Include a payload in Visual Studio project?

[vailixi]

I thought it would be sneak deadly to put a payload into visual studio program. This is easy because there are a lot of code examples and program projects out there.

I know you can add resourses such from the gui. But I'm not exactly sure how to include them in code. Calling an external program is easy enough. I'm just not sure about calling the locally stored binary and what path to use.

Have any of you guys done this recently? Really it's a matter of including the binary and then just calling it. Just not sure how.

[cooper]

The best way to go about this is to create a complete sample project for something and hide it in there. If it's to be a starting point for something, point to where the interesting bits from the point of the user is and make sure your payload doesn't trigger anywhere near there. If your target is a lazy developer (and if they're good, they are) they won't dig into what else is in there. If you've got a student or something playing with this, (s)he's going to be digging around in there and your payload might be uncovered so have a legitimate explanation for the resource being there as well as the trigger into it.

[Mr-Protocol]

I know way back in the day with Visual Studio 6 (Visual Basic program) you could put code in the on-startup or form load that would just run when the project was opened. Or something to that degree. It's been a long time since I've played with anything like that.

[BlueWyvern]

I know you can add to an existing project through vbscript using Visual Studio DTE Objects

here are few little snippits of a vbscript

Set dte = CreateObject("VisualStudio.DTE.12.0") 'Visual studio 2010 Object is DTE.10.0, If you need a 2012 Object it is DTE.11.0 / VS 2013 is DTE.12.0

These next 3 lines are what got me stuck for a while when i was creating a solution from scratch

dte.Solution.Create strPath & "\Path\","Solution1.sln" 'Create the Solution
dte.Solution.SaveAs(strPath & "\Path\Solution1.sln") 'Save It

dte.Solution.Open(strPath & "\Path\Solution1.sln") 'Open It

dte.ExecuteCommand "File.AddExistingProject ""C:\Long\Path\Is Long\LibraryX.vbproj"""
dte.Solution.SaveAs(strPath & "\Path\Solution1.sln") 'Save it after adding Projects
dte.Solution.Close() 'Close the Solution

[overwraith]

So how would one detect if there were shenanigans going on in a VB/C# project? I am basically an entry level developer, and unfortunately I have met people who have axes to grind. How would I detect something like this if I "inherited" a project with malware in it? How would one begin building a paper trail if one has little experience with such things.

[digip]

So how would one detect if there were shenanigans going on in a VB/C# project? I am basically an entry level developer, and unfortunately I have met people who have axes to grind. How would I detect something like this if I "inherited" a project with malware in it? How would one begin building a paper trail if one has little experience with such things.

Look at the source code before running would be number one. When it's a raw program and not compiled, you have the ability to inspect everything. Before importing into a project, you should be able to look through all the source code in plain text. At least, you used to be able to in the VB6 days /me nods at Mr Protocol. Used to use VB6 on win98 back in the day when I was learning to program, but I admit, I'm no programmer by any means. I make what I need when I have a need for something, and usually for me it's all web based stuff like PHP and such for projects I do. I haven't had a need to make anything for an OS in a long time, but I never saw project files you couldn't inspect before loading in an IDE. If they include pre-compiled DLL and exe files, that should be a sign you don't want to touch something, since windows provides nearly all of your required DLL files for their programming features related to the OS in their platforms like .net and visual studio.

[overwraith]

Sounds good in theory digip, but I have seen projects which were literally the culmination of literally years of coding. When faced with an ocean of code it is almost impossible to locate every possible place for grey ware to reside. I am guessing that the only way to cover one's self is to put in the version control system who, and where you got code from, especially in description fields. It seems to me that it is the entire organization's responsibility to put together some kind of a code verification process, but I am betting that the majority of companies don't have sufficient safeguards. Even if there is a verification process, who's to say there's not a loophole somewhere? How do you know the guy you are persecuting isn't just some dupe?

If some entry level coder is faced with grayware/malware, they could at worst be blamed for what predecessors did. IDK. Just got out of a job where the security was atrocious, and I was really uncertain about such things. People actually harassed me at work. Just glad I am out of that situation. I don't think anyone tried to "set me up" in this way, but I was wondering for a while whether they would try. Veiled threats have a tendency to make one re-assess what mankind is capable of.

[cooper]

In such cases you must assume the code is on the up-and-up. It's been tested thoroughly and working (mostly) flawlessly in the field.

If a previous developer ragequit, you could look at the last few months of commits (s)he made to the codebase and do a review on that.

If the developer committed a backdoor ages ago, you would wait for the problem, whatever it may be, to manifest itself. Based on how it does you can investigate where the problem is and your sourcecode repository should be more than capable to tell you which developer committed the code that produced this unwanted outcome, which is going to be useful for the lawsuit. The thing to remember is that any developer that does this doesn't want to be a developer anymore. Either that or is too stupid to be one. Because I can assure you that developer isn't going to work in the field for several years to come. It's utter career suicide.

[vailixi]

Here's something I'm noticing if I try to copy the executable outside the working directory of the installed program is that it is throwing an unauthorized access exception. That kinda sucks. I'm not good enough at coding. But the other thing I was thinking is just downloading the archive and extracting it to the working directory then running the binary. But I'm not totally sure if there's an easy way to extract an archive from a .NET program. Every code example I've looked at has some syntax issues and really it's hard when you don't know how to do something and you are looking up how to do it and every example you find doens't work. You don't know why it doesn't work just that it doens't. If you any of know how to unzip a .zip file with .NET, Visual BASIC, C#, Visual C++, maybe powershell, but everytime I try to do something with powershell from an external program it fails.

But anyway is there a standalone portable upzipping program that can be run from the command line? Being able to unzip the program instead of dowloading the entire directory and subdirectories and creating folders for them with the appropriate error handing is a lot of extra code for pretty much no reason.

[cooper]

First hit when searching for "C# zip file":

https://msdn.microsoft.com/en-us/library/system.io.compression.zipfile%28v=vs.110%29.aspx

[vailixi]

Legit. I was searching for stuff like how to unzip a zip file Visual BASIC 2015. My Google Fu is not so hot. But pretty sweet. There's a VB example on the same page. Thanks Cooper. I'll keep in mind shorter, more concise queries.

Imports System.IO
Imports System.IO.Compression

Module Module1

    Sub Main()
        Dim startPath As String = "c:\example\start"
        Dim zipPath As String = "c:\example\result.zip"
        Dim extractPath As String = "c:\example\extract"

        ZipFile.CreateFromDirectory(startPath, zipPath)

        ZipFile.ExtractToDirectory(zipPath, extractPath)
    End Sub

End Module

Edited November 26, 2015 by vailixi