Offensive .NET: C# Reverse Shell
Creating a .NET C# reverse shell that is undetectable is very easy. In this example, I’m going to use BankSecurity’s reverse shell that I forked. This is a real basic reverse shell. Some of the more advanced code will be obfuscated and do some sort of process injection which would include shellcode.
I’ll show you how to compile this and execute it to get a reverse shell in Parrot OS / Kali.
This is a sample of a Reverse Shell written in C# ASP.NET 3.5 for compatibility. I’ll roll this up into a console app and run it to demonstrate how this works. This could also be deployed as a Win Forms application without a form.
GitHub Gist: Reverse Shell C#
GitHub: Offensive .NET C#
Script
Walkthrough
You can watch the video above and see how I’m doing this but also here’s a walkthrough to show you all the commands I used to start the Netcat listener and connect to Kali in WSL.
Getting my Host Machines IP Address
To get your current machines IP address, open Power Shell and type “ipconfig“.
|
1 2 |
# powershell ipconfig |
Starting Netcat Listener in WSL
|
1 2 |
# start a netcat listener on port 443 sudo nc -nvlp 443 |
Exploitation
Once the reverse shell has connected to my Netcat listener I am able to run commands like “whoami” and “dir” to see what folder the process is running under. Again, this a Proof of Concept (PoC), this is running locally and would require a little modification to use in the wild.
