Forum Discussion
Silver ISerial Maze Support Group
Sabrina mentioned in another post. "I would recommend having a look at the Browser Developer Tools: Console and JavaScript Execution lab, as there is some overlap in the tasks. We don't have an offensive lab on Python pickles, but you may find Python: Insecure Deserialization useful, including the further reading linked at the end. Good luck!"
In the Insecure Deserialization it mentions "The developers of a GPS fitness tracking application unfortunately implemented the feature to upload jogging routes vulnerable to insecure deserialization attacks, since they decided to use the insecure pickle format. Your task is to remediate this vulnerability using the more secure JSON format."
So maybe this can be of help.
Bronze IIitsdangerous
token > secret_key > 🥒 > answer
Bronze IIIDo you need to find the secret_key before sending the pickle payload? or use a pickled payload to find it?
- domel44
Yes - first finding secret_key
then 🥒
sabil10domel44​ ..I got rough idea to solve the lab.. we need to use itsdangerous signed payload and bruteforce the secret_key with rockyou wordlist.. appreciate any hint on finding token..?
- autom8on
From my very rough notes (thanks Vlad! ;p): "You need to pickle the co-ordinates, then sign them using itsdangerous" (looking at previous labs in the series may help work out how the co-ordinates are normally passed).
I had no need for rockyou after picking up the not-so-subtle hint in the following screenshot... ;p
- Nneka_AN
Thank you so much domel44, you have been so incredibly helpful! The rockyou clue has been my closest one so far.
Quick question, please. The rockyou.txt on my sandboxed Kali machine is only 1556 bytes, whereas the real wordlist is over 133 megabytes. Did you have to alter the list in some way before you were able to use it, please?- domel44
Hi Nneka,
i use the list available on the Kali host.
