Exploit Java Deserialization | Exploiting JBoss 6.1.0

Finally! This is it, this is what we've been building to. How to reliably exploit a vulnerable read function.

It's in this video that we're going to:
- locate the gadget
- craft the exploit
- and launch the payload.

Oh and if you want to follow along, here's the link to the Docker container for Jboss:

Deserialization Cheat Sheet

Docker Lab - Java Deserialization

Shells in Your Serial – Exploiting Java Deserialization on JBoss

Github - ysoserial

CommonsCollections Reverse Shell