-_-
LOAD_CONST + cusom bytearray -> R/W of whole address space. Idea from http://bofh.nikhef.nl/events/HitB/hitb-2014-amsterdam/praatjes/D2T1-G-Jacking-AppEngine-based-Applications.pdf …
Python devs will hate you for it! One weird trick to directly access python's memory from the interpreter:https://gist.github.com/pakt/c70073a0e0de1f47f579 …
-
-
-
@pa_kt from ctypes import * p = cast(c_void_p(0x400000), POINTER(c_char)) print repr(''.join(p[n] for n in xrange(16))) '\x7fELF\x02\x01... -
@newshtwit the point was not to use ctypes
-
-
-
@pa_kt haha that's awesome. Nice job!
-
-
-
@pa_kt Hehe I've played with this too at some point: https://doar-e.github.io/blog/2014/04/17/deep-dive-into-pythons-vm-story-of-load_const-bug/ … :) -
@0vercl0k I know, I mentioned your poc in mine ;) -
@pa_kt oops, didn't resolve the tinyurl :P cheers man!
-
-
@pa_kt whats wrong with just using ctypes to peek and poke? -
-
@pa_kt@Dirk_Gently Is Python designed to support safely running untrusted code in some cases? -
[kinky] MT
@pa_kt: Python devs will hate you! One weird trick to directly access python's memory from interpreter:https://gist.github.com/pakt/c70073a0e0de1f47f579 … -
newshtwit
James Johnson
Axel Souchet
invisigoth kenshoto
Myria
Jeff Sonstein
tenuki
ilmari
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.