Welcome to Level 1 of the YAML deserialization exploitation exercises! In this exercise you will learn the basics of YAML exploitation developement by attempting to exploit a tiny rails app. Pull down the workshop files in the link below, change directory into the project folder, and run the following steps to get setup. Once you have the app running, modify the exploit.rb file until you can successfully run arbitrary code on the remote rails app. If you get stuck, perhaps check out the sample code mentioned previously...
$ gem install bundler
$ bundle install
$ ./app.rb &
$ ./exploit.rb <command>