Skip to content
/ jvm-reverseshell Public

proof-of-concept demonstration of unsafe object deserialization

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cheatahh/jvm-reverseshell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.idea
.idea
 
 
c2
c2
 
 
payload-generator
payload-generator
 
 
victim
victim
 
 
README.md
README.md
 
 
payload.ser
payload.ser
 
 

Repository files navigation

Jvm Reverse Shell

A proof-of-concept demonstration of unsafe Jvm object deserialization (CVE-2015-6420).

This repository contains three standalone projects:

  • payload-generator, our program that generates a serial binary payload.ser containing the serialized malicious object (reverse shell backend). The file is ready-to-deploy
  • victim, our victim server. Vulnerable to CVE-2015-6420
  • c2, our command & control server containing the reverse shell frontend

Note: This is part of a research project for my university; Code is not fully documented. I might add some slides later on.

See ysoserial (esp. CommonsCollections2) for some detailed insight on how this exploit works.

About

proof-of-concept demonstration of unsafe object deserialization

Topics

kotlin java reverse-shell deserialization vulnerability

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages