Python notes / scratchpad

This page contains random notes and snippets of stuff learned during my python coding projects. It’s more or less a living page which will get modified over time. Consider it a random, completely unstructured scratchpad with stuff I think is interesting or worth noting down somewhere.

Notes

Shebang gets ignored when using python <pyfile> and included when running with ./<pyfile>

08:13 user@host >>> [~] $ cat version.py 
#!/usr/bin/env python3
import platform
print(platform.python_version())
08:13 user@host >>> [~] $ python version.py 
2.7.13
08:13 user@host >>> [~] $ ./version.py 
3.5.3

Vulnerable python code using shell=True in subprocess call

11:01 user@host >>> [pythondir] $ python #2.7
Python 2.7.13 (default, Sep 26 2018, 18:42:22)
[GCC 6.3.0 20170516] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import subprocess
>>> filename = 'file.txt; /bin/bash'
>>> subprocess.call(['cat ' + filename],shell=True)
11:01 user@host >>> [pythondir] $

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.