Poem by ChatGPT


In the challenge description, we can identify that the place we should investigate is on github and discord. In InfoSec discord, we can see that there is a Bread Security discord bot.

Playing around with the command returns nothing useful

However, when running the !pickle command, the message got deleted instantly and I received a direct message from the bot.

Since we have no way to proceed from here, lets swap to the other point of entry which is github

Searching [Bread Security]( on github shows a repository edwinczd/BreadSecurity(repo no longer exists)

Reading the source code, we see that !pickle perform base64 decoding and pickle.loads() function on the input.

Referring to this article, we are able to perform RCE and gain a reverse shell.

  1. Start a ngrok tunnel so that we are able to catch the reverse shell

  2. Create a payload based on the article above

    The command is a simple python reverse shell taken from payloadallthethings

  3. Use nc -nvlp 4444 to catch the reverse shell

  4. Send the payload to the discord bot and win :D

Last updated