Ox Remote Code Execution

Bookmarked!

This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.3

PRO Hard 2-4 Hrs. 89 Brown Badge

Course

This lab covers the research by Luke Jahnke on Ruby deserialization, specifically porting an exploit to another deserializer, Optimized XML (Ox). The challenge involves modifying a provided script to generate the necessary gadget and translating it to the XML syntax used by Ox.

Skills covered

Injection Operating System Network

Included with PRO

Full course content 1 video

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account