Escaping the Python Sandbox - Digital Whisper

??-7h3r3 15 n0 5p00n-??

??Escaping the Python Sandbox??

???? ???? ????

???????

??? ??? ????? ???? ???? ????? :???????? ?????? )? CTF (Capture The Flag????????? .??????? ???????

?????? ????? ??? ?????? ??????? ?? ???????.??

?????? ?? ??? ???? ?? ?????? ?? 3-???????? ????? (? CSAW CTF 2014 ,BsidesSF CTF 2017???-??

?? ,) Xiomara CTF 2017???? ????? ??? ??????? ?? ?????? ????? ?? ????? ????? ????? ????? ?? ??-??

?? Interpreter???( Sandboxed Interpreter-?????? ? Python Shell???? ????? ???? ????????? ????????

?????? ???? ????? ??? ????)? .???? ??????? ???? ????? ????? ?????? ?? Flask-??????? ?In The??

??.Wild??

????? ????? ??? ??????? ???? ????? ????? ?? ?????? ???????? ??? ?? ??????? ,??? ?? ????? ???

??? Writeups-????????? ? -?????? ??? ???? ???? ?????.??

??Xiomara CTF 2017 - Secure Pyshell??

??????? ??? ????? ?????? ?????? ??????????? ?????? ?? ??????? .????? ????? ???? ????? ???

????? ??? ???? ????? ?? Shell-????????? .??? ???? ????? ?????? ?? ??????:??

?????????? ?? ? nc??? IP-???? Port-????????? ,??????? ?? ?? Banner-?????:??

???? ?? ??? ???? ??????....??

?????? ?? ?? API-??? ?????? ????? ?? ???? ???????? ????? ?????? ???????:??

?????? ?????? ?????? ??? ????? ????? (??????!)?:??

?????? ?? ????? ?? ?????? ,?????? ???? ????? ?????...??

??? ????? ?????? ????? ????? ??? ?? ?????? ????? ????? ???? ??? ?????...??

?????? ??? ????? ,?????? ?? ?????? ?????? ??? '? '.??? ??? ????? ???? ????? ?? ?????? ?? ??????

????????? ???? ?? ???? ?????? ??????? ,????? ????? ??? ??? ? ,getattr????? ????? ?????? ??:??

?))(?print(open(__file__).read??

??Escaping the Python Sandbox??

??DigitalWhisper.co.il??

?????? ? ,90?????? ?2018??

??2??

?????? ????? ??:??

?))()��?print(getattr(open(__file__), ��read??

?????????:??

?????? ?????? ????? ????? ?????? ,???? ??? ???? ?? ????? ????? ????? ?????? ???????

?????? ??? ??? ???? ????? ???? ? import os??????? ????????...??

??? ???? ?????? ?????? ?????? ?????? ?????:??

?))()��?print(getattr(os, ��listdir??

?????????:??

?????? ??????? ?????? ?????? ?????? ????? ????? ?????? ?????? ,???? ???? ???? ????? ????? ????

??????? ????????

?????? ?? ????? ???? ????? ??? ????? ?????? ,?????? ?????? ?????? ??????? ?????? ?? ????

?????? (? )\x2e????? ????? ???????? ????? ?? ??????.??

??Escaping the Python Sandbox??

??DigitalWhisper.co.il??

?????? ? ,90?????? ?2018??

??3??

CSAW CTF 2014 - pybabbies

???? ????? ?????? ????? ???? ?????? ?????? ??? ?????? ??? ????? ????? ?? ????? ??????

:??????? ?? ??? ????? ?? ????????

#!/usr/bin/env python

from __future__ import print_function

print("Welcome to my Python sandbox! Enter commands below!")

banned = [

"import",

"exec",

"eval",

"pickle",

"os",

"subprocess",

"kevin sucks",

"input",

"banned",

"cry sum more",

"sys"

]

targets = __builtins__.__dict__.keys()

targets.remove('raw_input')

targets.remove('print')

for x in targets:

del __builtins__.__dict__[x]

while 1:

print(">>>", end=' ')

data = raw_input()

for no in banned:

if no.lower() in data.lower():

print("No bueno")

break

else: # this means nobreak

exec data

Escaping the Python Sandbox

DigitalWhisper.co.il

4

2018 ? ??????,90 ???????

??? ??? ???? ????? ?????? ????? ??????????? ????????? ??? ?pickle, import, eval, exec, input, os, sys??

????? ?? ????????? ,??? ???? ???? ????? ???????? .???? ????? ????? ????? ????? ??? ?? ?? ??Buildins-??

???? ?? Print-??? ,raw_input-???? ?? ?? ??? ????? ???????.??

??? ??? ?????? ???? ???? ??? ???? ???? ????? ?????? ???????? ?? ?????( ...????? )(? str??? ??????

???? "" ???? ?????? ...???? ???? ???? ?????)?:??

??? ?????? ????? ???? ????? ,?????? ???? ?????? ?????? ????? ?????? ??????? ??? ??????

?????????? ???? (?? ??? ?????? ?????? ?????)?.??

????? ???????? ????? ?? Object Oriented-??? ??? ????? ????? ???? ????? ??? ???? ????? ??????

?????? ,????? ????? ????? ????? ?????? ??? ????? ????? ????? (? ,)object???? ??? ?????? ??? ????

????? ??????...??

????? ???? ??? ??? ????? ?? ??? ?????? ? ,object????? ?? class-??? ?????? ??? ???? ?? ??mro-??

?(? ) Method Resolution Order?????? ?? ???? ??????? ??? ??? ??????? ,??? ????? ??????? (???????

??????) ???? ?.object??

???? ??? ?????? ????? ?? ????? ?????? ????? ????? .?????? ??????? ?????? ???? ?? ?? sub classes-?????:??

??? ???? ?????? ??? ????? ????? ??? ?????? ...???? ????? ??? ?? ????? ????? ??? ????? ???? ?????

?????? ??? ???? ????? ??? ???? ???? ?? ?????? ??????? ????? ??? ??? ?????? ?????? ???

?? ,warning.WarningMessage???? ???? ?? ????????:??

??Escaping the Python Sandbox??

??DigitalWhisper.co.il??

?????? ? ,90?????? ?2018??

??5??

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download