Creating Python exploit

In the home page there was mention to feeed.py –

I did not see this in the results of filepath I got back from the respose I got back from Burpsuite but I can still call on the file to see what I get

results of feed.py

In the subject I still cannot get the full path to the file maybe because of XML bad characters.

Python web applications usually create routes, then give the routes a page that then define the code as per lines 15, 19 and 23

Now, i need to create a script to exploit pickle.

Can see here they use urlsafe b64decode, so in the script I will include b64encode

The script -

Imported base64 as necessary

Line 4 is from pentest monkey_chichi - https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet -NC

"pickkle.dumps" is in regards to pickleloads from the original feed.py file.

First attempt error.syntax. I will change it so that I need to write the whole b64encode

(To be continued)

PreviousExploiting Web PageNextGoBox CTF

Last updated