# TL;DR

Too Many Credits was a web challenge with an unsafe Java object deserialization vulnerability. This result into a blind RCE thanks to ysoserial.

# Full WriteUp

Available at [https://www.aperikube.fr/docs/tamuctf_2020/too_many_credits/](https://www.aperikube.fr/docs/tamuctf_2020/too_many_credits/)

Original writeup (https://www.aperikube.fr/docs/tamuctf_2020/too_many_credits/).