Pentesting with IronPython

After digging into IronPython more with the intent to create more modules for SILENTTRINITY, I decided I would release some of the other tools I’ve been working on. As Python is more my speed than C# and PowerShell currently are, I decided I would get more practice learning my way around the .NET Framework by converting C#/PowerShell scripts into IronPython to determine the limits of the language, if any.

Github: https://github.com/daddycocoaman/IronPentest

The best part is that since these tools primarily use the .NET framework without using Assembly.Load(), they should be undetectable by antivirus products even with AMSI countermeasures in .NET 4.8. The video below shows AMSI bypass in .NET 4.7.

Things to Do

The primary issue right now is figuring out how to get compiled scripts that import clrtype.  It appears to be possible to run executables that import clrtype on systems with IronPython but not systems without. As a result, interfacing with DLLs such as kernel32 become a lot more difficult. The alternative route would be to try using ctypes but after testing, it resulted it constantly including Python Standard Library files to the compiler to the point it was no longer user friendly. However, the IronPython compiler can read config files for compilation so that might end up being a viable solution.

Conclusion

While these tools may have its niche uses, you might want to consider using the more versatile SILENTTRINITY project. However, this repo will continue to grow so check back from more IronPython tools!