Книга: Black Hat Python: Python Programming for Hackers and Pentesters
Назад: 7. Github Command and Control
Дальше: 9. Fun with Internet Explorer

] enables us to easily trap all keyboard events. It takes advantage of the native Windows function SetWindowsHookEx, which allows you to install a user-defined function to be called for certain Windows events. By registering a hook for keyboard events, we are able to trap all of the keypresses that a target issues. On top of this, we want to know exactly what process they are executing these keystrokes against, so that we can determine when usernames, passwords, or other tidbits of useful information are entered. PyHook takes care of all of the low-level programming for us, which leaves the core logic of the keystroke logger up to us. Let’s crack open keylogger.py and drop in some of the plumbing:

, and ran some other applications. We can now safely say that our keylogger can be added to our bag of trojaning tricks! Let’s move on to taking screenshots.

) to make native calls to the Windows API to grab them.

A screenshot grabber will use the Windows Graphics Device Interface (GDI) to determine necessary properties such as the total screen size, and to grab the image. Some screenshot software will only grab a picture of the currently active window or application, but in our case we want the entire screen. Let’s get started. Crack open screenshotter.py and drop in the following code:

] using the GetWindowDC ➌ function call and pass in a handle to our desktop. Next we need to create a memory-based device context ➍ where we will store our image capture until we store the bitmap bytes to a file. We then create a bitmap object ➎ that is set to the device context of our desktop. The SelectObject call then sets the memory-based device context to point at the bitmap object that we’re capturing. We use the BitBlt ➏ function to take a bit-for-bit copy of the desktop image and store it in the memory-based context. Think of this as a memcpy call for GDI objects. The final step is to dump this image to disk ➐. This script is easy to test: Just run it from the command line and check the C:\WINDOWS\Temp directory for your screenshot.bmp file. Let’s move on to executing shellcode.

] to generate it for you. I picked some Windows x86 callback shellcode for CANVAS in my case. Store the raw shellcode (not the string buffer!) in /tmp/shellcode.raw on your Linux machine and run the following:

] Download PyHook here: .

[] To learn all about device contexts and GDI programming, visit the MSDN page here: .

[] As CANVAS is a commercial tool, take a look at this tutorial for generating Metasploit pay-loads here: .

Назад: 7. Github Command and Control
Дальше: 9. Fun with Internet Explorer

© RuTLib.com 2015-2018