med0x2e
commented
1 year ago Hi,
I haven't tried that myself before, to get a better idea about the errors you getting;
- What error are you getting ?
- can you share a snippet of your CSharpStager code ( it doesn't have to be all of it..) or something that replicates the same logic ?
For debugging the issue, create a simple deserializer in c# that takes the stage_2 based64 encoded blob, decodes it then deserializes it, then step through the c# deserializer and see what type of (hopefully explicit) errors you're getting..
Just keep in mind, when you deserialize your blob via c#, make sure to disable type checks before you decode/deserialize the blob:
ConfigurationManager.AppSettings.Set("microsoft:WorkflowComponentModel:DisableActivitySurrogateSelectorTypeCheck", "true");
platinumvoid
I have a C# shellcode injector (.NET Framework 4.8) that has a dependency on BouncyCastle. To merge the DLLs I have used both ILMerge.Fody and libZ. Although the build exe works as expected, the merged DLL when used on GadgetToJScript it does not execute and IE opens:
\GadgetToJScript.exe -w js -b -a .\csharpstager_merged.dll -o newI think this indicates that an exception with the compiled code has occured.While I understand this might not be a direct issue of the tool, I would appreciate help if someone has needed a merged DLL or EXE to JS before, or if anybody from the dev team can help me debug it