Windows Specific

.NET PowerShell Reflection

.NET Version

.NET PowerShell Reflection

ARRFFG

.NET PowerShell Reflection

.NET Version

If you are trying to detonate in an environment using PowerShell <5 (Most companies are only going to be using standard powershell) you MUST make sure that the output/resulting binary targets a lower/longlife version of .NET. For instance, net48/net4.0.

If you do not, PowerShell will fail to load the assemblies and you will have NO idea why. Use net4.8.

1. Download the 4.8 SDK:

https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net481-developer-pack-offline-installer

2. Change the .csproj

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net48</TargetFramework>
  </PropertyGroup>

</Project>

Remove the auto imports and the nullable fields, these will throw errors.

3. Compile

dotnet build --self-contained true /p:PublishSingleFile=true

4. You can now use reflection in most environments.

PS > $k = [IO.file]::ReadAllBytes("ABS_PATH")
PS > b = [Reflection.Assembly]::Load($k)
PS > b.GetTypes()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     False    Constants                                System.Object
True     False    Program                                  System.Object


PS C:\Users\vacod\source\repos\ConsoleApp1\ConsoleApp1> [Test.Constants]::k
12