Ctrlk

PyInstaller Code Execution

Theory

PyInstaller bundles a Python application and all its dependencies into a single package. We can use it to execute arbitrary code.

Assume that pyinstaller can be executed as root with sudo rights. if we controll its input, then its vulnerable to arbitrary code execution.

sudo -l
    (root): /home/svc/.local/bin/pyinstaller *

Last updated 1 year ago