0

If we got this command line:

python file.py --gsgds dsgsdg --dg dgdg --dg 'gdgd'

And now, let's say we want to break this command and run another command while it is running, something like that:

python file.py --gsgds dsgsdg --dg dgdg --dg '`sleep 10`'

When I try to add a sleep 10 between the two quotes, it doesn't work. Please keep in mind that I must break the command between the two quotes. ('[inject here]')

Any ideas?

Idan Masas
  • 1
  • 1
  • I'm not sure what you mean by "breaking" the command. You are essentially passing a command line argument to the program? Do you want to just pass the output of another command to `python` or do you want to run another program simultaneously? Can you please rectify the question to indicate what you want? Preferably add a sample output or more details. – Amit Singh May 31 '21 at 11:45
  • Sorry for being unclear. English isn't my native language, so please try to understand me: Let's say some website runs this command line in their terminal: python file.py --arg1 blabla --arg2 blabla --arg3 'blablabla'. We have the ability to change one of the arguments (In this case, arg3). I want to run the command sleep 10 before their command runs, so it should be something like that: python file.py --arg1 blabla --arg2 blabla --arg3 '`Sleep 10`'. The problem here is that they use single quotes, so I can't really inject new command into their existed command. I hope I made myself clear. – Idan Masas May 31 '21 at 13:25
  • Okie, so you want your output to be `python file.py --arg1 blabla --arg2 blabla --arg3 'sleep 10'` or do you mean to do something like run `sleep 10` in addition to running the python command? – Amit Singh May 31 '21 at 13:30
  • I want to run the command 'sleep 10' out of their existed command eventually. Any idea how can I do that? – Idan Masas May 31 '21 at 13:34
  • I can't just run the command by itself, I have permission to change the argument arg3 only. How can I use arg3 to run 'sleep 10'? – Idan Masas May 31 '21 at 13:38
  • And by the way, I see that you keep on saying python. I just want to clarify that it has nothing to do with python specifically. It can be any other command. – Idan Masas May 31 '21 at 13:39

1 Answers1

0

Let's take for example, we have bash shell running in the terminal. There are several characters which have special meaning in the bash shell. You can read more in the bash manual.

Let's take for example, ; in bash. You can easily run sleep 10 after your python command using ;. Here's one way:

python file.py --gsgds dsgsdg --dg dgdg --dg ''; sleep 1; echo 'Done'

where you pass '; sleep 1; echo 'Done in the third arg.

Some shells add restriction on what characters can/ cannot be used so it's up to you to try out what works.

Amit Singh
  • 2,875
  • 14
  • 30
  • Is there another way of doing that? It looks like the server knows how to handle that. – Idan Masas Jun 01 '21 at 08:59
  • That happens in the server when I try your suggestion: --arg3 'bla'\''; sleep 1; echo '\''Done' --arg3 blabla – Idan Masas Jun 01 '21 at 09:00
  • Can you update the question with the error or share it here? I do see there are extra `\\` in there – Amit Singh Jun 01 '21 at 09:05
  • I do not think you understand me correctly. I'm having a test and there is this website that runs a random python terminal command. One argument of their existed command is changeable. I basically need to inject another command through this argument and make it sleep for 60 seconds. Some may call it "Command Injection". Can someone help me, please? – Idan Masas Jun 02 '21 at 10:28
  • And another important thing to mention here is that this specific website has some defends, when I tried your suggestion with the `'; sleep 1; echo 'Done`, the server returned `--arg3 'bla'\''; sleep 1; echo '\''Done' --arg3 blabla`. – Idan Masas Jun 02 '21 at 10:31