Exploit the python pickle library to get the Python program to spawn a shell.

Python code:

#!/usr/bin/env python3 import base64 import sys import pickle import random import time class Order: def __init__(self): self.toppings = [] self.patties = 1 self.bun = "Old Bread" def __str__(self): toppings = ", ".join(self.toppings) pattystring = "patty" if self.patties == 1 else "patties" if len(self.toppings) == 0: toppings = "no toppings" return ("Order for a burger with " + toppings + " and " + str(self.patties) + " " + pattystring + " on a " + self.bun + " bun.") toppings = ["ketchup", "mayo", "mustard", "pickles", "lettuce", "sour cream", "sugar", "salt", "pepper", "jalapeno", "icing", "tomato", "egg", "cheese", "burger", "peanuts", "cereal", "milk", "pizza"] theirOrder = Order() def intro(): print("Welcome to the CyberBurgers Cafe") print() print("We sell burgers with all sorts of toppings, and you order over the cyber!") def about(): print("This program either uses or is inspired by the following:") print() print("* The Krusty Krab") print("* Python 3") print("* The pickle library (how fitting...)") print("* Socat") print("* McBurgerPlace") print("* Vim") print("* XKCD 221") print() def menu(): print("Main Menu") print("1) Add Topping") print("2) Remove all Toppings") print("3) Select number of patties") print("4) Choose type of bun") print("5) Show order") print("6) Export order") print("7) Import old order") print("8) About") print("9) Quit") def addTopping(): newTopping = random.choice(toppings) theirOrder.toppings.append(newTopping) print("We added a topping for you:", newTopping) def removeToppings(): print("We removed all your toppings (you're boring, you know that?).") theirOrder.toppings = [] def selectPatties(): print("We selected the number 4, by random chance. You will get 4 patties.") theirOrder.patties = 4 def chooseBun(): print("What kind of bun would you like?") time.sleep(0.5) print("Wait...") time.sleep(0.5) print("Only kind we have left is sesame seed.") time.sleep(0.5) print("You will receive a sesame seed bun.") theirOrder.bun = "sesame seed" def placeOrder(): print("Sorry, this feature is not implemented. Our cafe is in early access.") print("We plan to implement burgers sometime this summer. Maybe you want to") print("export your order until then?") def showOrder(): print("Your order:", theirOrder) def exportOrder(): serializedOrder = base64.b64encode(pickle.dumps(theirOrder)).decode('ascii') print("Remember this:", serializedOrder) def importOrder(): global theirOrder order = input("Enter your order: ") order = order.strip() decoded_order = base64.b64decode(order) # People keep ordering shells from the /bin, or something. My nephew said # this code would stop them blacklist = [b'sh', b'open', b'/bin', b'/usr'] for item in blacklist: if item in decoded_order: print("What are you trying to pull?") sys.exit(1) theirOrder = pickle.loads(decoded_order) print("Imported order") def quit(): print("Thank you for choosing the CyberBurgers Cafe") sys.exit(0) def main(): handlers = [addTopping, removeToppings, selectPatties, chooseBun, showOrder, exportOrder, importOrder, about, quit] intro() menu() num = 0 while True: try: choice = input("Make a decision: ") except: quit() try: num = int(choice) except: print("That's not a number!") num = 0 if num > len(handlers) or num < 1: continue handlers[num-1]() main()