killchain-compendium/Exploits/Python/Lib Hijacking.md

Library Hijacking

• Article

Interpreter might be called invoking sudo

• Write into a library called inside the script

Path call order of packages

• Order of paths which are invoked to find packages may be found via

python -c 'import sys; print("\n".join(sys.path))'

• Higher order directory on a path may have write permission. Insert a similar named package that gets called in the script.
• The highest order is pwd

Redirecting PYTHONPATH

• SETENV may be set while loading script through sudo

sudo PYTHONPATH=/tmp/ /usr/bin/python3.6 <script.py>