bao7uo / rau_crypto Goto Github PK
View Code? Open in Web Editor NEWTelerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)
License: Apache License 2.0
Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)
License: Apache License 2.0
too much errors in code
Hey Paul,
do you have the DLL you would suggest to use to get a shell at all?
Hi,
Issue: cipher.encrypt need bytes and not string.
The return line on encrypt function bring to:
Traceback (most recent call last):
File "RAU_crypto.py", line 327, in <module>
mode_Post()
File "RAU_crypto.py", line 285, in mode_Post
print(upload(TempTargetFolder, Version, payload_filename, url))
File "RAU_crypto.py", line 201, in upload
payload_filename
File "RAU_crypto.py", line 163, in payload
data += rauPostData_prep(quiet, TempTargetFolder, Version) + "\r\n"
File "RAU_crypto.py", line 111, in rauPostData_prep
RAUCipher.encrypt(TempTargetFolder),
File "RAU_crypto.py", line 76, in encrypt
return base64.b64encode(cipher.encrypt(plaintext)).decode()
File "C:\Python36\lib\site-packages\Crypto\Cipher\_mode_cbc.py", line 162, in
encrypt
c_uint8_ptr(plaintext),
File "C:\Python36\lib\site-packages\Crypto\Util\_raw_api.py", line 196, in c_u
int8_ptr
raise TypeError("Object type %s cannot be passed to C code" % type(data))
TypeError: Object type <class 'str'> cannot be passed to C code
Anyway I solved such issue changing from:
return base64.b64encode(cipher.encrypt(plaintext)).decode()
To:
return base64.b64encode(cipher.encrypt(plaintext.encode('utf-8'))).decode()
Thanks
hi I could not use your code with mixdll in kali ,please guide for make mixdll ,I build dll in visual studio 2017 but i can not make mixdll with your guide in your page
I use other projects that they use your code bud any of them didn't work
thanks
https://github.com/noperator/CVE-2019-18935
Q1:How to mapping Telerik.Web.UI.WebResource version in this http response
Version=4.0.0.0, CultureTelerik.Web.UI.WebResource.axd?TSM_HiddenField=ContentPlaceHolder_FormTop_RadScriptManager1_TSM&compress=1&TSM_CombinedScripts=;;System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35:zh-TW:8f95decb-d716-4257-bc42-c772df7173e5:ea597d4b:b25378d2;Telerik.Web.UI:zh-TW:df833b2e-28ee-45e7-8320-6f2a9cb883d7:16e4e7cd:f7645509:22a6274a:24ee1bba:6a6d718d
Q2
How to fix unbound method addHmac() must be called with RAUCipher instance as first argument (got str instance instead)
log:
python 43874.py -P c:\inetpub\wwwroot 2017.2.503 43609.py https://target/Telerik.Web.UI.WebResource.axd?type=rau
file: 43609.py
version:2017.2.503
destination c:\inetpub\wwwroot
Preparing payload...
Traceback (most recent call last):
File "43874.py", line 322, in
mode_Post()
File "43874.py", line 280, in mode_Post
print(upload(TempTargetFolder, Version, payload_filename, url))
File "43874.py", line 196, in upload
payload_filename
File "43874.py", line 158, in payload
data += rauPostData_prep(quiet, TempTargetFolder, Version) + "\r\n"
File "43874.py", line 103, in rauPostData_prep
Version
TypeError: unbound method addHmac() must be called with RAUCipher instance as first argument (got str instance instead)
How to upload a arbitrary file upload Please give an example? Documentation is not understandable ๐ค๐ค
pycrypto library is outdated, pycryptodome should be used
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.