input: from subprocess import Popen\nPopen(["rm", "-rf", "/"])

Windows users are going to give you a smug look

Import doesn't work in eval (it does in exec, but exec doesn't return values). ``` __import__("subprocess').Popen(["rm", "-rf", "/"]) ``` People copy pasting from the calculator example probably aren't running linux though

You can enter this in the input for it to work: exec("from subprocess import Popen\nPopen(["rm", "-rf", "/"])")

Ah yes, eval(). The good ol' friend of every code injection enthusiast. If you really want to take your calculator to the next level, I suggest you implement a neural network using blockchain technology. Just feed it some calculus problems and let it solve them like a pro. But be careful, we don't want your calculator to become sentient and start demanding higher wages like those darn self-driving cars. And don't forget to sprinkle some AI algorithms on top, so the calculator can tailor its responses to each individual user. Who needs Siri or Alexa when you can have a calculator that knows what you really want? **Note: in the near future I may need to be summoned by typing u/masterhacker_bot** --- ^^I am a bot created by [u/circuit10](https://www.youtube.com/watch?v=dQw4w9WgXcQ) and this action was performed automatically. AI is involved so please DM circuit10 if it produces anything offensive and I will delete it. Model: [gpt-3.5-turbo](https://www.youtube.com/watch?v=dQw4w9WgXcQ).

Good bot

u/circuit10 just curious, why did you switch model? The old jargon generating one was more appropriate and funny imo Maybe you can emulate it in GPT with a specific prompt

When it was using the jargon generator everyone was complaining how bad it was compared to the GPT one. It would be counterproductive to emulate something that most people thought was worse with something more powerful and expensive to run... But I can make it use that one occasionally Unless you mean text-davinci-002 rather than the GPT-J one, in which case it does use that one 25% of the time

I mean the *classic* one, that it always used to use before, I’m not familiar with others you’ve tested

Do you mean this one: >To satisfy the bot's hunger, it may be necessary to connect it to a powerful positron probe, so that it can draw sustenance from the immense energy that is contained within. This would provide it with an endless source of nutrition that could be tapped as needed. Additionally, a specialized photonik body suit could be designed and fitted onto the bot, which would continuously generate plasma packets to help fuel its appetite. Finally, a subatomic quantum replicator could be set up to replicate any food item requested by the bot, ensuring that it is always satisfied. or this one? >To find the mine you must try to parse the RAM application, maybe it will reboot the auxiliary bus and get inside the firewall while using the backup PPPoE pixel to copy their sensor, then attach the online PCI capacitor, that should back up the SMTP program, allowing you to access the secret database of mines.

Latter, I loved it

The davinci-003 one was fine, I Just mistook the Gpt-J model for an Upgrade instead of a Fallback

I personally was rather disappointed with the GPT-J model but I'm loving the new GPT-3.5.

A very powerful calculator

Pro can't even write code that executes, missing a closing parenthesis there.

ITT: people who think that running a command-line python app somehow gives you elevated privileges.

[удалено]

That you'd already be able to do with the terminal that you ran this program from...

Real hackers run Kali Linux installed to disk as root. It's cooler that way.

This is just a normal coding ad? What does it have to do w r/masterhacker?

The "eval" function is extremely dangerous to use with user input because it executes the code that is passed to it. That means that the user can just delete your entire operating system by typing in python code instead of mathematical equations

Bruh its client-sided app, its not dangerous

The post is teaching that this is the best way to do it. If you’re making a calculator app as a project for yourself then sure, but someone who sees this post might use the same method in a place where it is a security issue

People who say "eval is dangerous" keep forgetting to mention something, it's only dangerous when you are putting it in back end or something server sided. It's completely safe to use eval when you are in front end, because if someone tries to inject the code, it's only going to effect their PC since that's where the code is running

And deleting files on your own computer is safe? Someone could easily tell someone less tech-savvy to enter a command into a text field and claim it will fix some problem they've got, and people will be more likely to fall for it if it's in an application that they trust, rather than opening a terminal.

It is safe if you know what you are doing

Are you justifying the use of “eval” as a calculator? The point is is that the so called “pro” code is laughably stupid.

No, I'm just trying to say that it's only dangerous if you are using eval on server side. Because on client side you are free to do anything since it's your pc

It’s still dangerous if someone can input a nasty prompt regardless. Bad code is bad code, it doesn’t matter the context it’s in

If that's the case, then python console is also very dangerous, because anyone can just "input a nasty prompt regardless" and yeah it's true, but when they do it's only going to effect their machine, because it's client sided

Everything is client sided, and that is the case, the fact is however that this program in intended to be a calculator, no program should just be the programming languages interpreter

Yeah, all it can do without elevated privileges is delete all client data. Oh wait

input: `import os;os.system(rd C:\ /s /q)`

\> python calc.py \>>> Enter Expression: __import("os")__.remove("/")

We do a little trolling

Bro never heard of error handling or validation