Tasks are based on the presentation from ZeroNights 2017
Several simple webapps with deserialization vulnerabilities in Docker containers
-
Python. Pickle
docker run -p 8080:80 greendog/wv_python
-
Node.js. node-serialize
docker run -p 8080:8080 greendog/wv_node
-
Java. Native Binary deserialization
docker run -p 8080:8090 greendog/wv_java
- https://github.com/frohoff/ysoserial
- https://github.com/federicodotta/Java-Deserialization-Scanner
- https://github.com/NetSPI/JavaSerialKiller
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
-
Java. Jackson
docker run -p 8080:8090 greendog/wv_java