I'm trying out an insecure Python "jail" I found somewhere, when I run it locally and and execute it, it works fine. However, when I create a xinetd service for it, I can netcat to it, it does seem to connect but I see no output what so ever. The python file is:
#!/usr/bin/python -u
from sys import modules
modules.clear()
del modules
_raw_input = raw_input
_BaseException = BaseException
_EOFError = EOFError
__builtins__.__dict__.clear()
__builtins__ = None
print 'Get a shell, if you can...'
while 1:
try:
d = {'x':None}
exec 'x='+_raw_input()[:50] in d
print 'Return Value:', d['x']
except _EOFError, e:
raise e
except _BaseException, e:
print 'Exception:', e
The xinetd file is:
service jail-hard
{
disable = no
id = jail-hard
type = unlisted
wait = no
socket_type = stream
protocol = tcp
user = root
server = /usr/bin/python
server_args = /home/jailuser/jail-hard.py
port = 51337
}
And I just simply connect with "nc ip-address port".
Update 1: When I break out the jail and type in any command such as 'ls -la', I do get the output. So it seems there's something wrong with the print statements?