Skip to content

NickstaDB/DeserLab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
src/nb/deser
src/nb/deser
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

DeserLab

Java deserialization exploitation lab.

Simple Java client and server application that implements a custom network protocol using the Java serialization format to demonstrate Java deserialization vulnerabilities.

Download v1.0 built and ready to run from here: https://github.com/NickstaDB/DeserLab/releases/download/v1.0/DeserLab-v1.0.zip

Usage

First launch the server-side component as follows:

$ java -jar DeserLab.jar -server <listen-address> <listen-port>

Next, use the client to interact with the server component as follows:

$ java -jar DeserLab.jar -client <server-address> <server-port>

Now pop some calcs ;)

Note: If you build DeserLab.jar yourself then you will need to make sure there is a library containing useful POP gadgets available on the CLASSPATH e.g.:

$ java -cp <gadgetlib> -jar DeserLab.jar -server <listen-address> <listen-port>

About

Java deserialization exploitation lab.

Resources

Readme

License

MIT license
Activity

Stars

237 stars

Watchers

8 watching

Forks

48 forks
Report repository

Releases 1

DeserLab-v1.0 Latest
Aug 12, 2017

Packages

No packages published

Languages