Skip to content
Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
BSidesAttackClient/src/de/mogwailabs/BSidesRMIService
BSidesMucRmiService
BSides Exploiting RMI Services.pdf
README.md
barmitzwa.groovy

README.md

Attacking Java RMI services after JEP 290

This repository contains all examples from my talk "Attacking Java RMI services in 2019" at BSides Munich 2019. I also included the slides, however a more detailed explanation of this topic can be found on our blog.

BSidesMucRmiService

This is a simple RMI service that I used as an example. It is a Maven project with CommonsCollections 3.1 bundled. Additional instructions how to build/run this service cna be found in the directory.

BSidesAttackClient

This directory contains a minimal code example how to attack an RMI service that provides a method that accepts an arbitrary object as argument. The code needs to be imported into an project that also includes the ysoserial jar.

barmitzwa.groovy

A YouDebug script that replaces the objects in a remote invocation call with an object from ysoserial.

You can’t perform that action at this time.