Bookmark and Share BitCoin Donate: 13t8gAWVpHP2ddxMp88d1NFpZjnFJC6UwK

Saveable or injectable .Net Shellcode

Shellcode has many uses and .Net is beautiful in the ease and simplicity when it comes to 1. Generating shellcode and 2. Loading the shellcode and finally 3. Executing shellcode, whether it's in memory or writing the file to disk and starting a new process or executing the shellcode externally.

 

Below you'll find one of the methods I use to generate .Net executable shellcode from a binary. This could be machine code, IL, Java bytecode or anything executable really...   

        public GenerateShellCode(){
             string shellCode = DumpBytes(loadShell("/path/to/your/exe/or/dll.exe"));
        }

        private byte[] loadShell(string path)
        {
            const int CHUNK_SIZE = 1024;
            string bitPath = path;
            List bytes = new List();
            using (FileStream fs = new FileStream(bitPath, System.IO.FileMode.Open, System.IO.FileAccess.Read))
            {
                using (System.IO.BinaryReader br = new System.IO.BinaryReader(fs, new ASCIIEncoding()))
                {
                    byte[] chunk;
                    chunk = br.ReadBytes(CHUNK_SIZE);
                    while (chunk.Length > 0)
                    {
                        bytes.AddRange(chunk);
                        chunk = br.ReadBytes(CHUNK_SIZE);
                    }
                }
            }
            return bytes.ToArray();
        }

        private string DumpBytes(byte[] bdata)
        {
            StringBuilder sb = new StringBuilder();
            sb.Append("private byte[] bitdll = {");
            int startLen = sb.Length;
            foreach (byte b in bdata)
            {
                if (sb.Length > startLen)
                {
                    sb.Append("," + "0x" + b.ToString("X"));
                }
                else
                {
                    sb.Append("0x" + b.ToString("X"));
                }
            }
            sb.Append("};");
            return sb.ToString();
        }