  ;)

Edit: Updated the code to avoid filename being parsed as response code.

7
HTML & templates / I've updated the Template Gallery in wiki!
« on: September 25, 2020, 10:45:54 AM »
I've slightly updated the Template Gallery in wiki,
as this can provide an overview for new-comers to select their flavored templates. ;)

Link: http://rejetto.com/wiki/index.php?title=Gallery

8
There comes a new template working in progress: the NanoLight template.

Its goal is to act like a terminal, build a bridge between administrators and the server, and also convinient file sharing.

But you may wait for a long time, as I really have few time to work on this.

Features:
  • It's a powerful console! With highlighting! (powered by Microlight.js)
  • Its HTML part is lightweight. Though it has heavy JavaScript, it will be cached.
  • It may inherit some useful parts of Takeback.

See snapshot for a day dream? :D


Plan & Progress:
(O) Basic usability
(O) Basic commands (ls/dir, help, cd, clear/cls etc.)
(O) Basic design, "theme" command
(O) Basic I/O system
(O) Basic command parse (quotes, switches, arguments etc.)
(...) Client-Server communication, server-side command execution
(...) Advanced "cd" command (No refresh)
(...) Advanced command parse (pipe, variables etc.)

9
HTML & templates / Want some ideas?
« on: September 05, 2020, 03:18:48 PM »
School life stuck me down. I cannot continue my work these days, but I'd like to put some of my ideas about a template.
Feel free to take them to reality :D:
  • A template that turns browser to a terminal, turning yourself to a hacker! (I'm planning on this!)
  • A template that acts like a mini-game, play games to get a file!
  • A template that can open a document and let several users (clients) edit it cooperatively.
  • A re-present of RAWR-Templates to modern HTML5, as many ones want them.
  • ...
Additionally, if you are just a guest without the ability of making templates, you can also put your ideas here. :)

Wish more people could join this community, make HFS better. ;)

10
Have you ever heard about a "dual-core browser"? Templates of HFS may be shown with a broken interface in them.

They have two browser cores for users to switch: Webkit (Chrome, new) and Trident (Internet Explorer, old).
Can be seen mostly in China. For example, 360 Safe browser, 2345 Browser, QQ Browser, Sogou Hi-speed browser, UC Browser, etc.

In this way some old websites will be displayed correctly. Eg. Mini-game (Flash) sites, old-fashioned bank sites or other sites that use ActiveX.
But most of these browsers make Trident (IE) their default core, caused many problems.
Especially sites hosted for personal sharing use, have no records in these browsers, being displayed with IE core, and broken.
More severe in OS with older IE version (as Windows 7 and lower).

To solve such problems, we need to add some meta tags in HTML head:

Code: [Select]
<!doctype html>
<html>

<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
    <!-- Below 3 metas makes so-called dual-core browsers (360 Safe Browser, etc.)
        use Webkit to render the page by default -->
<meta name="renderer" content="webkit" />
<meta http-equiv="X-UA-Compatible" content="ie=edge,chrome=1" />
<meta name="force-rendering" content="webkit" />
<title>{.!TitleText.}</title>
<!-- ... -->
</head>

<body>
<!-- ... -->
</body>

</html>

By testing in a virtual machine, (I don't want to pollute my computer)
    this seems only works in a few amount of these browsers.
Except using old-old coding standard, anyway to solve these tough problems? ???



P.S. I just suffered enough from these browsers, as well as other old-fashioned computer-related anti-humanity things existing around me.

11
HTML & templates / no jquery
« on: June 25, 2020, 11:13:32 AM »
(Going to make multi-file select to Takeback. Almost done.)
A question: in a folder, after getting (only) selected filenames, how to archive them without jQuery?

12
Programmers corner / Encrypt password between client and server
« on: June 14, 2020, 07:35:55 AM »
Currently when we change our password, the password sent to client is not encrypted.
When we login, the password is dealt with sha256. But if hacker hijacked the result, he can still do things with correct ajax method.

So beside https, how to get the best effect of encryption between client and server?
I think, The message sent between client and server should be hard to deal.
And we should find a way, to send password/encryption-related message without/cannot fully seen by hacker.

Scripting command: Data manipulation maybe useful as there are some mathematical things.
Additionally, {.get account||password.} can get original password, {.sha256|A.} can make it undiscoverable, {.time|yyyymmddhhMMss.} can get a timestamp...

Anyone can share a bit suggestions? :)

13
Programmers corner / May HFS.exe be built in ARM architecture?
« on: June 05, 2020, 07:17:09 AM »
I see the Delphi introduction page says applications built with it can be cross-platform.
So there are some childish questions:

  Can HFS be built cross-platformed to GNU/Linux or Android?
  Or lesser, can HFS be built in ARM architecture in exe to run in Wine/Android?

It will be good for everyone if it's able to run HFS on an almost-never-shutdown device like Raspberry/Orange Pi or Android Phone :)

14
I made a stuff which can make a HFS template and its addons to just one file,
thus it will be never confusing for users that cannot deal with many files.

Especially useful for dj's mobi-light and its addons. Use them with just several clicks.
Can be used to connect other files too.

See the attachment below.

There are several files in the zip file, extract them somewhere you want.
Put the main templates the same folder as this tool.
There must be a folder called "addons" to keep this tool run normally. Put your addons inside.
It's beta. Please report bugs and suggestions.

Update: this tool can work normally now

This thing is just a shell to rejetto's FileBuilder.
Addon shell powered by Visual Basic 6.0 & Windows Batch (command line).
Source code of this stuff is available. Seems messy this time...


15
Beta / 2.4 beta unicode problem
« on: June 01, 2020, 10:49:05 AM »
I had already tested with various browsers before, but all of them have problems...

Your uploads were fine, I see the file 哲学.ppt is already fine also in my browser now...

But the file 生活处处有哲学.ppt, which is the original filename for the problem test, goes bad. Also try that please?
Sorry for offering a filename with no problem...

A discovery:
 Multi-byte ansi characters have something interesting --
 These chars almost goes with 2 bytes in ansi,
 but in utf-8, they are expressed in 3 bytes.
 So, I found that: if the numbers of utf chars are odd, the upload fails with orphan non-print byte. If it's even, it succeeds.

Pages: 1 2