For running the example code I’m using Python 3.10.10 on macOS 13.4.1;
the demonstration of the reverse shell is just a connect-back to a loopback address (localhost).
In Python, the pickle module lets you serialize and deserialize data. Essentially, this means that you can convert a Python object into a stream of bytes and then reconstruct it (including the object’s internal structure) later in a different process or environment by loading that stream of bytes.
When consulting the Python docs for pickle one cannot miss the following warning:
Warning: The pickle module is not secure. Only unpickle data you trust.
Let’s find out why that is and how unpickling untrusted data could to major security issues.
In Python you can serialize objects by using pickle.dumps():
import pickle
pickle.dumps(['pickle', 'me', 1, 2, 3])
The pickled representation we’re getting back from dumps will look like this:
b'\\x80\\x04\\x95\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00]\\x94(\\x8c\\x06pickle\\x94\\x8c\\x02me\\x94K\\x01K\\x02K\\x03e.
And now reading the serialized data back in…
import pickle
pickle.loads(b'\\x80\\x04\\x95\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00]\\x94(\\x8c\\x06pickle\\x94\\x8c\\x02me\\x94K\\x01K\\x02K\\x03e.')
…will give us our list object back: