Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pwntester/serialkillerbypassgadgetcollection
Collection of bypass gadgets to extend and wrap ysoserial payloads
https://github.com/pwntester/serialkillerbypassgadgetcollection
Last synced: 1 day ago
JSON representation
Collection of bypass gadgets to extend and wrap ysoserial payloads
- Host: GitHub
- URL: https://github.com/pwntester/serialkillerbypassgadgetcollection
- Owner: pwntester
- Created: 2016-04-11T14:27:50.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2022-04-16T04:25:03.000Z (over 2 years ago)
- Last Synced: 2024-10-26T20:39:33.657Z (15 days ago)
- Language: Java
- Size: 23.4 KB
- Stars: 349
- Watchers: 16
- Forks: 75
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **199**星
README
# SerialKiller: Bypass Gadget Collection
## Description
Collection of Bypass Gadgets that can be used in JVM Deserialization Gadget chains to bypass ["Look-Ahead ObjectInputStreams"](http://www.ibm.com/developerworks/library/se-lookahead/) desfensive deserialization.
Released as part of RSA 2016 Talk ["SerialKiller: Silently Pwning Your Java Endpoints"](https://www.rsaconference.com/events/us16/agenda/sessions/2389/serial-killer-silently-pwning-your-java-endpoints) by Alvaro Muñoz (@pwntester) and Christian Schneider (@cschneider4711).
Details about bypass gadget technique can be found in the following resources:
- ["Paper"](https://community.microfocus.com/t5/Fortify-User-Discussions/The-perils-of-Java-deserialization/td-p/1596306?attachment-id=63108)
- ["Slides"](https://speakerdeck.com/pwntester/serial-killer-silently-pwning-your-java-endpoints)
- ["OWASP BeNeLux Day Slides"](https://www.owasp.org/images/8/8b/OWASPBNL_Java_Deserialization.pdf)## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
## Requirements
The current status of this project heavily depends on ["YSoSerial"](https://github.com/frohoff/ysoserial). project and the idea is to integrate it there in the near future (see below). It can actually be considered an extension of ysoserial and it reuses some parts of the code and all the payload gadgets in order to facilitate future integration.
Copy the current version (`ysoserial-0.0.5-SNAPSHOT-all.jar`) to `/external` and adjust the `pom.xml` if using a different version.
The following Jar files are required from Weblogic and WebSphere application servers and not distributed with SerialKiller Bypass Gadget Collection. Copy them from your authorized version of the application server to the `/external` directory.
```
com.ibm.jaxws.thinclient_8.5.0.jar
com.ibm.ws.ejb.embeddableContainer_8.5.0.jar
com.oracle.weblogic.iiop-common.jar
com.ibm.mq.jmqi.jar
com.ibm.ws.ejb.thinclient_8.5.0.jar
com.ibm.msg.client.jms.jar
com.ibm.ws.runtime.coregroupbridge.jar
```## Build
`mvn clean compile assembly:single`
## Usage
`java -jar target/serialkiller-bypass-gadgets-0.0.1-SNAPSHOT-all.jar `
## Future
The idea is to integrate this project into YsoSerial project as soon as it supports wrapping payloads in bypass gadgets and handle missing dependencies.