How to Generate Encrypted ViewState without MAC Validation

pwntester / ysoserial.net

Deserialization payload generator for a variety of .NET formatters

MIT License

3.24k stars 474 forks source link

How to Generate Encrypted ViewState without MAC Validation #160

Closed meme-lord closed 10 months ago

meme-lord commented 10 months ago

I was reading https://soroush.me/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/ by @irsdl and he mentions:

Prior to the .NET Framework version 4.5, the __VIEWSTATE parameter could be encrypted whilst the MAC validation feature was disabled.

I want be able to generate a Viewstate with ysoserial that is encrypted but doesnt have MAC validation but it seems like the Viewstate plugin requires validationKey as a parameter.

meme-lord commented 10 months ago

Figured it out need the --legacy flag