BreadSecurity
Last updated
Was this helpful?
Last updated
Was this helpful?
Medium
300
2
Poem by ChatGPT
In the challenge description, we can identify that the place we should investigate is on github and discord. In InfoSec discord, we can see that there is a Bread Security
discord bot.
Playing around with the command returns nothing useful
However, when running the !pickle
command, the message got deleted instantly and I received a direct message from the bot.
Since we have no way to proceed from here, lets swap to the other point of entry which is github
Searching [Bread Security](https://github.com/search?q=Bread+Security)
on github shows a edwinczd/BreadSecurity
(repo no longer exists)
Reading the source code, we see that !pickle
perform base64 decoding and pickle.loads()
function on the input.
Referring to article, we are able to perform RCE and gain a reverse shell.
Start a tunnel so that we are able to catch the reverse shell
Create a payload based on the article above
The command
is a simple python reverse shell taken from
Use nc -nvlp 4444
to catch the reverse shell
Send the payload to the discord bot and win :D