@aegis-scan/skills 0.1.1

package/skills/offensive/snailsploit-fork/deserialization/SKILL.md

@@ -0,0 +1,185 @@
+<!-- aegis-local: forked 2026-04-23 from SnailSploit/Claude-Red@c74d53e2938b59f111572e0819265a1e73029393; attribution preserved, see ATTRIBUTION.md -->
+
+# SKILL: Insecure Deserialization
+
+## Metadata
+- **Skill Name**: insecure-deserialization
+- **Folder**: offensive-deserialization
+- **Source**: https://github.com/SnailSploit/offensive-checklist/blob/main/insecure-deserialization.md
+
+## Description
+Insecure deserialization attack checklist: identifying deserialization sinks, Java/PHP/.NET/Python deserialization exploitation, ysoserial gadget chains, magic method abuse, and detection evasion. Use when testing deserialization endpoints or developing deserialization exploits.
+
+## Trigger Phrases
+Use this skill when the conversation involves any of:
+`deserialization, insecure deserialization, ysoserial, Java deserialization, PHP deserialization, .NET deserialization, pickle, gadget chain, magic method, ObjectInputStream`
+
+## Instructions for Claude
+
+When this skill is active:
+1. Load and apply the full methodology below as your operational checklist
+2. Follow steps in order unless the user specifies otherwise
+3. For each technique, consider applicability to the current target/context
+4. Track which checklist items have been completed
+5. Suggest next steps based on findings
+
+---
+
+## Full Methodology
+
+# Insecure Deserialization
+
+Happens when applications deserialize program objects without proper precaution. An attacker can then manipulate serialized objects to change program behavior and even execute code.
+
+## Shortcut
+
+1. Search source for deserialization that touches user input.
+2. If black-box, look for large, opaque blobs (cookies, headers, bodies) and unusual content-types.
+3. Identify features that must deserialize user-supplied data (session, jobs/queues, file metadata, tokens).
+4. If identity is embedded, tamper to attempt auth bypass.
+5. Try to escalate to RCE/logic abuse carefully and non-destructively.
+
+## Mechanisms
+
+- Occurs when user-controlled data is deserialized without strict allowlists and integrity checks. Exploits often occur during deserialization (magic methods, constructors), before app logic runs.
+- Prefer data formats that don’t instantiate code (JSON), and disable polymorphic typing.
+
+## Hunt
+
+1.  **Identify Potential Inputs:**
+    - HTTP parameters/headers/cookies, file uploads, message queues, caches, DB‑stored user content
+2.  **Recognize Serialized Data:**
+    - **PHP:** `O:<len>:"Class":...` (often Base64), PHAR archives (`phar://`)
+    - **Java:** hex `ac ed 00 05` or Base64 `rO0`; XMLDecoder/XStream flows
+    - **.NET:** legacy `BinaryFormatter`/`SoapFormatter` (unsafe/deprecated); Base64 `AAEAAAD/////`
+    - **Python:** `pickle` opcodes; unsafe `yaml.load` without `SafeLoader`
+    - **Ruby:** `YAML.load` unsafe; use `safe_load`
+3.  **Source Review (if available):**
+    - **Java:** `ObjectInputStream.readObject`; enable `ObjectInputFilter`, disable Jackson default typing; use allowlists
+    - **PHP:** `unserialize()`; file operations that dereference `phar://`
+    - **.NET:** avoid `BinaryFormatter`; use `System.Text.Json`
+    - **Python:** avoid `pickle` for untrusted data; `yaml.safe_load`
+    - **Node.js:** `node-serialize`, `serialize-javascript`, `funcster` with unsafe eval()
+    - **Golang:** `encoding/gob` with interface{} type confusion
+    - **Ruby:** `Marshal.load()`, `YAML.load()` without `safe_load`
+    - **Rust:** `serde` with YAML/bincode, `ron` (Rusty Object Notation)
+4.  **Dynamic Analysis:** Intercept and mutate; watch for error stack traces, class names, and timing anomalies.
+
+## Bypass Techniques
+
+1.  **Alternate Gadgets/Classes:** Switch payload chains if blocklists are present.
+2.  **Type Confusion:** Change expected types to bypass weak validation.
+3.  **Indirect Paths:** Sink data into storage that a different component later deserializes.
+4.  **Format Specific:** PHAR wrappers, XML entity tricks, language‑specific unserialize quirks.
+5.  **Post‑deserialization Impact:** Abuse magic methods that run before validation.
+
+## Language-Specific Details
+
+### Node.js
+
+- **node-serialize**: RCE via `_$$ND_FUNC$$_` IIFE pattern
+  ```javascript
+  {"rce":"_$$ND_FUNC$$_function(){require('child_process').exec('whoami', function(error, stdout){console.log(stdout)});}()"}
+  ```
+- **serialize-javascript**: Unsafe eval() when not properly escaped
+- **funcster**: Arbitrary function serialization leads to code execution
+- **Detection**: Look for `{"_$$ND_FUNC$$_` or serialized function strings in cookies/tokens
+
+### Golang
+
+- **encoding/gob**: Type confusion attacks when using `interface{}` types
+  ```go
+  // Vulnerable: accepts any type
+  var data interface{}
+  dec := gob.NewDecoder(buffer)
+  dec.Decode(&data)
+  ```
+- **encoding/json**: Generally safe but Unmarshal into `interface{}` allows unexpected types
+- **MessagePack**: Unsafe reflection in `github.com/vmihailenco/msgpack` with custom decoders
+- **Mitigation**: Use concrete types, avoid `interface{}` for untrusted data
+
+### Rust
+
+- **serde**: Generally memory-safe but logic bugs possible with custom `Deserialize` implementations
+- **bincode**: Binary serialization - ensure versioning and size limits
+- **ron** (Rusty Object Notation): Can deserialize into arbitrary types if schema not restricted
+- **YAML**: `serde_yaml` with untrusted input can cause DoS via deeply nested structures
+- **Best Practice**: Use `#[serde(deny_unknown_fields)]` and explicit type constraints
+
+### Additional Languages
+
+- **Ruby**:
+  - `Marshal.load()`: Gadget chains exist (e.g., `Gem::Requirement`, `Gem::RequestSet`)
+  - Tools: `Ruby Marshal RCE` (exploit scripts)
+- **Python**:
+  - `pickle`: Extensive gadget chains, `__reduce__` magic method exploitation
+  - `yaml.load()`: Use `yaml.safe_load()` or `yaml.load(data, Loader=yaml.SafeLoader)`
+- **Java**:
+  - Apache Commons Collections (InvokerTransformer chain)
+  - Spring Framework (PropertyPathFactoryBean)
+  - Tool: `ysoserial` - generates payloads for 30+ gadget chains
+
+## Modern Attack Vectors
+
+### Container & Kubernetes
+
+- **ConfigMaps/Secrets**: Applications deserializing YAML/JSON from ConfigMaps without validation
+- **Admission Webhooks**: Kubernetes admission controllers deserializing `AdmissionReview` objects
+  - Test by submitting pods with malicious annotations or labels containing serialized payloads
+- **CRD Controllers**: Custom Resource Definitions with unsafe deserialization in reconciliation loops
+- **Attack**: Submit malicious Custom Resource → controller deserializes → RCE in cluster
+
+### Message Queues
+
+- **Kafka/RabbitMQ/Redis**: Consumers blindly deserializing messages from queues
+  ```python
+  # Vulnerable consumer
+  msg = consumer.receive()
+  data = pickle.loads(msg)  # Attacker controls msg
+  ```
+- **Testing**: Publish crafted serialized objects to queues if you have producer access
+- **Impact**: Compromise all consumers processing the poisoned queue
+
+### Serverless Functions
+
+- **AWS Lambda**: Event payloads deserialized from S3 triggers, SNS, SQS
+- **Google Cloud Functions**: HTTP request bodies automatically deserialized
+- **Azure Functions**: Blob triggers with automatic deserialization
+- **Attack Vector**: Upload malicious serialized object to S3 → Lambda deserializes → RCE in serverless context
+
+### CI/CD Pipelines
+
+- **Jenkins**: Java deserialization in remoting protocol (multiple CVEs)
+- **GitLab Runners**: YAML deserialization in `.gitlab-ci.yml` with unsafe anchors/aliases
+- **GitHub Actions**: Workflow files with embedded serialized data in custom actions
+- **Build Artifacts**: Deserializing cached build objects from untrusted sources
+
+### GraphQL / API Gateways
+
+- **Custom Scalars**: GraphQL custom scalar types deserializing complex objects
+- **Input Coercion**: API gateways converting JSON to language objects without validation
+- **Batch Operations**: Bulk import/export features deserializing uploaded files
+
+## Vulnerabilities / Impacts
+
+- **RCE via gadget chains**: Execute arbitrary code through chained object instantiation
+- **Arbitrary file access**: Read/write files via path traversal in deserialization
+- **DoS via resource bombs**: Billion laughs-style attacks with nested objects (zip bombs, XML bombs)
+- **Auth bypass via object field tampering**: Modify `is_admin`, `role`, `user_id` fields in session objects
+- **Downstream SQLi with tainted fields**: Deserialized objects used in SQL queries without sanitization
+- **Memory exhaustion**: Allocate large data structures during deserialization
+- **Type juggling attacks**: Language-specific type coercion vulnerabilities
+
+## Methodologies
+
+- Identify → Format → Mutate/Fuzz → Exploit chain → Verify impact safely
+- Tools: `ysoserial`, `phpggc`, `ysoserial.net`, Burp Deserialization Scanner, Semgrep rules for dangerous sinks, `marshalsec`, gadget inspectors.
+
+## Remediation Recommendations
+
+1.  Avoid deserializing untrusted input; use JSON with schemas.
+2.  Verify integrity first (HMAC/signature) and only then deserialize; reject on mismatch.
+3.  Use safe, specific serializers without polymorphic typing; implement allowlists.
+4.  Isolate deserialization code under least privilege and sandboxing; timeouts/memory limits.
+5.  Keep libraries updated; monitor for anomalies.
+