Skip to content

CalfCrusher/Python-Pickle-RCE-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
LICENSE
LICENSE
 
 
Pickle-PoC.py
Pickle-PoC.py
 
 
README.md
README.md
 
 
THM_pickle_owasp10_room.py
THM_pickle_owasp10_room.py
 
 
app.py
app.py
 
 

Repository files navigation

Python Pickle RCE Exploit

A simple RCE Pickle PoC with a vulnerable Flask App

In Python, the pickle module lets you serialize and deserialize data. Essentially, this means that you can convert a Python object into a stream of bytes and then reconstruct it (including the object’s internal structure) later in a different process or environment by loading that stream of bytes (for further info checkout this: https://davidhamann.de/2020/04/05/exploiting-python-pickle/

Setting up vulnerable Flask app (app.py)

$ virtualenv venv --python=/your/path/to/python

$ source venv/bin/activate

$ pip install Flask

$ flask run

Exploit Pickle RCE (Pickle-PoC.py)

$ python Pickle-PoC.py [URL]

Exploit Pickle RCE PoC for THM Owasp10 Room (THM_pickle_owasp10_room.py)

$ python THM_pickle_owasp10_room.py

About

Python Pickle RCE Exploit + vulnerable Flask App

Topics

flask exploit command remote rce execution pickle

Resources

Readme

License

GPL-2.0 license
Activity

Stars

12 stars

Watchers

1 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages