Пример #1
0
        public Form1()
        {
            Console.WriteLine("Please Input path to folder to save output, console, and ruleresult");
            masterpath     = Console.ReadLine();
            outputFile     = "\"" + masterpath + "\\" + "output.txt" + "\"";
            consoleFile    = masterpath + "\\" + "Console.txt";
            RuleResultfile = masterpath + "\\" + "RuleResult.txt";



            if (File.Exists(outputFile)) //Check If files exist and delete
            {
                File.Delete(outputFile);
            }
            if (File.Exists(consoleFile))
            {
                File.Delete(consoleFile);
            }
            if (File.Exists(RuleResultfile))
            {
                File.Delete(RuleResultfile);
            }
            if (File.Exists(masterpath + "\\" + "ProcLog.txt"))
            {
                File.Delete(masterpath + "\\" + "ProcLog.txt");
            }

            var PID      = new List <int>();
            var ProcList = new List <string>();

            Process[] procs = Process.GetProcesses(); //Returns an array of all open processes into procs
            IntPtr    hWnd;

            Console.WriteLine("Please Input Path to YARA exe: -->");
            cmdArg0 = "\"" + Console.ReadLine() + "\"" + " ";
            Console.WriteLine("\nPlease input path to yara rules: -->");
            cmdArg1 = "\"" + Console.ReadLine() + "\"" + " ";

            foreach (Process proc in procs)
            {
                if ((hWnd = proc.MainWindowHandle) != IntPtr.Zero)
                {
                    Console.WriteLine("{0} : {1}", proc.ProcessName, hWnd);
                    Console.WriteLine("PID of {0} : {1}", proc.ProcessName, proc.Id);
                    PID.Add(proc.Id);               //Save list of PID's into a int list named PID
                    ProcList.Add(proc.ProcessName); //Save list of PID's into string list
                    if (proc.ProcessName == "cmd")
                    {
                        procHandle = hWnd;
                        extfunc.SetForegroundWindow(procHandle);
                        System.Threading.Thread.Sleep(100);
                        SendKeys.SendWait("SET outPath=" + RuleResultfile);
                        SendKeys.SendWait("{ENTER}");//Injection handle
                        SendKeys.SendWait("SET cmd0=" + cmdArg0);
                        SendKeys.SendWait("{ENTER}");
                        SendKeys.SendWait("SET cmd1=" + cmdArg1);
                        SendKeys.SendWait("{ENTER}");
                    }
                }
            }

            Console.WriteLine("Process Handle2 = {0}", procHandle);
            if (ProcList.Contains("cmd") == false)
            {
                int whilecount = 1;

                MyProc openProc = new MyProc();
                openProc.OpenApplication("C:\\Windows\\System32\\cmd.exe");
                cmdflag = 1;
                System.Threading.Thread.Sleep(1000);
                while (whilecount == 1)
                {
                    Process[] procs1 = Process.GetProcesses();
                    foreach (Process proc in procs1)
                    {
                        if ((hWnd = proc.MainWindowHandle) != IntPtr.Zero || cmdflag == 1)
                        {
                            Console.WriteLine("{0} : {1}", proc.ProcessName, hWnd);
                            Console.WriteLine("PID of {0} : {1}", proc.ProcessName, proc.Id);
                            PID.Add(proc.Id);               //Save list of PID's into a int list named PID
                            ProcList.Add(proc.ProcessName); //Save list of PID's into string list
                            if (proc.MainWindowTitle == "C:\\Windows\\System32\\cmd.exe" || proc.MainWindowTitle == "Administrator: C:\\Windows\\System32\\cmd.exe")
                            {
                                procHandle = hWnd;
                                extfunc.SetForegroundWindow(procHandle);
                                System.Threading.Thread.Sleep(100);
                                SendKeys.SendWait("SET outPath=" + RuleResultfile);
                                SendKeys.SendWait("{ENTER}");//Injection handle
                                SendKeys.SendWait("SET cmd0=" + cmdArg0);
                                SendKeys.SendWait("{ENTER}");
                                SendKeys.SendWait("SET cmd1=" + cmdArg1);
                                SendKeys.SendWait("{ENTER}");
                                whilecount = 0;
                            }
                            cmdflag = 0;
                        }
                    }
                }
                //MyProc openProc = new MyProc();
                //openProc.OpenApplication("C:\\Windows\\System32\\cmd.exe");
                //cmdflag = 1;
                //System.Threading.Thread.Sleep(1000);
                //procs = Process.GetProcesses();
                //foreach (Process proc in procs)
                //{
                //    if ((hWnd = proc.MainWindowHandle) != IntPtr.Zero || cmdflag == 1)
                //    {
                //        Console.WriteLine("{0} : {1}", proc.ProcessName, hWnd);
                //        Console.WriteLine("PID of {0} : {1}", proc.ProcessName, proc.Id);
                //        PID.Add(proc.Id); //Save list of PID's into a int list named PID
                //        ProcList.Add(proc.ProcessName); //Save list of PID's into string list
                //        if (proc.MainWindowTitle == "C:\\Windows\\System32\\cmd.exe")
                //        {
                //            procHandle = hWnd;
                //            extfunc.SetForegroundWindow(procHandle);
                //            System.Threading.Thread.Sleep(100);
                //            SendKeys.SendWait("SET outPath=" + RuleResultfile);
                //            SendKeys.SendWait("{ENTER}");//Injection handle
                //            SendKeys.SendWait("SET cmd0=" + cmdArg0);
                //            SendKeys.SendWait("{ENTER}");
                //            SendKeys.SendWait("SET cmd1=" + cmdArg1);
                //            SendKeys.SendWait("{ENTER}");

                //        }
                //        cmdflag = 0;
                //    }
                //}

                //Console.WriteLine("{0} : {1}", Process.ProcessName, procHandle);
            }

            int Fuzznumber = 0;                                   //This function asks is directly after the program lists all open windows, to give you an idea of how high you need to go.

            Console.WriteLine("Max processes to be Fuzzed? -->"); //At which point, it attempts to guess the PID's by simply using a loop with exception handlers for Process.GetProcessById(d);
            try
            {
                Fuzznumber = Convert.ToInt32(Console.ReadLine());
            }
            catch
            {
                Console.WriteLine("Error: That's not a number"); //exception handler in case you don't enter a number.
                System.Environment.Exit(0);                      //I hate exceptions as a malware analyst, but boy are they useful.
            }
            for (int d = 0; d < Fuzznumber; d++)                 //Here's the start of the loop that tries to guess the PID
            {
                //  var v1 = extfunc.SetForegroundWindow(procHandle);
                var v2 = extfunc.GetLastError(); //I'll probably need this eventually.
                // Console.WriteLine("SetForeGroundWindow: {0}", v1);
                //Console.WriteLine("Last error code: {0}", v2);
                try
                {
                    Process localbyId = Process.GetProcessById(d);
                    PIDarray.Add(d);
                    Console.WriteLine("Process Name: {0} | PID: {1}\n", localbyId, d);
                    string fileout = String.Format("Process Name: {0} | PID: {1}\n", localbyId, d);
                    File.AppendAllText(masterpath + "\\" + "ProcLog.txt", fileout); //This is the loop to obtain a list of all processes.
                }
                catch (ArgumentException)

                {
                    string console = "Process " + d + " does not exist\n";
                    string Cf      = masterpath + "\\" + "Console.txt";
                    //  Console.WriteLine("Process %d does not exist", d);
                    File.AppendAllText(Cf, console); //This txt file contains a list of misc outputs.
                }

                //   // Console.ReadLine();
            }

            foreach (int item in PIDarray)
            {
                var v1 = extfunc.SetForegroundWindow(procHandle);

                SendKeys.SendWait("SET /A procID=" + item);
                SendKeys.SendWait("{ENTER}");

                SendKeys.SendWait("{%}cmd0{%}" + " " + "{%}cmd1{%}" + " " + "{%}procID{%}" + " >> \"{%}outPath{%}\""); //This file contains a list of all of our rule outputs.
                SendKeys.SendWait("{ENTER}");
            }


            InitializeComponent();
            System.Threading.Thread.Sleep(1000);
            List <string> RuleReturn = new List <string>();
            string        loadfile   = "\"" + RuleResultfile + "\"";

            richTextBox1.LoadFile(RuleResultfile, RichTextBoxStreamType.PlainText);
            ParseInputs inputParser = new ParseInputs();

            inputParser.FormatRules(RuleResultfile, out RuleReturn);
        }
Пример #2
0
        public Form1()
        {
            Console.WriteLine("Please Input path to folder to save output, console, and ruleresult");
            masterpath     = Console.ReadLine();
            outputFile     = "\"" + masterpath + "\\" + "output.txt" + "\"";
            consoleFile    = masterpath + "\\" + "Console.txt";
            RuleResultfile = masterpath + "\\" + "RuleResult.txt";



            if (File.Exists(outputFile)) //Check If files exist and delete
            {
                File.Delete(outputFile);
            }
            if (File.Exists(consoleFile))
            {
                File.Delete(consoleFile);
            }
            if (File.Exists(RuleResultfile))
            {
                File.Delete(RuleResultfile);
            }
            if (File.Exists(masterpath + "\\" + "ProcLog.txt"))
            {
                File.Delete(masterpath + "\\" + "ProcLog.txt");
            }

            var PID      = new List <int>();
            var ProcList = new List <string>();

            Process[] procs = Process.GetProcesses(); //Returns an array of all open processes into procs
            IntPtr    hWnd;

            Console.WriteLine("Please Input Path to YARA exe: -->");
            cmdArg0 = "\"" + Console.ReadLine() + "\"" + " ";
            Console.WriteLine("\nPlease input path to yara rules: -->");
            cmdArg1 = "\"" + Console.ReadLine() + "\"" + " ";

            foreach (Process proc in procs)
            {
                if ((hWnd = proc.MainWindowHandle) != IntPtr.Zero)
                //set Window Handle variable (hWnd) = proc.MainWindowHandle and then if not zero, continue.
                {
                    Console.WriteLine("{0} : {1}", proc.ProcessName, hWnd);           //Process Name, Handle
                    Console.WriteLine("PID of {0} : {1}", proc.ProcessName, proc.Id); //Process Name, PID
                    PID.Add(proc.Id);                                                 //Save list of PID's into a int list named PID for each PID found
                    ProcList.Add(proc.ProcessName);                                   //Save list of PID's into string list
                    if (proc.ProcessName == "cmd")                                    //If you already have CMD open, GREAT! it locates it and injects the necessary commands.
                    //FOR THE LOVE OF ALL THAT IS HOLY AND SACRED, DO NOT CLOSE WHICHEVER CMD WINDOW IT OPENS TO END IT. Closing the program itself will end it just fine
                    {
                        procHandle = hWnd;
                        extfunc.SetForegroundWindow(procHandle);
                        System.Threading.Thread.Sleep(100);
                        SendKeys.SendWait("SET outPath=" + RuleResultfile);
                        SendKeys.SendWait("{ENTER}");//Injection handle
                        SendKeys.SendWait("SET cmd0=" + cmdArg0);
                        SendKeys.SendWait("{ENTER}");
                        SendKeys.SendWait("SET cmd1=" + cmdArg1);
                        SendKeys.SendWait("{ENTER}");
                    }
                }
            }

            //Console.WriteLine("Process Handle2 = {0}", procHandle);
            if (ProcList.Contains("cmd") == false)  //CMD creation and injection
            {
                int whilecount = 1;

                MyProc openProc = new MyProc();
                openProc.OpenApplication("C:\\Windows\\System32\\cmd.exe"); //path to CMD. Change if that's not yours.
                cmdflag = 1;                                                //Flag used
                System.Threading.Thread.Sleep(1000);
                while (whilecount == 1)
                {
                    Process[] procs1 = Process.GetProcesses();
                    foreach (Process proc in procs1)
                    {
                        if ((hWnd = proc.MainWindowHandle) != IntPtr.Zero || cmdflag == 1)
                        {
                            Console.WriteLine("{0} : {1}", proc.ProcessName, hWnd);
                            Console.WriteLine("PID of {0} : {1}", proc.ProcessName, proc.Id);
                            PID.Add(proc.Id);               //Save list of PID's into a int list named PID
                            ProcList.Add(proc.ProcessName); //Save list of PID's into string list
                            if (proc.MainWindowTitle == "C:\\Windows\\System32\\cmd.exe" || proc.MainWindowTitle == "Administrator: C:\\Windows\\System32\\cmd.exe")
                            {
                                procHandle = hWnd;
                                extfunc.SetForegroundWindow(procHandle);
                                System.Threading.Thread.Sleep(100);
                                SendKeys.SendWait("SET outPath=" + RuleResultfile);
                                SendKeys.SendWait("{ENTER}");//Injection handle
                                SendKeys.SendWait("SET cmd0=" + cmdArg0);
                                SendKeys.SendWait("{ENTER}");
                                SendKeys.SendWait("SET cmd1=" + cmdArg1);
                                SendKeys.SendWait("{ENTER}");
                                whilecount = 0;
                            }
                            cmdflag = 0;
                        }
                    }
                }
            }

            int Fuzznumber = 0;                                   //While GetProcess gets most of the processes, it doesn't get ALL of them. However, its still useful to see how high you need to fuzz. I shoot for 10k over the highest process revealed by GetProcess.

            Console.WriteLine("Max processes to be Fuzzed? -->"); //Using output from GetProcess, Enter in Highest PID to fuzz
            try
            {
                Fuzznumber = Convert.ToInt32(Console.ReadLine()); //Basic error checking loop
            }
            catch
            {
                Console.WriteLine("Error: That's not a number"); //exception handler in case you don't enter a number.
                System.Environment.Exit(0);                      //I hate exceptions as a malware analyst, but boy are they useful.
            }
            for (int d = 0; d <= Fuzznumber; d++)                //Here's the start of the loop that tries to guess the PID
            {
                var v2 = extfunc.GetLastError();                 //I'll probably need this eventually.

                try                                              //Exception Handler for if GetProcessByID fails
                {
                    //If Successful
                    Process localbyId = Process.GetProcessById(d);
                    PIDarray.Add(d);                                                                //Add PID to list of PID's
                    Console.WriteLine("Process Name: {0} | PID: {1}\n", localbyId, d);
                    string fileout = String.Format("Process Name: {0} | PID: {1}\n", localbyId, d); //Write to console and File successful PID
                    File.AppendAllText(masterpath + "\\" + "ProcLog.txt", fileout);                 //This is the loop to obtain a list of all processes.
                }
                catch (ArgumentException)

                {
                    //If Fail
                    string console = "Process " + d + " does not exist\n";
                    string Cf      = masterpath + "\\" + "Console.txt";
                    //  Console.WriteLine("Process %d does not exist", d);
                    File.AppendAllText(Cf, console); //This txt file contains a list of misc outputs.
                }

                //   // Console.ReadLine();
            }

            foreach (int item in PIDarray)                        //FOR each PID in PIDarray
            {
                var v1 = extfunc.SetForegroundWindow(procHandle); //Set CMD as active window
                //Use sendkeys to send commands to CMD.
                SendKeys.SendWait("SET /A procID=" + item);
                SendKeys.SendWait("{ENTER}");
                //In the above, %procID% = PID in list
                //In the below, cmd0 = [Path to Yara exe] , cmd1 = [Yara Rule List] , procId, [Output Directory]/RuleResult.txt
                SendKeys.SendWait("{%}cmd0{%}" + " " + "{%}cmd1{%}" + " " + "{%}procID{%}" + " >> \"{%}outPath{%}\""); //RuleResult.txt in your Output directory contains a list of all of our rule outputs.
                SendKeys.SendWait("{ENTER}");
            }


            InitializeComponent();
            System.Threading.Thread.Sleep(10000);

            //Early version of visual output
            List <string> RuleReturn = new List <string>();
            string        loadfile   = "\"" + RuleResultfile + "\"";

            richTextBox1.LoadFile(RuleResultfile, RichTextBoxStreamType.PlainText);
            ParseInputs inputParser = new ParseInputs();

            inputParser.FormatRules(RuleResultfile, out RuleReturn);
        }