Fixed an off-by-one error in the fingerprinting randomization
This commit is contained in:
parent
3a48282138
commit
ddd9ab2041
|
@ -53,7 +53,7 @@ class JavaDeserialization
|
|||
end
|
||||
|
||||
# Replace "ysoserial\/Pwner" timestamp string with randomness for evasion
|
||||
bytes.gsub!(/ysoserial\/Pwner000000000000000/, Rex::Text.rand_text_alphanumeric(30))
|
||||
bytes.gsub!(/ysoserial\/Pwner00000000000000/, Rex::Text.rand_text_alphanumeric(29))
|
||||
|
||||
return bytes
|
||||
else
|
||||
|
|
|
@ -63,7 +63,7 @@ def generatePayload(payloadName,searchStringLength)
|
|||
#STDERR.puts " Successfully generated #{payloadName} using #{YSOSERIAL_BINARY}"
|
||||
|
||||
# Strip out the semi-randomized ysoserial string and trailing newline
|
||||
payload.gsub!(/#{YSOSERIAL_RANDOMIZED_HEADER}[[:digit:]]+/, 'ysoserial/Pwner000000000000000')
|
||||
payload.gsub!(/#{YSOSERIAL_RANDOMIZED_HEADER}[[:digit:]]+/, 'ysoserial/Pwner00000000000000')
|
||||
return payload
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue