How to compile, embed and use SharpSploit
SharpSploit is a .NET C# post-exploitation library written by @cobbr_io that tend to be used to facilitate developing many Windows attack surface and makes an easy to understand APIs (even for none C# coders) to deal with Windows APIs. So first, don't expect an exe
binary; instead, we are going to compile it to a DLL library to be embedded in our simple binary. Also, I'm expecting that you have already installed Visual Studio 2017, I'm using CommandoVM.
Compiling SharpSploit to DLL
Step #1 | Clone the repository
Step #2 | Open the project from VS2017
Go to File >> Open and select SharpSploit.sln
Step #3 | Prepare your build
Change the build type to by release instead of debug to avoid exposing metadata and other information about your machine (e.g. your system path that may include your username)
Also, SharpSploit is configured to be compiled with .Net version 4.0+, in my case, only .Net 3.5 was installed, so I've changed the project configurations as the following
Project >> Edit SharpSploit.csproj
Then change net40
to net35
in the configuration file and then Press Ctrl+S to save
Step #4 | Compile the library
Now go to Build >> Build SharpSploit
Once this done, you will fine the DLL file under the repository directory in bin\Release\net35\SharpSploit.dll
Embedding SharpSploit in a Binary
One of the APIs that SharpSploit provides is WhoAmI
API which is exactly what you expect. Let's build our console application.
Step #1 | Create a new Project
From File >> New >> Select Console App (.Net Framework)
Our code will be as the follows
> NuGet Package Manager >> Package Manager Console"]]]]}'>
Step #2 | Embedding SharpSploit in our project
Now let's install the library from the NuGet package manager
Tools >> NuGet Package Manager >> Package Manager Console
You will see a console similar to the following
Execute the following line.
PM> Install-Package costura.fody -Version 3.3.3
Note:
For compatibility, you need this version of msbuild.exe
v15 in Visual Studio 2017. If you are using VS2019 then use the last version of costura and fody.
And Now, add the library reference to the project
Browse to the compiled DLL path
Select it and add
Step #3 | Compile the application
Now you will do exactly as you've done with the DLL compilation.
Change the build type to Release and go to Build >> Build WhoAmI. You will find the executable file under your project page under bin\Release
directory.
Finally
This library is an intuitive APIs for red teamers on Windows. However, it's a big one, meaning, the size of the DLL after compilation is +1Mb which will get even bigger when you embed it in your binary. Therefore, you can inject it into memory and execute using something like execute-assembly
in CobaltStrike.
Last updated