Have an account?
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
Who's Online (0)
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Competitions / Projects
So I just created level 13 :) It focuses on the python pickle vulnerability. Grab it at:
In this one the user has to create a python script that pickles text into a file.plk file for them. Then the user has to find an elevation executable and execute it with cmdexec.py which reads data from a pickle file and executes it. NOTE:
Some tweaking needs to be done. For one, we should have cmdexec.py in a different directory like /levels/level13/ and make it so users can't do anything to that directory. We should also modify the cmdexec.py so it seeks for file.plk in /tmp or something like that. This one may be tricky to set up as if the user keeps the .plk file in the /tmp dir, another user can just execute cmdexec.py and it will give them the shell for them.
Update: I thought of a better idea. Just edit the python code for cmdexec and make it so it asks users for input of where the pickle file is and the user has to point it to like /tmp/blah/file.pkl
Add a Comment