Scratchpad – python notes

This page contains random notes and snippets of stuff learned during my python coding projects. It’s more or less a living page which will get modified over time. Consider it a random, completely unstructured scratchpad with stuff I think is interesting or worth noting down somewhere.

Notes

Shebang gets ignored when using python <pyfile> and included when running with ./<pyfile>

08:13 user@host >>> [~] $ cat version.py 
#!/usr/bin/env python3
import platform
print(platform.python_version())
08:13 user@host >>> [~] $ python version.py 
2.7.13
08:13 user@host >>> [~] $ ./version.py 
3.5.3

Vulnerable python code using shell=True in subprocess call

11:01 user@host >>> [pythondir] $ python #2.7
Python 2.7.13 (default, Sep 26 2018, 18:42:22)
[GCC 6.3.0 20170516] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import subprocess
>>> filename = 'file.txt; /bin/bash'
>>> subprocess.call(['cat ' + filename],shell=True)
11:01 user@host >>> [pythondir] $

Why is ifconfig output base64 decodable?

>>> import base64
>>> import subprocess
>>> ifconfig=subprocess.Popen("ifconfig", shell=True, stdout=subprocess.PIPE).stdout
>>> base64.b64decode(ifconfig.read())
b'\x96\x8d\x1f\x95\xa8,\xf3N=P\xf2\xce8\xf0@\x08\xa4T4\xd2\r\x18\xc5\x0bL\x80\x80I9\xad\xbb^\xb7\xf3\x8a)\xb6*\'\xb3]\xb4\xdd\x15\xc2IC\x13\\$\x9415\xd2L\x04\xd4I%\x93 \xc1\x12L\x03\x0f\x8aw\xad\xd7n\xf4\xd3Y\xde\xb6f\xac\x93L_\x7fM4\xd3M"\x9d\xebz\xd6\x9a\xde~,ez}v\xf2)\xde\xb7\xa7\xde\xf3Me\xa3Jky\xf8\xb1\x95\xe9\xfa\xe2\xc7(\xa5\xe8\x9d\xd3\x1dgw\xaa)\xb6*\'\xb3m5

Raw sample for doing a simple portscan with python

#!/usr/bin/env python
import socket
import sys

def scan(iprange,port):
    for i in range(255):
        address=iprange+"."+str(i)
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.settimeout(2)
        if not s.connect_ex((address,port)):
            print("alive: "+address)
        s.close()

ipr = raw_input("please provide ip range ")
port = int(raw_input("port please "))
scan(ipr,port)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.