Documentation
¶
Overview ¶
Package aspnet provides helper functions to deal with ASP.NET and C# applications that utilize the state preserving hidden fields. These are notoriously annoying to automate and require multiple requests per action and often simulate user interaction clicks. The ASPState type helps speed up development of those requests.
The package can be used to facilitate chains of go-exploit requests to ASP.NET applications like so:
state := aspnet.State{}
resp, body, ok := protocol.HTTPSendAndRecvWith("GET", conf.GenerateURL("/management/AdminDatabase.aspx"), "")
if !ok {
output.PrintError("Could not retrieve to the admin database endpoint")
return false
}
state.Update(body)
// Now only the parameters that are required can be utilized and no special body parsing
// for __VIEWSTATE and friends is required.
p := state.MergeParams(map[string]string{
"__EVENTTARGET": "ctl00$MainContent$DatabaseType",
"ctl00%24MainContent%24DatabaseType": "psql",
})
params := protocol.CreateRequestParamsEncoded(p)
headers["Content-Type"] = "application/x-www-form-urlencoded"
resp, body, ok = protocol.HTTPSendAndRecvWithHeaders("POST", conf.GenerateURL("/management/AdminDatabase.aspx"), params, headers)
if !ok {
output.PrintError("Could not POST to the admin database endpoint")
return false
}
// Update the state from the previous POST response, this time we only want the states and have no content
state.Update(body)
params := protocol.CreateRequestParamsEncoded(state.AsParams())
resp, body, ok := protocol.HTTPSendAndRecvWithHeaders("POST", conf.GenerateURL("/management/AdminDatabase.aspx"), params, headers)
if !ok {
output.PrintError("Could not POST to the admin database endpoint")
return false
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type State ¶
type State struct {
ViewState *string
ViewStateGenerator *string
EventTarget *string
EventValidation *string
EventArgument *string
LastFocus *string
}
State represents the current state of the steps in a request chain for a ASP.NET application. The state should have all possible ASP.NET common state values represented and if they are not set in the current request state will be nil. This state struct only covers __VIEWSTATE, __VIEWSTATEGENERATOR, __EVENTVALIDATION, __EVENTARGUMENT, __EVENTTARGET, and __LASTFOCUS. The __EVENTTARGET and __EVENTARGUMENT are purposefully not omitted as there are often multiple or non-state required targets, so ensure they are set to the specific target.
func (*State) AsParams ¶
AsParams creates a map structure for use with the protocol package HTTP helpers or in their raw map form. If the last process state did not have one of the parameters it will not be set, but empty string values are preserved.
func (*State) MergeParams ¶
MergeParams merges the hand written or custom parameters and the ASP.NET state parameters to allow for a single call to protocol.CreateRequestParamsEncoded for both the current state and any modifications that are necessary. The same rules for parameter empty vs not found exist as AsParams. The parameters passed in the function will override the underlying state values if they are passed.
func (*State) Update ¶
Update the State to extract the supported state values and reset the parameters that are not found. This should be called after each HTTP request that requires state updates. This update only works on the first matched state document and if multiple states are set on the expected page manual updating may be required.
Source Files