Navigation
SEARCH
TOOLBOX
LANGUAGES
modified on 28 June 2010 at 22:32 ••• 3,649 views

DotNet/ViewState Decoder ASP.NET 2.0

From

Jump to: navigation, search

Inspired on (and with a couple code snippets from) Pluralsight's Fritz Onion "ViewState Decoder (2.2)" tool (see http://mercury.pluralsight.com/tools.aspx ) here is a ViewState decoder for ASP.NET 2.0 (built as an O2 Script)

screenshots

  • paste the sourcecode included at the end of this page on a new instance of O2's Simple Script Editor

Image:6_3_2010_2_06_14_AM_tmp22AB.jpg

  • click on Execute, and the following Gui will appear (using a page from Microsoft's website as an example)

Image:6_3_2010_2_07_36_AM_tmp22AC.jpg

  • here is the ViewState Viewer on HacmeBank's login page

Image:6_3_2010_2_09_06_AM_tmp22AD.jpg


  • here is the viewstate of HacmeBank's Admin Section login (note that one of the ViewState values on the right is the response to the Admin Login Challenge (this is a known vulnerability in HacmeBank :) )

Image:6_3_2010_2_10_10_AM_tmp22AE.jpg

  • submiting the value we got from the ViewState (in this case 522378882)

Image:6_3_2010_2_10_42_AM_tmp22AF.jpg

  • will successfully login the user into HacmeBank's admin section:

Image:6_3_2010_2_11_49_AM_tmp22B0.jpg

  • to see the ViewState in a TreeView or XML format, tick the 'Show detailed View' checkbox

Image:6_3_2010_2_13_27_AM_tmp22B1.jpg

sourcecode

var panel = O2Gui.open<Panel>("DotNet 2.0 ViewState Viewer", 800,500);
 
var controls = panel.add_1x1("WebBrowser", "ViewState and ControlState Details"); 
var iePanel = controls[0].add_Panel();
var ie = iePanel.add_IE();
ie.silent(true);   
var comboBox = iePanel.insert_Above<Panel>(25) 
					  .add_Label("Page to open")  
					  .top(3) 
					  .append_Control<ComboBox>()   					 
					  .onEnter((text)=> O2Thread.mtaThread(()=> ie.open(text)));
 
comboBox.align_Right(controls[0])
		.width(comboBox.width()-4);
 
var viewStatePanel = controls[1].add_Panel();	  
var viewMode = viewStatePanel.insert_Above<CheckBox>(20).set_Text("Show detailed view");
viewStatePanel.insert_Below<Panel>(100).add_LogViewer();
 
ie.onNavigate((browser,url) => 
	{		
		comboBox.add_Item((object)url);  
		comboBox.set_Text(url);
		"Trying to show the ViewState for: {0}".info(url);
		viewStatePanel.showViewState(ie,viewMode.value());
	});
 
comboBox.sendKeys("http://www.microsoft.com/technet/security/current.aspx".line());
 
//using O2.Script 
 
//O2File:API_HacmeBank.cs
//O2File:DotNet_ViewState.cs
//O2File:WatiN_IE.cs
 
//O2Ref:Interop.SHDocVw.dll
//O2Ref:WatiN.Core.1x.dll
Retrieved from "http://deploy.o2-ounceopen.com/wiki/DotNet/ViewState_Decoder_ASP.NET_2.0"
MediaWiki Appliance - Powered by TurnKey Linux