Convert a Python2 script into a Python3 script:
2to3 -w example.py
Fix tab/space/identation problems:
autopep8 -i linuxprivchecker.py
If a library is installed, but cannot found
from smb.SMBConnection import SMBConnection
then try to search the file locally and include the path manually:
import sys
sys.path.append("path/to/your/file")
Oneliner for executing bash in a file:
echo 'import os;os.system("/bin/bash")' > /tmp/e.py
Execute something:
import os
os.system('ls -l')
__import__('os').popen('whoami').read();
os = globals()['os']
print(os.name)
Use python scripts under Windows
If an exploit is available in Python, but the target system doesn’t have a python installation, use in another Windows System/VM PyInstaller to create a EXE out of a Python script. Example
# pyinstaller --onefile windows-exploit-suggester.py
Or use https://pypi.org/project/auto-py-to-exe/
Note: In case of an error, try a newer release (pip install https://github.com/pyinstaller/pyinstaller/archive/develop.tar.gz)
Interpolation
"{name}".format(name="P")
"%s and %d" % ("string", 42)
f"User {user}" # variable user was defined before.
Jinja Template hijacking
Flask
Flask uses a secret key to sign cookies. If you have a secret key, you can use flask-unsign to decode a cookie you’ve got from the http response.

The second command from this screenshot changed the id. The new created cookie can be used for a HTTP request which then would impersionate the user with id 20093.
Leave a Reply
You must be logged in to post a comment.