Nowadays, an extremely incredible defenselessness is being found in sites as well as in certain applications. a considerable lot of the Black Hat Hackers are utilizing this powerlessness to misuse web servers. numerous organizations lose their cash as a result of this defenselessness. Right now, will think about the employments of python to get an opposite shell or Command Execution. It very well may be done remotely or locally. relies upon the circumstance, you are in.
Essentially, Command execution is the point at which a site or an application consider a capacity that runs a framework order however you deliberately abuse it. in this way, we can say that order execution happen because of the mix-ups of a developer. here, we will discuss some python modules and its capacity which permits us to execute an order :
As should be obvious, os is a module and framework is its capacity. Right now, we have called framework work. essentially, framework work is utilized for executing the framework orders. it implies that in the event that you are running the python on Windows, it is must that you run the Windows orders and on the off chance that you are utilizing Linux, it is must to run the Linux order. For instance, I am utilizing my Kali Linux machine obviously. what’s more, we will type an order here. or on the other hand you can call it content:
python -c 'import os; print(os.system("whoami"))'
As you can see the output, it is saying “root”. if you have a question that why have I used python script as a command. so, whenever you use a python script as a command using the, there are some conditions that you have to change. like, a new line with a semicolon(;) and you will always have to use
-c key to telling the python that upcoming string is a script.
suppose if someone writes this code for his website. and he uses the input for the system argument. like,
system(input("please type your command")). it will cause command execution.
2. subprocess.Popen and subprocess.run
In python, we have a module called subprocess. The
subprocess the module allows you to spawn new processes, connect to their input/output/error pipes, and obtain their return codes. This module intends to replace several older modules and functions. well, for command execution, we are going to use its Popen and run function.
Note- the run function won’t work in the python2.
Look at these commands:
python -c 'import subprocess;subprocess.Popen(["ls", "-al"])'
python3 -c 'import subprocess;subprocess.run(["ls", "-al"])'
Remember one thing that the popen function and run function always take a list in the tuple to run the command. you can try to run these in your terminal. and you can see how this is working. it is a module for advance level python programmers. what a programmer use it in his website and if he mistakenly allows input to add in the list. it would cause and command injection or execution flaw in the website.
The Popen function can also work with os. For example, you write a program to tell you the current date:
python3 -c 'import os;a = os.popen("date");print(a.read())'
Thu 09 Apr 2020 01:27:05 AM PKT
Here, we have assigned a as variable and we have read it. and then if we print it, we will get the same output as shown above.
And I promise you that in the next article, we will try to get a shell with this techniqe(command execution).
Stay home, stay safe and keep reading our articles.