XMLDecoder

This course details the exploitation of a Java application using XMLDecoder to unserialize arbitrary data, a common vulnerability that can lead to code execution. The exercise is based on a real-world scenario from the NullCon 2016 CTF, where users are allowed to sign and verify documents. By examining the signature generated by the server, you will identify the use of XMLDecoder and craft a malicious XML payload to gain a shell on the server.

You will transform Java code into the appropriate XML format, leveraging Runtime().exec() and ProcessBuilder to achieve remote code execution. The course will guide you through each step, from understanding the vulnerability to creating and injecting the payload, culminating in the successful execution of arbitrary commands on the target server.