BreadSecurity
Last updated
Last updated
| Difficulty | Points | Solves |
|---|---|---|
Poem by ChatGPT
In the challenge description, we can identify that the place we should investigate is on github and discord. In InfoSec discord, we can see that there is a Bread Security discord bot.
Playing around with the command returns nothing useful
However, when running the !pickle command, the message got deleted instantly and I received a direct message from the bot.
Since we have no way to proceed from here, lets swap to the other point of entry which is github
Searching [Bread Security](https://github.com/search?q=Bread+Security) on github shows a repository edwinczd/BreadSecurity(repo no longer exists)
Reading the source code, we see that !pickle perform base64 decoding and pickle.loads() function on the input.
Referring to this article, we are able to perform RCE and gain a reverse shell.
Start a ngrok tunnel so that we are able to catch the reverse shell
Create a payload based on the article above
The command is a simple python reverse shell taken from payloadallthethings
Use nc -nvlp 4444 to catch the reverse shell
Send the payload to the discord bot and win :D
Medium
300
2