0

My code is:

_cmd = "|| echo " + base64.b64encode(args.cmd) + "|base64 -d|bash"
   p.update({"form_284": _cmd})

My error is:

Traceback (most recent call last):
  File "openemr_rce.py", line 136, in <module>
    _cmd = "|| echo " + base64.b64encode(args.cmd) + "|base64 -d|bash"
  File "/usr/lib/python3.8/base64.py", line 58, in b64encode
    encoded = binascii.b2a_base64(s, newline=False)
TypeError: a bytes-like object is required, not 'str'

Edit:

There is no problem when you run it in python2

Improve this question
3
  • args.cmd is a str, it should be a bytes object to make it compatible with base 64 encoding. Without knowing where it came from, we can't know why it's the wrong type. A minimal reproducible example is needed for a complete answer. Commented Sep 10, 2020 at 22:08
  • Heh. I wonder if you're playing the same CTF where I recently saw OpenEMR used as a target... Commented Sep 10, 2020 at 22:14
  • Yes @CharlesDuffy . This is openemr_rce partial in code Commented Sep 10, 2020 at 22:48

2 Answers 2

Reset to default
2

Your args.cmd is a string.

If it was meant to be, try base64.b64encode(args.cmd.encode("ascii")).decode("ascii").

If your command contains non-ascii characters, the bash cmd is on a system-dependent encoding, and you can use sys.getdefaultencoding() to fetch it.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

@CharlesDuffy I'm not encoding the base64, I'm encoding the input to the base64 which can be anything.
@vortext what do you mean? What was wrong with the solution?
Traceback (most recent call last): File "openemr_rce.py", line 136, in <module> _cmd = "|| echo " + base64.b64encode(args.cmd.encode("ascii")) + "|base64 -d|bash" TypeError: can only concatenate str (not "bytes") to str
If the solution helped you, you can choose to accept the answer by clicking the green check mark next to the answer. For more info, see the help manuals
@vortext Indeed, you need to decode the answer as well. Updated appropriately.
0

As the error says, you must pass a "bytes-like object" to b64encode, not a string. To get bytes from a string, you can call encode():

base64.b64encode(args.cmd.encode('utf8'))
Improve this answer

2 Comments

Traceback (most recent call last): File "openemr_rce.py", line 136, in <module> _cmd = "|| echo " + base64.b64encode(args.cmd.encode('utf8')) + "|base64 -d|bash" TypeError: can only concatenate str (not "bytes") to str
@vortext Please post a new question with your current code. Hint: the problem is very similar. You need to match the correct types.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.