> For the complete documentation index, see [llms.txt](https://lyethar.gitbook.io/methodology/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://lyethar.gitbook.io/methodology/readme/exploitation/reversing/.net-binaries.md). # .net binaries Go to your windows vm and do this. {% embed url="" %} #### CascAudit.exe `RunAudit.bat` shows that `CascAudit.exe` is run with the db file as an argument: ``` root@kali# cat RunAudit.bat CascAudit.exe "\\CASC-DC1\Audit$\DB\Audit.db" ``` It’s a .NET binary: ``` root@kali# file CascAudit.exe CascAudit.exe: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows ``` I’ll jump over to a Windows VM and use DNSpy to take a look. In the MailModule, there’s this code: ``` namespace CascAudiot { // Token: 0x02000008 RID: 8 [StandardModule] internal sealed class MainModule { // Token: 0x0600000F RID: 15 RVA: 0x00002128 File Offset: 0x00000328 [STAThread] public static void Main() { if (MyProject.Application.CommandLineArgs.Count != 1) { Console.WriteLine("Invalid number of command line args specified. Must specify database path only"); return; } checked { using (SQLiteConnection sqliteConnection = new SQLiteConnection("Data Source=" + MyProject.Application.CommandLineArgs[0] + ";Version=3;")) { string str = string.Empty; string password = string.Empty; string str2 = string.Empty; try { sqliteConnection.Open(); using (SQLiteCommand sqliteCommand = new SQLiteCommand("SELECT * FROM LDAP", sqliteConnection)) { using (SQLiteDataReader sqliteDataReader = sqliteCommand.ExecuteReader()) { sqliteDataReader.Read(); str = Conversions.ToString(sqliteDataReader["Uname"]); str2 = Conversions.ToString(sqliteDataReader["Domain"]); string encryptedString = Conversions.ToString(sqliteDataReader["Pwd"]); try { password = Crypto.DecryptString(encryptedString, "c4scadek3y654321"); } catch (Exception ex) { Console.WriteLine("Error decrypting password: " + ex.Message); return; } } } sqliteConnection.Close(); } catch (Exception ex2) { Console.WriteLine("Error getting LDAP connection data From database: " + ex2.Message); return; } ...[snip]... ``` It is opening an SQLite connection to the database passed as an arg, reading from the LDAP table, and decrypting the password. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://lyethar.gitbook.io/methodology/readme/exploitation/reversing/.net-binaries.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.