Ox Remote Code Execution
Bookmarked!This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.3
In this exercise, you will explore the world of Ruby deserialization by working on a challenge that involves porting an exploit to a different deserializer, Optimized XML (Ox). This lab is based on the research conducted by Luke Jahnke and builds upon previous exercises, specifically the Ruby 2.x Universal RCE Deserialization Gadget Chain. The primary goal is to modify the given script to generate the appropriate gadget that calls the method Kernel.open(...)
and then translate it to the XML syntax used by Ox.
The exploitation process includes dumping part of the payload using Ox.dump(...)
to see what gets generated and adjusting the script accordingly. By the end of this exercise, you should be able to translate a working exploit to another serialization format, enabling you to test more serialization libraries and potentially reuse the exploit. This exercise is a practical and insightful look into Ruby deserialization and its applications in ethical hacking.