-2

I'm trying to convert to get a command executed which is passed to the print statement. Eg:

print "exec(raw_input())"

Can I get to run the exec() in some way?

securecoding
  • 2,763
  • 2
  • 15
  • 14
  • 1
    Notice that nearly every answer here is answering a different question? That means your question is not clear *at all*. – SethMMorton Sep 24 '13 at 02:14
  • 2
    Also, if you are doing secure coding as your username suggests, the line `exec(raw_input())` is probably the least secure thing you can write in python. – SethMMorton Sep 24 '13 at 02:14

6 Answers6

1

do this

command = raw_input("Command: ")
exec(command)

why are you trying to print it? be more clear if this isnt what you are looking for

Serial
  • 7,925
  • 13
  • 52
  • 71
  • I'm trying to get an exploit to run in a single or two lines of code. I want to get the command to execute with just print statements. Is it possible to do that? – securecoding Sep 24 '13 at 00:59
  • well since you cant print an exec() call i dont know if its possible – Serial Sep 24 '13 at 01:03
1

I Guess this is what you are looking for ?

>>> exec("x = raw_input()")
23
>>> x
'23'
>>>
Siva Cn
  • 929
  • 4
  • 10
0

Are you asking for something simple like

aString = "raw_input()"
print "exec(" + aString + ")"
exec(aString)
Paul Becotte
  • 9,767
  • 3
  • 34
  • 42
0
from __future__ import print_function
def foo(x):
    exec x
print = foo
print("exec(raw_input())")

Running

% test.py
kaboom

results in:

NameError: name 'kaboom' is not defined
unutbu
  • 842,883
  • 184
  • 1,785
  • 1,677
0

From the tags you applied, it seems like you're looking for a magic string that will allow you to run any arbitrary code when Python passes that string to the print statement.

There are no such known strings. You might try very long strings, just over the obvious boundaries, looking for the traditional stack- and heap-overflow cases, but if you find one in Python X.Y.Z, chances are it was already fixed in X.Y.Z+1.

If the Python script is actually doing an exec or eval on your string, of course that's easy to exploit; if it's just doing a print, the contents never even get compiled, much less run; they're just a plain old string. The fact that the string happens to have dangerous-looking things like exec in it is irrelevant; it's not more exploitable than getting Python to print the string "rm -rf /".

Of course if you can arrange for the output of one Python interpreter to feed in as the input to an interactive session in another interpreter, then whatever you get the first interpreter to print will get executed in the second one… but in that case, you don't need the exec in the middle of the string anyway.

abarnert
  • 354,177
  • 51
  • 601
  • 671
0

The print statement writes to sys.stdout by default, and sys.stdout is like a file. You can make a class that looks like a file, with a write method, which would be called by the print statement. I put together a script which demonstrates this, print_exec.py. Also note, this doesn't work if the code in the print statement contains print, itself. i.e., print "print 'foo'" won't work. So, in the example, I had to print to sys.stderr to actually see something happening. Hope this helps.

print_exec.py

    import sys

    class file_like(object):
        def write(self, x):
            exec(x)

    sys.stdout = file_like()
    y = "exec(raw_input())"
    print "exec(y)"

Example running the print_exec.py:

    >python print_exec.py 
    print "import sys; print >> sys.stderr, 'hi'"    
    hi
    >
Chris S.
  • 21
  • 3