C# Reverse Shell

by Vince
in Blog
Hits: 942

I've been noodling around with C# and I came up with an idea.  When we compile an executable, we get that generic application icon.  With a simple flag, we can add an icon -- I thought the PDF icon would be interesting for obvious reasons.  Let's start with something simple, we're just going to compile this C# that pops open notepad.

When we look in the root, we see the compile binary but with a PDF icon.  

Let's add .pdf in the middle:

Now, let's setup our view like that of a standard user:

Even though it shows the type as an application, what the user sees is a file that looks like a PDF.

Now if we do that with a reverse shell, we've got what appears to be a document, let's call it -- resume.pdf -- but when in reality, we have a reverse shell.  

I should point out that the above will get detected by Defender.  That being said, the concepts are still relevant and if you disable Defender, you can play around with this and work on your original ideas.