Created
March 20, 2019 07:52
-
-
Save prprhyt/5469f6102d523872692f927d750540ad to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #run python3 main.py | |
| from ctypes import * | |
| import subprocess | |
| import os | |
| libc = cdll.LoadLibrary('libc.so.6') | |
| class Deff: | |
| def __init__(self, *args, **kwargs): | |
| self.CLONE_NEWNS=0x00020000 | |
| self.CLONE_NEWUTS=0x04000000 | |
| self.CLONE_NEWIPC=0x08000000 | |
| self.CLONE_NEWUSER=0x10000000 | |
| self.CLONE_NEWPID=0x20000000 | |
| self.CLONE_NEWNET=0x40000000 | |
| self.CLONE_IO=0x80000000 | |
| return super().__init__(*args, **kwargs) | |
| def clone(fn, flags=0): | |
| def stub(): | |
| return fn() or 0 | |
| stack = bytes(0x100000) | |
| ret = libc.clone(CFUNCTYPE(c_int)(stub), c_void_p(cast(stack, c_void_p).value + len(stack)), flags) | |
| if ret == -1: | |
| _errno = get_errno() or errno.EPERM | |
| raise OSError(_errno, os.strerror(_errno)) | |
| def testp(): | |
| cmd = "/bin/bash" | |
| #subprocess.call(cmd, stdout=subprocess.PIPE, shell=True, check=True) | |
| #subprocess.run(cmd,shell=True,check=True) | |
| os.system("/bin/bash") | |
| deff = Deff() | |
| flag = deff.CLONE_NEWNET|deff.CLONE_NEWNS| deff.CLONE_NEWPID | deff.CLONE_NEWUSER | deff.CLONE_NEWUTS | |
| clone(testp, 0) | |
| #print(deff.CLONE_NEWUTS) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment