Ruby Security Field Guide

YAML Level 4

Welcome to the final level of the YAML deserialization exploitation challenges! Similar to the previous three exercises, you'll need to pull down the workshop files using the link below, and then modify the exploit.rb file to see if you can get remote code execution on the remote application. Good luck!

Installation Steps

    $ gem install bundler
    $ bundle install
    $ ./app.rb &
    $ ./exploit.rb <command>

Level 4 Files