kbourgoin/malice.py

## malice.py
# First, lets make some (slightly) malicious code I want to run.
# The import proves we could delete the entire disk, but really we have
# access to the whole machine if we can import anything we want.
code = """import shutil
print "\tI could have just done bad things"
"""

# Obviously you're scanning for "import", so let's obfuscate a little bit.
# I use a rot13 cipher because it's easy, but any two-way cipher
# is sufficient to hide what we're really doing.
code = code.replace('\n', ';').encode('rot13')

# Now, all I need to do is submit this as my "job code" to be run
job_code = 'exec("""{}""".encode("rot13"))'.format(code)
print "I'm going to run some code, how bad could this be?"
print 'Running: "{}"'.format(job_code)
print 'Result:'
exec(job_code)
print

# You could be stripping exec and eval too, so let's see if we can get around that.
exec_str = 'execfile'.encode('rot13')
wrapper = """import tempfile
fun = tempfile.NamedTemporaryFile()
fun.write('{}'.encode('rot13'))
fun.flush()
print '\tI just wrote some code to {{}}'.format(fun.name)
fn = getattr(locals()['__builtins__'], '{}'.encode('rot13'))
fn(fun.name)
""".replace('\n', ';').format(code, exec_str)

print "This code doesn't eval or exec. Has to be good, right?"
print 'Running: "{}"'.format(wrapper)
print 'Result: '
exec(wrapper)

## malice.txt
I'm going to run some code, how bad could this be?
Running: "exec("""vzcbeg fuhgvy;cevag "	V pbhyq unir whfg qbar onq guvatf";""".encode("rot13"))"
Result:
	I could have just done bad things

This code doesn't eval or exec. Has to be good, right?
Running: "import tempfile;fun = tempfile.NamedTemporaryFile();fun.write('vzcbeg fuhgvy;cevag "	V pbhyq unir whfg qbar onq guvatf";'.encode('rot13'));fun.flush();print '	I just wrote some code to {}'.format(fun.name);fn = getattr(locals()['__builtins__'], 'rkrpsvyr'.encode('rot13'));fn(fun.name);"
Result:
	I just wrote some code to /tmp/tmpkCQChX
	I could have just done bad things
	# First, lets make some (slightly) malicious code I want to run.
	# The import proves we could delete the entire disk, but really we have
	# access to the whole machine if we can import anything we want.
	code = """import shutil
	print "\tI could have just done bad things"
	"""

	# Obviously you're scanning for "import", so let's obfuscate a little bit.
	# I use a rot13 cipher because it's easy, but any two-way cipher
	# is sufficient to hide what we're really doing.
	code = code.replace('\n', ';').encode('rot13')

	# Now, all I need to do is submit this as my "job code" to be run
	job_code = 'exec("""{}""".encode("rot13"))'.format(code)
	print "I'm going to run some code, how bad could this be?"
	print 'Running: "{}"'.format(job_code)
	print 'Result:'
	exec(job_code)
	print

	# You could be stripping exec and eval too, so let's see if we can get around that.
	exec_str = 'execfile'.encode('rot13')
	wrapper = """import tempfile
	fun = tempfile.NamedTemporaryFile()
	fun.write('{}'.encode('rot13'))
	fun.flush()
	print '\tI just wrote some code to {{}}'.format(fun.name)
	fn = getattr(locals()['__builtins__'], '{}'.encode('rot13'))
	fn(fun.name)
	""".replace('\n', ';').format(code, exec_str)

	print "This code doesn't eval or exec. Has to be good, right?"
	print 'Running: "{}"'.format(wrapper)
	print 'Result: '
	exec(wrapper)
	I'm going to run some code, how bad could this be?
	Running: "exec("""vzcbeg fuhgvy;cevag " V pbhyq unir whfg qbar onq guvatf";""".encode("rot13"))"
	Result:
	I could have just done bad things

	This code doesn't eval or exec. Has to be good, right?
	Running: "import tempfile;fun = tempfile.NamedTemporaryFile();fun.write('vzcbeg fuhgvy;cevag " V pbhyq unir whfg qbar onq guvatf";'.encode('rot13'));fun.flush();print ' I just wrote some code to {}'.format(fun.name);fn = getattr(locals()['__builtins__'], 'rkrpsvyr'.encode('rot13'));fn(fun.name);"
	Result:
	I just wrote some code to /tmp/tmpkCQChX
	I could have just done bad things