https://github.com/klezvirus/deser-ruby
Ruby Deserialization Payload Generator
https://github.com/klezvirus/deser-ruby
binary command-execution deserialization deserialization-vulnerability rails rce ruby yaml
Last synced: 7 months ago
JSON representation
Ruby Deserialization Payload Generator
- Host: GitHub
- URL: https://github.com/klezvirus/deser-ruby
- Owner: klezVirus
- License: gpl-3.0
- Created: 2020-03-08T20:43:42.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-03-08T22:57:19.000Z (almost 6 years ago)
- Last Synced: 2025-05-08T23:29:32.002Z (9 months ago)
- Topics: binary, command-execution, deserialization, deserialization-vulnerability, rails, rce, ruby, yaml
- Language: Ruby
- Homepage:
- Size: 16.6 KB
- Stars: 4
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# deser-ruby
Deser-ruby is a script to automatically generate serialized payloads on Ruby/Rails and other Ruby driven applications, which deserialize data from user input using `Marshal.load` or `YAML.load`.
The generated payloads use the **Universal RCE for Ruby 2.x** to gain RCE capabilities over the target application.
## Usage
Using deser-ruby is very straightforward::
```
$ ruby deser-ruby.rb --help
Usage: serializer.rb [options]
-s, --save=FILE File to store payload (default=payload)
-y, --yaml Generate YAML payload (default is False)
-t, --test Attempt payload deserialization
-c, --command=COMMAND Command to execute
-e, --encode=ENCODE Encode payload (base64|hex)
-h, --help Prints this help
```
**Attention:** Using `-t`, the serialized payload will be executed on your system!
#### References
* [Universal RCE for Ruby 2.x](https://www.elttam.com/blog/ruby-deserialization/)
* [Universal RCE for Ruby2.x - YAML](https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/)