H2 RCE

This challenge covers how to gain code execution by leveraging an H2 database in a Java application

PRO
Tier
Easy
< 1 Hr.
86

Course


In this lab, participants will learn to exploit an exposed H2 console to gain remote code execution by leveraging the JRMPListener gadget from the ysoserial tool. The application under test embeds the commons-collections:3.1 library, which can be exploited using the JNDI RMI handler to execute arbitrary code. The lab guides users through the process of setting up a payload based on a public blog post and highlights the necessity of connecting to an in-memory H2 database named "testdb".

The video walkthrough provides a step-by-step guide on exploiting the H2 console, including accessing the console, setting up a JRMPListener, and crafting the appropriate SQL query to trigger the exploit. By the end of the exercise, participants will understand the mechanics of leveraging Java deserialization vulnerabilities in a controlled environment and how to use ysoserial to achieve code execution.

Want to learn more? Get started with PentesterLab Pro! GO PRO