Beruflich Dokumente
Kultur Dokumente
Creating the Meterpreter payload So we have our evil binary in /var/www/lulz ready to go. We can now move on to the main part of this article backdooring .NET assemblies by patching them with extra .NET code. The victim .NET binary I chose to use is a simple calculator application. I found it online and decided it made a good enough victim for demonstration purposes. Here is a screenshot of it running, for those of you who do not know what a calculator is
.NET calculator Now. We open und3ath Injector and select Load File. Use this dialogue to select the binary you wish to backdoor.
Selecting a file to backdoor Next we click on any of the parts that we think would be good to inject code into (I normally choose the main class for some odd reason, though you could select an on click event) When we click on this the Payloader menu comes up. We insert our information/selection here.
Create the Payload When you click inject, it starts creating a new binary for you to use and you save it.
Saving the Backdoor Now, we have our evil binary ready to deploy, and have our Metasploit listener ready. We run the modified binary on the victim host and haz shell
Got a shell =D So, as you an see, it is relatively trivial to inject arbritary code into a .NET assembly without affecting the existing functionality of the software.