Ruby 2.x Universal RCE Deserialization Gadget Chain

Bookmarked!

This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()

PRO Medium < 1 Hr. 1425 Green Badge

Course

This exercise covers the research by Luke Jahnke on Ruby deserialization, demonstrating how to gain code execution without relying on external libraries by controlling data in a call to Marshal.load(...). It explores generating the proper gadget to exploit this vulnerability effectively.

Skills covered

Injection Operating System

Included with PRO

Full course content 1 video Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account