• Stars
    star
    124
  • Rank 288,207 (Top 6 %)
  • Language
    Python
  • Created almost 5 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automatically converts Python source code to Pickle opcode

pker

Tools for converting Python source code to Pickle opcode automatically, see https://xz.aliyun.com/t/7012

Usage

Write code with normal Python syntax:

i = 0
s = 'id'
lst = [i]
tpl = (0,)
dct = {tpl: 0}
system = GLOBAL('os', 'system')
system(s)
return
$ python3 pker.py < x
b"I0\np0\n0S'id'\np1\n0(g0\nlp2\n0(I0\ntp3\n0(g3\nI0\ndp4\n0cos\nsystem\np5\n0g5\n(g1\ntR."

Nested complex expressions are ok

getattr = GLOBAL('__builtin__', 'getattr')
get = getattr(GLOBAL('__builtin__', 'dict'), 'get')
__builtins__ = get(GLOBAL('__builtin__', 'globals')(), '__builtins__')

f = getattr(__builtins__, 'getattr')(__builtins__, 'getattr')(__builtins__, 'getattr')(__builtins__, 'getattr')(__builtins__, 'getattr')
sin = GLOBAL('math', 'sin')
k = {sin(sin(sin(sin(sin(1))))): {(1, 2): [0, f]}}
return k
$ python3 pker.py < x
b"c__builtin__\ngetattr\np0\n0g0\n(c__builtin__\ndict\nS'get'\ntRp1\n0g1\n(c__builtin__\nglobals\n(tRS'__builtins__'\ntRp2\n0g0\n(g2\nS'getattr'\ntR(g2\nS'getattr'\ntR(g2\nS'getattr'\ntR(g2\nS'getattr'\ntR(g2\nS'getattr'\ntRp3\n0cmath\nsin\np4\n0(g4\n(g4\n(g4\n(g4\n(g4\n(I1\ntRtRtRtRtR((I1\nI2\nt(I0\ng3\nlddp5\n0g5\n."

$ python3 pker.py < x | python3 ../test.py
{0.5871809965734309: {(1, 2): [0, <built-in function getattr>]}}

The differences from normal Python code are:

  • there are 3 built-in macros

    GLOBAL('os', 'system')             =>  cos\nsystem\n
    INST('os', 'system', 'ls')         =>  (S'ls'\nios\nsystem\n
    OBJ(GLOBAL('os', 'system'), 'ls')  =>  (cos\nsystem\nS'ls'\no
    
  • return expression could be used outside of the function

    var = 1
    return var
    
    return           =>  .
    return var       =>  g_\n.
    return 1         =>  I1\n.
    

Examples are in pker/test

More Repositories

1

iox

Tool for port forwarding & intranet proxy
Go
998
star
2

gld

Go shellcode LoaDer
Go
170
star
3

win32api-practice

Offensive tools written for practice purposes
C++
148
star
4

memexec

A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
Rust
122
star
5

nic

🌀 Nic is a HTTP request client with elegant and easy-to-use API
Go
103
star
6

secure-cookie-faker

Security tool to encode/decode Golang web-frameworks' client-side session cookie which use `gorilla/securecookie` or `gorilla/sessions`, such as Gin, Echo or Iris
Go
36
star
7

lessons-robber

CUMT公选课多线程/协程抢课脚本
Python
21
star
8

analog-login

CUMT教务系统模拟登录
Python
14
star
9

ntlmssp

Windows NTLMSSP library
Go
11
star
10

zip_crack

zip压缩文件密码暴力破解
Python
9
star
11

macho-ld

In-memory loading and executing Mach-O files
Rust
6
star
12

ctf-hash-proof

fast cli tool written for CTFer to proof hash (md5, sha1, sha256, sha512)
Go
6
star
13

tar-vuln-server

复现利用tar指令checkpoint-action参数提权的http server程序
Go
4
star
14

nemesis

cli webshell manager
Python
3
star
15

win64-syscall

Windows x64 indirect syscall lib for maldev with no_std supporting
Rust
3
star
16

async-socks5

Rust
3
star
17

EddieIvan01.github.io

SCSS
3
star
18

flask-bbs

simple BBS demo, written in Flask and Bootstrap
JavaScript
2
star
19

roarCTF-dist-casino

roarCTF challenge dist source code and writeup
Python
2
star
20

Generate_Char_By_Xor

CTF中过滤指定字符的webshell,php中由字符异或生成新字符
Python
2
star
21

Dir_Scanner_WithProxies

using proxies to scan websites' dirs
Python
1
star
22

Game

vb小游戏——生死狙击
Visual Basic
1
star
23

x-csrf

middleware to defend CSRF attack for gin framework
Go
1
star
24

ProxyPool

a simple proxy pool written in Golang
Go
1
star
25

flag

1
star
26

functional-programming

some basic data structures written in Scheme
Scheme
1
star