> For the complete documentation index, see [llms.txt](https://exploit-pack.gitbook.io/exploit-pack-manual-pages/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://exploit-pack.gitbook.io/exploit-pack-manual-pages/control-pack/.net-agent-c.md).

# .NET Agent C\#

## .NET C# Payload

### Overview

The .NET C# payload is a native Windows agent built in **C#** that runs as a **standalone executable inside the** .NET runtime and connects back to Control Pack.

It is designed to provide a flexible post-exploitation agent with support for interactive command execution and extended functionality through staged deployment.

***

### How It Works

When generated, the payload runs as a regular Windows process and establishes a connection to the configured Control Pack server.

The agent supports a **two-stage execution model**:

#### Stage 1 – Lightweight Agent

The initial stage provides a minimal footprint and includes:

* Interactive terminal shell
* Command execution
* Basic communication with Control Pack

This stage is intentionally small. If execution is interrupted early, only this limited footprint is exposed.

#### Stage 2 – Extended Capabilities

Once upgraded to Stage 2, the agent enables additional functionality, including:

* System and context enumeration\
  (systeminfo, whoami, current path)
* Screenshot and webcam capture
* Bidirectional file transfer\
  (download\_file, upload\_file)
* Remote process listing (listproc)

This staged approach allows operators to start with a lightweight implant and only enable extended functionality when needed.

<figure><img src="/files/6aCOycYFnB61AF8xRBz1" alt=""><figcaption></figcaption></figure>

***

### Operational Characteristics

The .NET C# payload:

* Runs as a standard Windows executable
* Operates within the .NET runtime
* Connects back to Control Pack for interactive control
* Supports staged functionality (basic → extended)
* Executes quietly as a normal user-mode process
* Does not require injection or in-process loading

It is suitable for general-purpose usage where a standalone agent is appropriate.

***

### When to Use This Agent

The .NET C# payload is appropriate when:

* You need a straightforward executable agent
* You want staged functionality (lightweight first, extended later)
* The environment supports .NET
* Running a standard process is acceptable
* Ease of use is more important than stealth-focused loading techniques


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://exploit-pack.gitbook.io/exploit-pack-manual-pages/control-pack/.net-agent-c.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.