Skip to content
logo
Red tradecraft
Python pickle
  • Privacy greenhouse
  • Defence blues
  • Purple crossroads
  • Indigo observatory
  • Contact
Initializing search
    • In: Where the falcons and foxes roam
    • Through: Where the raccoons burrow and rummage
      • The art of staying where you are not wanted
        • The field guide to staying unnoticed
        • Persistence runbooks
        • Digging under the Linux shed
        • Dumpster diving behind the windows store
        • Where the raccoon learns to never leave
        • Burrows, backdoors, and bashful shenanigans
          • Bash: System 1
          • sudo: weak configuration
          • Bash: System 2
          • LaTeX: Input
          • Powershell: Command Injection
          • Bash: unquoted expression injection
          • Perl: Command injection
          • Bash: cron
          • Python input()
          • Python pickle
            • Counter moves
      • Overflowing the bin on purpose
      • Reverse engineering
      • Steganography
      • Crypto-attacks
      • Slipping through the cracks
    • Out: Where squirrels swipe the crown jewels
    • Fungolia earthworks
    • Unseen University Power & Light Co.
    • The Scarlet Semaphore
    • Counter moves

    Python pickle¶

    root-me challenge: Python - pickle: Authenticate as admin and capture the flag from .passwd file.

    HackTricks: Bypass pickle sandbox with the default installed python packages

    Counter moves¶

    Pickle deserialises arbitrary objects, which means arbitrary code on untrusted data. A safe format, and never unpickling untrusted input, are the fixes. Seen from the other side, this sits in the blue notes on the application layer as a target.

    2026-06-14 18:23
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7