Ox Remote Code Execution

This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.3

2-4 Hrs.
Brown Badge


In this exercise, you will explore the world of Ruby deserialization by working on a challenge that involves porting an exploit to a different deserializer, Optimized XML (Ox). This lab is based on the research conducted by Luke Jahnke and builds upon previous exercises, specifically the Ruby 2.x Universal RCE Deserialization Gadget Chain. The primary goal is to modify the given script to generate the appropriate gadget that calls the method `Kernel.open(...)` and then translate it to the XML syntax used by Ox.

The exploitation process includes dumping part of the payload using `Ox.dump(...)` to see what gets generated and adjusting the script accordingly. By the end of this exercise, you should be able to translate a working exploit to another serialization format, enabling you to test more serialization libraries and potentially reuse the exploit. This exercise is a practical and insightful look into Ruby deserialization and its applications in ethical hacking.

Want to learn more? Get started with PentesterLab Pro! GO PRO