Durbo Serializer (response.bin payload generation)

[jbertman]

Fantastic work here @0ang3el, thanks for the hard work!

I was wondering if you could share your process for generating the response.bin payload. Hex-editing the one you have just isn't working for additional features I'd like to add to the resulting JSP. Do you have any documentation for serializing/generating the replication-ready binary?

Thanks in advance!

[0ang3el]

Hi @jbertman!

I don't have much knowledge about Durbo serialization format. What I did to construct response.bin. I configured reverse replication between AEM publish and AEM author instances on my test stand. Then I created node with JSP script on publish instance and launched reverse replication process. By sniffing traffic I created response.bin file. Later I checked that this file worked with script that mimics AEM server.

[jbertman]

Thanks for the pointer, @0ang3el! I'll give that a shot.

[jbertman]

I don't want to turn this into a support channel, but I'm having issues in even creating a reverse replicator that triggers on the content you have in the aem-rce sling script, hoping you can help.

I'm able to create the content without issue (using your script), and it works perfectly on the Publish instance, but I can't seem to trigger the reverse-replication (putting the content in the outbox). Could you share how you went about setting up the agent? I tried doing it via the Sling API, miscadmin, as well as setting cq:distribute, but I can't seem to create something that picks up the content properly. I made sure the reverse-replicator is live, and it works well with the SSRF-RCE script (and your response.bin payload). Do you have any insight?

Thanks in advance!

[jbertman]

I have since figured out a decent setup utilizing the /bin/replicate Sling API. The un-intuitive key to getting replication to succeed on my end was to uncheck Ignore default, On Modification, and On Distribute in the Reverse Replicator (outbox) on the Publish instance.

I was then able to manually activate my desired payload using the Sling API, like:

curl -v -k -s -X POST -H "Referer: http://<publishinstance>:4503" -u "admin:admin" "http://<publishinstance>:4503/bin/replicate.json" -F cmd="activate" -F path="/apps/custompayloadtype/html.jsp" > /dev/null
curl -v -k -s -X POST -H "Referer: http://<publishinstance>:4503" -u "admin:admin" "http://<publishinstance>:4503/bin/replicate.json" -F cmd="activate" -F path="/custompayload" > /dev/null