Error while generating or serializing payload (FIXED)

[bountyhacking]

DESCRIPTION

During my attempt to complete a hacking C.T.F PortSwigger lab, I encountered an issue with ysoserial. The Kali Linux machines had Java 17 installed, which caused compatibility problems with ysoserial. To overcome this, I needed to install Java 11. Fortunately, I found a solution that allows ysoserial to work seamlessly with Java 11, and I wanted to share it with the community.

SOLUTION

To use ysoserial with Java 11, you can follow these steps:

1. Install java 11 sudo apt-get install openjdk-11-jdk
2. Add Java 11 to PATH variable. To add the Java 11 installation directory to the PATH variable, you can open the .bashrc or .bash_profile file in your home directory using a text editor. For example, you can use the following command to open the .bashrc file: nano ~./bashrc
3. In the open file, add the following line to the end: export PATH="/usr/lib/jvm/java-11-openjdk-amd64/bin:$PATH"
4. Save and exit nano
5. Restart the terminal with the following command source ~/.bashrc
6. Execute ysoserial. Example: java -jar ysoserial-all.jar CommonsCollections4 'rm /home/carlos/morale.txt' | base64
7. You should see the following output on the first line: Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true

I hope this helps!

REFERENCES

ysoserial stopped working

[r3nt0n]

Thank you for sharing your solution!

Just to complete, in cases you don't want to permanent change the PATH and keep other applications using Java 17, you can just install openjdk-11-jdk and run ysoserial as follows:

PATH=/usr/lib/jvm/java-11-openjdk-amd64/bin:$PATH java -jar ysoserial-all.jar ...

[frohoff]

Please use the discussions feature for questions, comments, or troubleshooting not related to a bug.

https://github.com/frohoff/ysoserial/discussions