Kabinet's GitBook
  • 🚩Kabinet CTF's Writeups
  • Page
  • 2025
    • Thuderdome
      • Emerge through the breach
      • Pulled from the sky
      • An absent defense
      • A new wave (web of deceit)
      • Crossing the great divide
      • Joining forces as one
      • Infiltrate (open the gate)
      • Jaeger
      • Victory
  • 2024
    • GreyCTF 2024
      • Markdown Parser
      • Fearless Concurrency
      • GreyCTF Survey
      • Baby Web
      • Beautiful Styles
      • All About Timing
      • Poly Playground
    • TetCTF 2024
      • Hello from API GW
      • Microservices
  • 2023
    • BSidesSF Cloud Village CTF
      • Tony Tony Tony
      • Plain Sight
      • A Suit of Armor Around The World
      • Sharing is Caring + Sequel
      • Photo Drive
    • DART CTF
      • Flag 1
      • Flag 2
      • Flag 3
      • Flag 4
      • Flag 5
      • Flag 6
      • Flag 7
      • Flag 8
      • Flag 9
      • Flag 10
    • EKS Cluster Games
    • Big IAM Challenge
  • 2022
    • Stack The Flag
      • Secret of Meow Olympurr
  • Authored
    • Cyber League 2025 Major 1
      • Perfect Storage
      • catalog commits
      • pawtainer hub
    • Lag and Crash 2023
      • Managed Secrets
      • Pickle Rick
      • Cloudy with a chance of meatball
    • NYP InfoSec December CTF 2022
      • Super Secure Technology Infrastructure
      • Self Introduction
      • Aww Cuter Cat
      • Obligatory Calc
      • BreadSecurity
  • NYP InfoSec Introduction to Pentesting Workshop
Powered by GitBook
On this page
  • BreadSecurity
  • Description
  • Solve

Was this helpful?

  1. Authored
  2. NYP InfoSec December CTF 2022

BreadSecurity

PreviousObligatory CalcNextNYP InfoSec Introduction to Pentesting Workshop

Last updated 2 years ago

Was this helpful?

BreadSecurity

Difficulty
Points
Solves

Medium

300

2

Description

Poem by ChatGPT

Solve

In the challenge description, we can identify that the place we should investigate is on github and discord. In InfoSec discord, we can see that there is a Bread Security discord bot.

Playing around with the command returns nothing useful

However, when running the !pickle command, the message got deleted instantly and I received a direct message from the bot.

Since we have no way to proceed from here, lets swap to the other point of entry which is github

Searching [Bread Security](https://github.com/search?q=Bread+Security) on github shows a edwinczd/BreadSecurity(repo no longer exists)

Reading the source code, we see that !pickle perform base64 decoding and pickle.loads() function on the input.

Referring to article, we are able to perform RCE and gain a reverse shell.

  1. Start a tunnel so that we are able to catch the reverse shell

  2. Create a payload based on the article above

    The command is a simple python reverse shell taken from

  3. Use nc -nvlp 4444 to catch the reverse shell

  4. Send the payload to the discord bot and win :D

repository
this
ngrok
payloadallthethings