Giters

pwntester / ysoserial.net

Deserialization payload generator for a variety of .NET formatters

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Error loadFromRemoteSources

chmod750 opened this issue · comments

commented

Hello,

I have an error executing a PSObject payload (ASP.NET Core Runtime 2.1.23). Does it means I have to bypass loadFromRemoteSources restrictions on the target too?

ysoserial.exe -f BinaryFormatter -g PSObject -o base64 -c "ping 10.0.0.1" -t

Unhandled Exception: System.NotSupportedException: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkId=155569 for more information.
at System.Reflection.RuntimeAssembly.nLoadFile(String path, Evidence evidence)
at System.Reflection.Assembly.LoadFile(String path)
at ysoserial.Generators.PSObjectGenerator.Generate(String formatter, InputArgs inputArgs) in D:\a\ysoserial.net\ysoserial.net\ysoserial\Generators\PSObjectGenerator.cs:line 67
at ysoserial.Generators.GenericGenerator.GenerateWithInit(String formatter, InputArgs inputArgs) in D:\a\ysoserial.net\ysoserial.net\ysoserial\Generators\GenericGenerator.cs:line 68
at ysoserial.Program.Main(String[] args) in D:\a\ysoserial.net\ysoserial.net\ysoserial\Program.cs:line 197

commented

In order to solve it do:

-open powershell
-send "[environment]::Version"

and read the version of .net.

-Now with the version of .net, if you are on 32 bits machine go to %windir%\Microsoft.NET\Framework\[version]\config\machine.config
Else if you are on 64 bits go to %windir%\Microsoft.NET\Framework64\[version]\config\machine.config.

-Then edit the file machine.config in order to get something with <loadFromRemoteSources enabled="true"/> like

<configuration>  
   <runtime>  
      <loadFromRemoteSources enabled="true"/>  
   </runtime>  
</configuration>

Then it should works.

Sources:

-https://stackoverflow.com/questions/2325473/where-is-machine-config/2325492#2325492
-https://docs.microsoft.com/fr-fr/dotnet/framework/configure-apps/file-schema/runtime/loadfromremotesources-element
-https://stackoverflow.com/questions/1565434/how-do-i-find-the-net-version
-https://askcodez.com/impossible-de-charger-lassembly-a-partir-de-lemplacement-reseau.html

As you can see it was a mitigation and you need that the target system disable this mitigation. No idea if it is bypassable.

commented

@chmod750 after a long long reading I think it is a bug that lead to block on c# sandbox.

Some generator bypass it some do not.

Sounds to be a bug. Not your mistake.