Java Serialize 04

Bookmarked!

This exercise is one of our challenges to help you learn Java Serialisation exploitation

PRO Medium < 1 Hr. 110 Java Deserialization Badge

Course

This exercise covers exploiting a serialization issue in Java by leveraging the <code>ObjectInputStream</code> class to deserialize arbitrary objects. The goal is to build your own gadgets without relying on ysoserial, ultimately leading to command execution.

Skills covered

Injection

Included with PRO

Full course content 1 video Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account