Valentine CTF: Pickle Jar
I love pickles so much, I made a Python program that accepts pickles too! What was even cooler is that I found out that Python has a built in library to make pickles — how cool is that! If you give me some cool pickles to add to my jar, I’ll give you something special in return!
Connect to my program at chal.hackersacademy.com on port 1221!
In this nc server is given
So when you connect to it. It asks for the input and enters anything you want to check how it works. It throws an error *Oops! There was something wrong in decoding your pickle from base64!*
From that, you find that it is decoding the input from base64 then doing deserialization.
So Read about the pickle LINK
Created a payload to exploit the pickle insecure deserialization vulnerability.
But after sending payload with any other class name other than DillPiclke it gives a statement that not taste like DillPickle so I use the class name, Dill Pickle
it shows about the files on the server and it also shows that there is a file named *notes.txt* but unable to send more than one command so if you google you find that if we want to send the multiple commands in the pickle you have to send then in the form on the list.
Modified Script
but it will say a string, not a hint, and nothing related to the flag so start executing command but no result
Then hint updated no command execution needed so thought to send an empty class
Updated Script
So it gives a string gASVXgAAAAAAAAB9lIwEZmxhZ5SMUDQzNTQ0NjQxNDU3YjUwNzk3NDY4NmY2ZTUwNjk2MzZiNmM2NTczNTQ2MTczNzQ2NTQ3NzI2NTYxNzQ1NzY5NzQ2ODQyNjE3MzY1MzYzNDdklHMu
decode it from base64 and then convert it from hex to ASCII you will get your flag
Flag : CTFAE{PythonPicklesTasteGreatWithBase64}