# Windows Specific # .NET PowerShell Reflection ARRFFG # .NET Version If you are trying to detonate in an environment using PowerShell <5 (Most companies are only going to be using standard powershell) you MUST make sure that the output/resulting binary targets a lower/longlife version of .NET. For instance, net48/net4.0. If you do not, PowerShell will fail to load the assemblies and you will have NO idea why. Use net4.8. 1\. Download the 4.8 SDK: [https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net481-developer-pack-offline-installer](https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net481-developer-pack-offline-installer) 2\. Change the .csproj ``` Exe net48 ``` Remove the auto imports and the nullable fields, these will throw errors. 3\. Compile ``` dotnet build --self-contained true /p:PublishSingleFile=true ``` 4\. You can now use reflection in most environments. ``` PS > $k = [IO.file]::ReadAllBytes("ABS_PATH") PS > b = [Reflection.Assembly]::Load($k) PS > b.GetTypes() IsPublic IsSerial Name BaseType -------- -------- ---- -------- True False Constants System.Object True False Program System.Object PS C:\Users\vacod\source\repos\ConsoleApp1\ConsoleApp1> [Test.Constants]::k 12 ``` # COM Component Object Models # References - [https://learn.microsoft.com/en-us/windows/win32/com/component-object-model--com--portal](https://learn.microsoft.com/en-us/windows/win32/com/component-object-model--com--portal) - [https://en.wikipedia.org/wiki/Component\_Object\_Model](https://en.wikipedia.org/wiki/Component_Object_Model) - [https://learn.microsoft.com/en-us/windows/win32/com/com-fundamentals](https://learn.microsoft.com/en-us/windows/win32/com/com-fundamentals) - [https://learn.microsoft.com/en-us/dotnet/csharp/advanced-topics/interop/](https://learn.microsoft.com/en-us/dotnet/csharp/advanced-topics/interop/) - [https://learn.microsoft.com/en-us/windows/win32/com/the-component-object-model](https://learn.microsoft.com/en-us/windows/win32/com/the-component-object-model) - # CHM Creating a CHM can be done using the Free Pascal Compiler or Ide on Linux ```bash sudo apt-get install fp-ide sudo apt-get install fp-compiler ``` The CHM can be compiled using the installed 'chmcmd' program. --- ### Guide Thanks, Copilot: #### 📁 Step-by-Step Guide ##### Make Content ``` MyHelpProject/ ├── index.html ├── topic1.html ├── topic2.html ├── styles.css └── images/ └── example.png ``` ##### Embed a Payload ```html Hello world

``` ##### Create the Project (.hhp file) [Note the following reference on the format](https://www.nongnu.org/chmspec/latest/INI.html#HHP) ``` [OPTIONS] Title=CHM Default topic=file1.htm Compiled file=chm.chm Index file=index.htm [FILES] index.htm file1.htm ``` ##### Compile ```bash chmcmd project.hhp ``` This will produce project.chm. **On Linux, you may need libchm or chmcmd compiled with support for it.** --- References: - [https://wiki.freepascal.org/htmlhelp\_compiler](https://wiki.freepascal.org/htmlhelp_compiler) - [https://www.nongnu.org/chmspec/latest/](https://www.nongnu.org/chmspec/latest/) - - [https://learn.microsoft.com/en-us/previous-versions/windows/desktop/htmlhelp/creating-a-project-file](https://learn.microsoft.com/en-us/previous-versions/windows/desktop/htmlhelp/creating-a-project-file) - [https://www.alexthayer.com/UsingHHPFiles.pdf](https://www.alexthayer.com/UsingHHPFiles.pdf) - - [https://medium.com/r3d-buck3t/weaponize-chm-files-with-powershell-nishang-c98b93f79f1e](https://medium.com/r3d-buck3t/weaponize-chm-files-with-powershell-nishang-c98b93f79f1e) - [https://www.forcepoint.com/blog/x-labs/microsoft-compiled-html-help-threat](https://www.forcepoint.com/blog/x-labs/microsoft-compiled-html-help-threat) - [https://github.com/v4resk/red-book/blob/main/redteam/weapon/code-execution/html-help-files.md](https://github.com/v4resk/red-book/blob/main/redteam/weapon/code-execution/html-help-files.md) -