Course

This exercise centers on a serialization vulnerability in Java, specifically when ObjectInputStream is used to deserialize arbitrary objects provided as base64-encoded data. The goal of this set of exercises is to teach you how to construct your own gadgets, rather than depending on tools like ysoserial. Each challenge builds on the previous one, providing you with part of the gadget through the class AnotherClass, which you can leverage to achieve command execution.

To exploit this issue, you will need to write a Java program that creates a malicious object and dumps it as base64. In this challenge, you will use a java.util.PriorityQueue that triggers the compare() method upon deserialization. A slight twist is introduced: the compare method throws a RuntimeException if the command fails during gadget creation. You can bypass this either by creating the right file as a symbolic link on your system or by cloning the ysoserial code to avoid running the command locally, thereby deepening your understanding.