Skip to content

Instantly share code, notes, and snippets.

View conikeec's full-sized avatar

Chetan Conikee conikeec

66 followers · 179 following
View GitHub Profile
@conikeec
conikeec / b4.java
Created June 14, 2018 14:03
class Utils
{
// Function to serialize an object and write it to a file
public static void SerializeToFile(Object obj, String filename)
{
try
{
FileOutputStream file = new FileOutputStream(filename);
ObjectOutputStream out = new ObjectOutputStream(file);
@conikeec
conikeec / b3.java
Created June 14, 2018 14:02
// Vulnerable class
class LogFile implements Serializable
{
public String filename;
public String filecontent;
// Function called during deserialization
private void readObject(ObjectInputStream in)
@conikeec
conikeec / b2.java
Created June 14, 2018 14:00
String name;
String filename = "file.bin";
try
{
FileInputStream file = new FileInputStream(filename);
ObjectInputStream out = new ObjectInputStream(file);
// Serialization of the "name" (String) object
// Will be written to "file.bin"
@conikeec
conikeec / b1.java
Created June 14, 2018 13:57
import java.io.*;
public class Serial
{
public static void main(String[] args)
{
String name = "Ser";
String filename = "file.bin";
try
@conikeec
conikeec / gist:b1d1629f688a7f8d9a4bd11687f7f4fe
Last active May 6, 2018 13:58
cd jackspoilt
cd attackscripts
# exercise the web routes
./add.sh
./list.sh
@conikeec
conikeec / gist:d944db7ab5ab2f2e8eec39f472a2b06f
Last active May 6, 2018 13:57
cd jackspoilt
# create the exploit by editing ./master/exploit/Exploit.java
# current version adds errros to log and spawns a calculator on OSX
# (For Linux based OS please revise the line to specify an exploit of your choice)
# compile ./master/exploit/Exploit.java
mvn exec:java -D"exec.mainClass"="EncodeExploit"
@conikeec
conikeec / 1.sh
Last active May 6, 2018 13:55
# spin up a shell prompt
git clone https://github.com/conikeec/jackspoilt.git
cd jackspoilt
# compile and package
mvn clean package
# verify if gadgets are avaliable to exploit (refer blog)
@conikeec
conikeec / 2.java
Created May 6, 2018 00:53
More dangerous classes were added to the blacklist
/**
* Set of well-known "nasty classes", deserialization of which is considered dangerous
* and should (and is) prevented by default.
*
* @since 2.8.9
*/
protected final static Set<String> DEFAULT_NO_DESER_CLASS_NAMES;
static {
Set<String> s = new HashSet<>();
// Courtesy of [https://github.com/kantega/notsoserial]:
@conikeec
conikeec / 1.java
Created May 6, 2018 00:52
protected void checkIllegalTypes(DeserializationContext ctxt, JavaType type, BeanDescription beanDesc)
throws JsonMappingException
{
// There are certain nasty classes that could cause problems, mostly
// via default typing -- catch them here.
Class<?> raw = type.getRawClass();
String name = raw.getSimpleName();
if ("TemplatesImpl".equals(name)) { // [databind#1599]
if (raw.getName().startsWith("com.sun.org.apache.xalan")) {
@conikeec
conikeec / README.md
Created August 1, 2017 06:43 — forked from denji/README.md
Remove/Backup – settings & cli for macOS (OS X) – DataGrip, AppCode, CLion, Gogland, IntelliJ, PhpStorm, PyCharm, Rider, RubyMine, WebStorm