Pickle
BlackHat 2011 Presentation
On this past Thursday we spoke at BlackHat USA on Python Pickle. In the presentation, we covered approaches for implementing missing functionality in Pickle, automating the conversion of Python calls into Pickle opcodes, scenarios in which attacks are possible and guidelines for writing shellcode. Two tools were released: Converttopickle.py – automates conversion from Python-like statements into shellcode. Anapickle – helps with the creation of malicious pickles. Contains the shellcode library.…
Playing with Python Pickle #3
[This is the third in a series of posts on Pickle. Link to part one and two.] Thanks for stopping by. This is the third posting on the bowels of Python Pickle, and it’s going to get a little more complicated before it gets easier. In the previous two entries I introduced Pickle as an attack vector present in many memcached instances, and documented tricks for executing OS commands across…
Playing with Python Pickle #2
[This is the second in a series of posts on Pickle. Link to part one.] In the previous post I introduced Python’s Pickle mechanism for serializing and deserializing data and provided a bit of background regarding where we came across serialized data, how the virtual machine works and noted that Python intentionally does not perform security checks when unpickling. In this post, we’ll work through a number of examples that…
Playing with Python Pickle #1
In our recent memcached investigations (a blog post is still in the wings) we came across numerous caches storing serialized data. The caches were not homogenous and so the data was quite varied: Java objects, ActiveRecord objects from RoR, JSON, pre-rendered HTML, .Net serialized objects and serialized Python objects. Serialized objects can be useful to an attacker from a number of standpoints: such objects could expose data where naive developers…
Page 1 of 1