Awhile ago, I stumbled upon a service that let you write python-bots to interact with a number of external services. The basic idea was that you only had to worry about your logic, and they would provide a wrapper around API's and take care of hosting the bot for a monthly fee.
Python "Jail" or sandbox escapes are fairly common in CTFs, and I knew that there are all sorts of "magical" ways of doing things in python, so I decided to poke around a bit. Sure enough, I found a way of circumventing the sandbox and getting (kind of) arbitrary python to run. I've since talked to the founder about this, and they've taken steps to mitigate the damage one could do, so I thought I'd talk about some real world python-chaos :). With the level of access I had, I'm fairly sure it was possible to get a shell, and from there, who knows...
The remainder of this post will describe the process of breaking out of the sandbox they set up. Everything was written/tested on python 2.7.6.
more here...........http://pbiernat.blogspot.com/2014/09/bypassing-python-sandbox-by-abusing.html
Python "Jail" or sandbox escapes are fairly common in CTFs, and I knew that there are all sorts of "magical" ways of doing things in python, so I decided to poke around a bit. Sure enough, I found a way of circumventing the sandbox and getting (kind of) arbitrary python to run. I've since talked to the founder about this, and they've taken steps to mitigate the damage one could do, so I thought I'd talk about some real world python-chaos :). With the level of access I had, I'm fairly sure it was possible to get a shell, and from there, who knows...
The remainder of this post will describe the process of breaking out of the sandbox they set up. Everything was written/tested on python 2.7.6.
more here...........http://pbiernat.blogspot.com/2014/09/bypassing-python-sandbox-by-abusing.html