Comments (7)
from ysoserial.net.
And My target program look like .net 2, it use "binaryFormatter.Deserialize(memoryStream);" , i can control memoryStream , so i think it have RCE vulnerbility
from ysoserial.net.
I think you are using the old version. You can get the latest version from https://github.com/pwntester/ysoserial.net/actions
That said, if your target uses .NET v2.0, we currently have an old branch for it which still requires .NET 3.5 to be available on the box: https://github.com/pwntester/ysoserial.net/tree/v2
from ysoserial.net.
We are in the process of updating the release section so that will soon be available too to reduce the confusion :)
from ysoserial.net.
I think you are using the old version. You can get the latest version from https://github.com/pwntester/ysoserial.net/actions
That said, if your target uses .NET v2.0, we currently have an old branch for it which still requires .NET 3.5 to be available on the box: https://github.com/pwntester/ysoserial.net/tree/v2
I down "Release 1.32" from the release page , because i do not have install visual studio tool or library, build the project maybe difficulty to me. But thanks to your answer, i will download the zip and try to build it , if success i wll close this issues.
from ysoserial.net.
"https://github.com/pwntester/ysoserial.net/suites/621551954/artifacts/4910623" is awesome.
try "ysoserial.exe -f BinaryFormatter -g RolePrincipal -c "cacl" -t -o base64" general payload seem not effect to target program.
"https://github.com/pwntester/ysoserial.net/tree/v2" build failed, seem i lose " .NETFramework,Version=v2.0 ", can u build it for me: )
from ysoserial.net.
ysoserial.exe -g TypeConfuseDelegate -f BinaryFormatter -c "calc.exe" -o base64 -t
string abc = "base64 string create by ysoserial";
MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(abc));
Console.WriteLine(Encoding.UTF8.GetString(memoryStream.ToArray()));
BinaryFormatter binaryFormatter = new BinaryFormatter();
object obj = binaryFormatter.Deserialize(memoryStream);
(netcoreapp3.1) dotnet run , Error Log:
Unhandled exception. System.InvalidCastException: Object must implement IConvertible.
at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
at System.Runtime.Serialization.FormatterConverter.Convert(Object value, Type type)
at System.Runtime.Serialization.SerializationInfo.GetValue(String name, Type type)
at System.Collections.Generic.SortedSet`1.OnDeserialization(Object sender)
at System.Collections.Generic.SortedSet`1.System.Runtime.Serialization.IDeserializationCallback.OnDeserialization(Object sender)
at System.Runtime.Serialization.ObjectManager.RaiseDeserializationEvent()
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(BinaryParser serParser, Boolean fCheck)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, Boolean check)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream)
Referer: https://medium.com/@frycos/yet-another-net-deserialization-35f6ce048df7
The same Error in ysoserial.exe version Release-17 and Release 1.33
from ysoserial.net.
Related Issues (20)
- n/a
- Differences in output from plugin DotNetNuke using release 1.32 vs 1.34. HOT 2
- Any gadget for .NET Core HOT 3
- Detection without out-of-band interaction HOT 1
- Constantly encountering FormatException: Invalid length for a Base-64 char array or string. HOT 1
- the exe file considered having a virus HOT 1
- Unable to cast object of type 'System.Windows.Data.ObjectDataProvider' to type 'System.Windows.Media.Brush' HOT 2
- 033102051731: The given key was not present in the dictionary HOT 1
- cannot be exploited when in compatibility mode....... compatibilityMode="Framework45" HOT 1
- Update Outdated Dependencies HOT 2
- The problem of deserializing AES\3DES in Viewstate HOT 3
- Handling gadgets that don't result in command execution
- Requires AES/3DES support
- fix artifact and document how to compile HOT 5
- add TypeNameHandling.Auto
- Default output format - Release 1.35
- The XamlAssemblyLoadFromFileGenerator gadget is not a gadget
- Bug Report: Regex in DataContractSerializer_Marshal_2_MainType Function HOT 3
- How to Generate Encrypted ViewState without MAC Validation HOT 1
- Include Compilation Instructions HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ysoserial.net.