Skip to content

GaslitPad - v1.0.0

Choose a tag to compare

View all tags
@ogmini ogmini released this 08 Feb 00:02
· 23 commits to main since this release
GaslitPad
2672456

First release of the Proof of Concept Malware for Windows Notepad.

https://ogmini.github.io/2025/01/03/POC-Malware-Part-1.html
https://ogmini.github.io/2025/01/31/POC-Malware-Part-2.html
https://ogmini.github.io/2025/02/01/POC-Malware-Part-3.html

Requirements

.NET 8.0 Runtime - https://dotnet.microsoft.com/en-us/download/dotnet/8.0/runtime?cid=getdotnetcore&os=windows&arch=x64

Options

These can be set by editing the "GastlitPad.dll.config" file. The default settings will perform an Active Attack on a file called "wp-config.php" after 10 seconds of idle time.

  • attackVersion - 0 is Active Attack / 1 is Sleep Attack
  • attackFileName - Filename to attack
  • attackRegex - regex for text to replace
  • attackReplace - text to replace regex match
  • idleWaitTime - idle wait time in seconds for Active Attack
  • pollingInterval - polling time in milliseconds to check

Attack Demonstrations

An example "wp-config.php" file has been included in the zip file to demonstrate the attack in action.

Active Attack

Make sure the options are set for the Active Attack. Run GaslitPad how you see fit. Open "wp-config.php" in Windows Notepad and make a change to the file. Do not save the file or close Windows Notepad. Wait the required idleWaitTime without any actions and you should see Windows Notepad blink and the text change to 'compromised'.

Sleep Attack

Make sure the options are set for the Sleep Attack. Open "wp-config.php" in Windows Notepad and make a change to the file. Do not save the file and instead just close Windows Notepad. Wait a second or two and the Tab State will be changed. You can reopen Windows Notepad and see that the text has been changed to 'compromised'

Assets 3
Loading