Skip to main content

Overview

Rubeus is designed to be compiled from source rather than distributed as pre-built binaries. This approach helps avoid signature-based detection and allows for customization based on specific operational requirements.
Pre-compiled binaries are intentionally not provided to reduce signature-based detection and encourage understanding of the tool’s functionality.

Prerequisites

Required Software:
  • Visual Studio 2017 or later
  • .NET Framework 3.5+ or .NET Core
  • Git for source code management
Optional Tools:
  • Visual Studio Code (alternative IDE)
  • MSBuild command line tools
  • NuGet package manager
Framework Options:
  • .NET Framework 3.5 - Maximum compatibility
  • .NET Framework 4.0 - Balanced compatibility
  • .NET Framework 4.5+ - Modern features
  • .NET Core - Cross-platform support
Compatibility Considerations:
  • .NET 3.5 works on Windows 7+ systems
  • .NET 4.0+ provides better performance
  • .NET Core enables Linux/macOS compilation

Compilation Steps

1

Clone Repository

git clone https://github.com/GhostPack/Rubeus.git
cd Rubeus
2

Open in Visual Studio

  • Open Rubeus.sln in Visual Studio
  • Select appropriate build configuration
  • Choose target framework if needed
3

Build Solution

# Using Visual Studio
Build Build Solution (Ctrl+Shift+B)

# Using MSBuild command line
msbuild Rubeus.sln /p:Configuration=Release
4

Locate Output

Compiled binary will be in:
  • bin\Release\Rubeus.exe (Release build)
  • bin\Debug\Rubeus.exe (Debug build)

Build Configurations

Release Configuration:
  • Optimized for size and performance
  • No debug symbols included
  • Recommended for operational use
  • Smaller file size
Debug Configuration:
  • Includes debug symbols
  • Easier troubleshooting
  • Larger file size
  • Useful for development
Modify Target Framework:
  1. Open project properties
  2. Select “Application” tab
  3. Change “Target framework” dropdown
  4. Rebuild solution
Framework-Specific Considerations:
<!-- In Rubeus.csproj -->
<TargetFramework>net35</TargetFramework>  <!-- .NET 3.5 -->
<TargetFramework>net40</TargetFramework>  <!-- .NET 4.0 -->
<TargetFramework>net45</TargetFramework>  <!-- .NET 4.5 -->
<TargetFramework>netcoreapp3.1</TargetFramework>  <!-- .NET Core -->

Command Line Compilation

Basic Compilation:
# Release build
msbuild Rubeus.sln /p:Configuration=Release /p:Platform="Any CPU"

# Debug build
msbuild Rubeus.sln /p:Configuration=Debug /p:Platform="Any CPU"

# Specific framework
msbuild Rubeus.sln /p:Configuration=Release /p:TargetFramework=net35
Advanced Options:
# Clean and rebuild
msbuild Rubeus.sln /t:Clean,Rebuild /p:Configuration=Release

# Verbose output
msbuild Rubeus.sln /p:Configuration=Release /v:detailed

# Output to specific directory
msbuild Rubeus.sln /p:Configuration=Release /p:OutputPath=C:\Tools\
Basic Commands:
# Restore dependencies
dotnet restore

# Build project
dotnet build -c Release

# Publish self-contained
dotnet publish -c Release -r win-x64 --self-contained
Framework-Specific:
# Target specific framework
dotnet build -f net35 -c Release
dotnet build -f netcoreapp3.1 -c Release

Building as a Library

Purpose:
  • Integrate Rubeus functionality into other tools
  • Create custom wrappers
  • Embed in larger frameworks
Configuration:
  1. Change output type to “Class Library”
  2. Remove Main() method or make conditional
  3. Expose public methods for external use
  4. Build as .dll instead of .exe
Reference Assembly:
// Add reference to Rubeus.dll
using Rubeus;

// Use Rubeus functionality
var tickets = Rubeus.Extraction.Dump();
NuGet Package Creation:
# Create NuGet package
dotnet pack -c Release

# Install in other projects
dotnet add package Rubeus

Cross-Platform Compilation

Linux Targeting:
dotnet publish -c Release -r linux-x64 --self-contained
dotnet publish -c Release -r linux-arm64 --self-contained
macOS Targeting:
dotnet publish -c Release -r osx-x64 --self-contained
dotnet publish -c Release -r osx-arm64 --self-contained
Windows Targeting:
dotnet publish -c Release -r win-x64 --self-contained
dotnet publish -c Release -r win-x86 --self-contained
dotnet publish -c Release -r win-arm64 --self-contained

Optimization and Customization

Reduce Binary Size:
<!-- In .csproj file -->
<PropertyGroup>
  <PublishTrimmed>true</PublishTrimmed>
  <PublishSingleFile>true</PublishSingleFile>
  <EnableCompressionInSingleFile>true</EnableCompressionInSingleFile>
</PropertyGroup>
Remove Unused Features:
  • Comment out unused command classes
  • Remove unnecessary dependencies
  • Strip debug information
Branding Changes:
  • Modify banner text in Program.cs
  • Change assembly metadata
  • Update version information
Feature Modification:
  • Add custom commands
  • Modify existing functionality
  • Integrate with other tools
Obfuscation:
  • Use .NET obfuscators
  • Modify string constants
  • Change method names and signatures

PowerShell Integration

Load Assembly:
# Load from disk
[System.Reflection.Assembly]::LoadFile("C:\Path\To\Rubeus.exe")

# Load from bytes (file-less)
$bytes = [System.IO.File]::ReadAllBytes("C:\Path\To\Rubeus.exe")
[System.Reflection.Assembly]::Load($bytes)
Execute Commands:
# Direct invocation
[Rubeus.Program]::Main("asktgt /user:admin /password:pass".Split())

# Capture output
$output = [Rubeus.Program]::Main("dump".Split())
Remote Execution:
# Load and execute remotely
Invoke-Command -ComputerName target -ScriptBlock {
    $bytes = [Convert]::FromBase64String($using:RubeusB64)
    [System.Reflection.Assembly]::Load($bytes)
    [Rubeus.Program]::Main("dump".Split())
}
Limitations:
  • PowerShell execution policy restrictions
  • AMSI interference
  • Constrained language mode
  • Network connectivity requirements

Troubleshooting

Missing Dependencies:
Error: Could not load file or assembly 'System.DirectoryServices'
Solution: Ensure .NET Framework version supports required assemblies
Framework Issues:
Error: The type or namespace name 'X' could not be found
Solution: Check target framework compatibility and references
NuGet Package Issues:
# Restore packages
nuget restore Rubeus.sln
dotnet restore
Framework Not Installed:
  • Install required .NET Framework version
  • Use self-contained deployment
  • Check Windows version compatibility
Permission Issues:
  • Run as administrator when required
  • Check antivirus interference
  • Verify code signing if required

Operational Considerations

Compiled binaries may be detected by antivirus software. Consider operational security implications before deployment.
Build Variations:
  • Compile with different frameworks
  • Modify source code slightly
  • Use different build configurations
  • Apply obfuscation techniques
Deployment Methods:
  • In-memory execution via PowerShell
  • DLL injection techniques
  • Reflective loading methods
  • Process hollowing approaches