Description
Generates a WindowsIdentity-wrapped BinaryFormatter deserialization gadget (TypeConfuseDelegate inner payload with double-deserialization outer layer).
Overview
Generates a double-layer BinaryFormatter gadget. The outer stream serializes a WindowsIdentity object with the TypeConfuseDelegate gadget embedded in the bootstrapContext field. When deserialized, the target first reconstructs the WindowsIdentity, which triggers BinaryFormatter.Deserialize on the bootstrapContext bytes, firing the inner TypeConfuseDelegate chain.
Useful when the outer payload needs to appear as Windows authentication data rather than an obvious gadget.
Parameters
| Parameter | Type | Description |
|---|---|---|
| Filename | string | Executable to launch on the target. |
| Arguments | string | Arguments to pass. |
Target Requirements
- .NET Framework 4.5+