DEVHIDE
Login Or Sign up

Have trojan code execute wrapped binary

392 Views Asked by At

Let me preface this by saying that it has been migrated from security.stackexchange to here on stackoverflow. Additionally, I understand any concerns that stack members may have; seeking out security sensitive knowledge is a potential double edged sword for anyone involved. I personally believe that it is of great importance that vulnerabilities and exploits be spoken of publicly as it presents the community with the opportunity to address the issue.

My goal:

  • Have a custom coded, malicious C# application execute the legitimate application it is wrapped with after performing its task.
    • Our target system has all the necessary frameworks in place to support the code.

Problem:

  • Wrappers discretely execute both wrapped binary files independently of one another.
    • I need the malicious file to trigger the legitimate file after requesting elevated privileges.
    • This will simulate the single privilege elevation request that the legitimate file normally performs on installation.

Question:

  • Is there a way that a C# application can be coded such that it can execute a binary file it is "wrapped" with?
    • I do not fully understand what is happening to the wrapped binaries and might be asking this question incorrectly.

Background:

My group will be conducting a pen test in the next couple of months and we have already identified a customer flaw. A specific software suite utilized by the customer requires a full reinstall each time it is updated. This reinstall requires privilege escalation and we have already demonstrated that tainted media with a custom coded trojan horse could result in a compromise on their devices / network.

There are a number of solutions the customer could employ to ensure that their application installer has not been tampered with.

Edit: Appears that executing wrapped binary addresses how to do this in assembly, not a higher level language. Still might be a useful lesson...

c# trojan
Original Q&A
1

There are 1 best solutions below

6
On BEST ANSWER

Good app... (compile this app first)

using System;

namespace App
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Hello World!");
        }
    }
}

BadApp... (include the above app as an embedded resource)

using System;
using System.IO;
using System.Reflection;

namespace BadApp
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("do bad");

            Assembly good = null;

            var ea = Assembly.GetExecutingAssembly();
            using (var rs = ea.GetManifestResourceStream(ea.GetManifestResourceNames()[0]))
            using (var ms = new MemoryStream())
            {
                rs.CopyTo(ms);
                good = Assembly.Load(ms.ToArray());
            }

            var ep = good.EntryPoint;
            ep.Invoke(null, new [] {args});

            Console.WriteLine("ha ha too late");
        }
    }
}

... output from running BadApp

do bad
Hello World!
ha ha too late

Related Questions in C#

Related Questions in TROJAN

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.