deserialization-dotnet
OfficialExploit .NET deserialization vulns.
Software Engineering#.net deserialization#ysoserial.net#dotnet deserialization#BinaryFormatter exploit#ViewState exploit#remote code execution
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit dangerous .NET deserialization vulnerabilities in web applications, enabling remote code execution.
Core Features & Use Cases
- Vulnerability Detection: Identifies common .NET deserialization vectors like ViewState, JSON.NET
$typeproperties, and SOAP endpoints. - Payload Generation: Leverages tools like
ysoserial.netto create exploit payloads for various .NET formatters. - Exploitation: Guides the user through crafting and sending malicious serialized data to achieve RCE.
- Use Case: A penetration tester discovers a web application accepting serialized ViewState data. This Skill assists in generating a signed ViewState payload using known machine keys to gain command execution on the server.
Quick Start
Use the deserialization-dotnet skill to generate a ysoserial.net payload for exploiting a ViewState vulnerability.
Dependency Matrix
Required Modules
ysoserial.netblacklist3rbadsecrets
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: deserialization-dotnet Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#deserialization-dotnet Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.