BreadSecurity

Difficulty	Points	Solves
Medium	300	2

Difficulty

Points

Solves

Medium

300

Description

Poem by ChatGPT

Solve

In the challenge description, we can identify that the place we should investigate is on github and discord. In InfoSec discord, we can see that there is a Bread Security discord bot.

Playing around with the command returns nothing useful

However, when running the !pickle command, the message got deleted instantly and I received a direct message from the bot.

Since we have no way to proceed from here, lets swap to the other point of entry which is github

Searching [Bread Security](https://github.com/search?q=Bread+Security) on github shows a repository edwinczd/BreadSecurity(repo no longer exists)

Reading the source code, we see that !pickle perform base64 decoding and pickle.loads() function on the input.

Referring to this article, we are able to perform RCE and gain a reverse shell.

Start a ngrok tunnel so that we are able to catch the reverse shell
Create a payload based on the article above
The command is a simple python reverse shell taken from payloadallthethings
Use nc -nvlp 4444 to catch the reverse shell
Send the payload to the discord bot and win :D

PreviousObligatory Calc NextNYP InfoSec Introduction to Pentesting Workshop

Last updated 1 year ago