绕过 pwn.college 禁用的 Python User Site
pwn_college
今天有个想法是把之前在每个解题脚本文件里面写的相似的函数全部统一到库文件中。这就需要让脚本文件去引用包,那么包就必须得在 PYTHONPATH 里面。
我的想法是非侵入式,把文件放在某个目录就可以直接获取,就像 site_package 一样,不需要在解题脚本里显示修改 sys.path。
我知道标准库里有个 site 包 能够管理 sys.path。其中的 site.ENABLE_USER_SITE 控制是否把 user site 路径包含进 PYTHONPATH,正常输出应该是 true
$ /nix/store/cdaifv92znxy5ai4sawricjl0p5b9sgf-python3-3.13.11/bin/python3.13 -m site
sys.path = [
'/tmp',
'/nix/store/cdaifv92znxy5ai4sawricjl0p5b9sgf-python3-3.13.11/lib/python313.zip',
'/nix/store/cdaifv92znxy5ai4sawricjl0p5b9sgf-python3-3.13.11/lib/python3.13',
'/nix/store/cdaifv92znxy5ai4sawricjl0p5b9sgf-python3-3.13.11/lib/python3.13/lib-dynload',
'/home/hacker/.local/lib/python3.13/site-packages',
'/nix/store/cdaifv92znxy5ai4sawricjl0p5b9sgf-python3-3.13.11/lib/python3.13/site-packages',
]
USER_BASE: '/home/hacker/.local' (exists)
USER_SITE: '/home/hacker/.local/lib/python3.13/site-packages' (exists)
ENABLE_USER_SITE: True可实际用 PATH 中不带完整路径的 python 来运行的话,它的输出就会是 false
$ ls -al $(which python)
lrwxrwxrwx 1 root root 74 Jan 1 1970 /run/dojo/bin/python -> /nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/bin/python
$ python -m site
sys.path = [
'/tmp',
'/nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/lib/python313.zip',
'/nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/lib/python3.13',
'/nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/lib/python3.13/lib-dynload',
'/nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/lib/python3.13/site-packages',
]
USER_BASE: '/home/hacker/.local' (exists)
USER_SITE: '/home/hacker/.local/lib/python3.13/site-packages' (exists)
ENABLE_USER_SITE: False究其原因是 dojo 下面的 Python 实际上是一个 nix 的 binary wrapper,直接打印可以看到有这么一段,可见是这个 wrapper 它硬编码了环境变量,也就没有办法绕过。
# ------------------------------------------------------------------------------------
# The C-code for this binary wrapper has been generated using the following command:
makeCWrapper '/nix/store/cdaifv92znxy5ai4sawricjl0p5b9sgf-python3-3.13.11/bin/python3.13' \
--inherit-argv0 \
--set 'PYTHONNOUSERSITE' 'true'
# (Use `nix-shell -p makeBinaryWrapper` to get access to makeCWrapper in your shell)
# ------------------------------------------------------------------------------------那么最终可行的办法就是手动添加这个 PYTHONPATH 环境变量
$ PYTHONPATH="$(python -m site --user-site):$PYTHONPATH" python -m site
sys.path = [
'/tmp',
'/home/hacker/.local/lib/python3.13/site-packages',
'/nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/lib/python313.zip',
'/nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/lib/python3.13',
'/nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/lib/python3.13/lib-dynload',
'/nix/store/8rkdh1mj5w4ysz03j9n5xcdamcwrdwjd-python3-3.13.11-env/lib/python3.13/site-packages',
]
USER_BASE: '/home/hacker/.local' (exists)
USER_SITE: '/home/hacker/.local/lib/python3.13/site-packages' (exists)
ENABLE_USER_SITE: False极限竞速地平线 6 网络连接不好时会闪退
近期体验很糟糕,进入游戏会提示网络连接存在问题(从流量出口来看 gameservices.fh6.forzamotorsport.net 能正常访问),然后基本上 2 分钟后就无任何提示地闪退,即便是切换到单人模式。
后面发现个规律,睡眠过的系统才会这样,重启能治。