Skip to content

Commit 6e04e37

Browse files
sanjay-nsssanjay-nss
committed
README.md update
1 parent 0e476e4 commit 6e04e37

4 files changed

Lines changed: 21 additions & 28 deletions

File tree

README.md

Lines changed: 21 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,43 +1,40 @@
11

2-
DeserializationHelper can be used to quickly setup YSoSerial, YSoSerial.Net, PHPGGC, and other tools. Using this tool, you will be able to generate Deserialization Payload via web frontend.
32

4-
## Prerequisite
5-
6-
- Windows OS
7-
8-
## Installation
3+
It's Web Interface to generate payload using various deserialization exploitation framework
94

5+
## Description
106

11-
1. Download the latest relaese from the release tab.
12-
![Usage](Usage/Release/1.jpg)
7+
During the pentesting engagement of the application which are built in different programing langauge. In order to exploit the deserialization vulnerability it is require to setup different tools like YSoSerial(Java), YSoSerial.NET, PHPGGC and it's pre-requisite. DeserializationHelper is the web interface which contains the support for YSoSerial(Java), YSoSerial.Net, PHPGGC, and other tools. Using the web interface you can generate the deserialization payload for various framework.
138

14-
2. Create the website using IIS Manager.
9+
## Desclaimer
1510

16-
![Usage](Usage/Release/2.png)
11+
This tool is not intended to be used to attack systems except where explicitly authorized. We are not responsible or liable for misuse of the software. Please use it responsibly.
1712

18-
3. Provide the website information
19-
![Usage](Usage/Release/3.png)
13+
## Prerequisite
2014

15+
- Windows OS
2116

22-
4. Please check that the following packages are installed in IIS before browsing the application.
23-
![Usage](Usage/Release/4.png)
17+
## Installation
2418

25-
5. Browse the application.
26-
![Usage](Usage/Release/5.png)
19+
- To build the source code
20+
- Follow the [build guide](Usage/Build.md)
21+
- To install the latest released version
22+
- Follow the [deployment guide](Usage/Deployment.md)
23+
- Web.config Permission Issue
24+
- Follow the [Permission issue guide](Usage/IIS_Permission.md)
25+
- Directory Issue
26+
- Follow the [Directory Listing issue guide](Usage/DirectoryListing.md)
2727

28-
6. Navigates to the options and generate the payload
29-
![Usage](Usage/Release/6.png)
30-
31-
## Troubleshooting
28+
## Usage
3229

33-
If you face any permission issues as shown below.
34-
![Usage](Usage/Release/7.png)
30+
Navigate to the link for which you want to generate the payload. For example, In order to generate YSoSerial Deserialization payload then use "YSoSerial" tab as shown below:
3531

36-
You can fix the permission by following the steps as shown in below screenshot.
37-
![Usage](Usage/Release/8.png)
32+
![Usage](Usage/Usage.png)
3833

3934
## References
4035

36+
- https://notsosecure.com/remote-code-execution-via-php-unserialize/
37+
- https://notsosecure.com/exploiting-viewstate-deserialization-using-blacklist3r-and-ysoserial-net/
4138
- https://github.com/frohoff/ysoserial
4239
- https://github.com/pwntester/ysoserial.net
4340
- https://github.com/ambionics/phpggc

Usage/Deployment.md

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,4 @@
1717

1818
![Usage](Deployment/4.png)
1919

20-
**Step 5:** Navigates to the options and generate the payload<br/>
21-
22-
![Usage](Deployment/5.png)
23-
2420

Usage/Deployment/5.png

-132 KB
Binary file not shown.

Usage/Usage.png

107 KB
Loading

0 commit comments

Comments
 (0)