CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/rex/exploit/view_state.rb
Views: 1904
# -*- coding: binary -*-12module Rex3module Exploit4class ViewState5class Error < Rex::RuntimeError6end78def self.decode_viewstate(encoded_viewstate, algo: 'sha1')9viewstate = Rex::Text.decode_base64(encoded_viewstate)1011unless Rex::Text.encode_base64(viewstate) == encoded_viewstate12raise Error.new('Could not decode ViewState')13end1415hmac_len = OpenSSL::Digest.new(algo).digest_length1617if (data = viewstate[0...-hmac_len]).empty?18data = nil19end2021hmac = viewstate[-hmac_len..-1]22unless hmac&.length == hmac_len23raise Error.new('Could not decode ViewState')24end2526{ data: data, hmac: hmac }27end2829def self.generate_viewstate(data, extra: '', algo: 'sha1', key: '')30# Generate ViewState HMAC from known values and validation key31hmac = generate_viewstate_hmac(data + extra, algo: algo, key: key)3233# Append HMAC to provided data and Base64-encode the whole shebang34Rex::Text.encode_base64(data + hmac)35end3637def self.generate_viewstate_hmac(data, algo: 'sha1', key: '')38OpenSSL::HMAC.digest(algo, key, data)39end4041def self.is_viewstate_valid?(encoded_viewstate, extra: '', algo: 'sha1', key: '')42viewstate = decode_viewstate(encoded_viewstate)4344unless viewstate[:data]45raise Error.new('Could not retrieve ViewState data')46end4748unless (their_hmac = viewstate[:hmac])49raise Error.new('Could not retrieve ViewState HMAC')50end5152our_hmac = generate_viewstate_hmac(53viewstate[:data] + extra,54algo: algo,55key: key56)5758# Do we have what it takes?59our_hmac == their_hmac60end6162class << self63alias_method :can_sign_viewstate?, :is_viewstate_valid?64end65end66end67end686970