Java Serialize 02

This exercise is one of our challenges to help you learn Java Serialisation exploitation

< 1 Hr.


The "Java Serialize 02" lab focuses on the exploitation of serialization issues in Java. Specifically, it covers how applications that use ObjectInputStream can be vulnerable to the deserialization of arbitrary objects provided as base64-encoded data. This lab aims to educate users on constructing their own gadgets for code execution without relying on third-party tools like ysoserial.

In the video guide, the instructor walks through the process of copying source code, modifying it to create a malicious object, and encoding this object in base64. The video also demonstrates how to handle common issues such as serial version UID mismatches when modifying classes. This exercise culminates in achieving code execution and understanding the underlying principles of Java serialization vulnerabilities.

Want to learn more? Get started with PentesterLab Pro! GO PRO