mirrors/pafish
1
0
Fork 0
mirror of https://github.com/a0rtega/pafish synced 2024-11-21 22:01:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Looking for NICs with VirtualBox Mac addresses

Browse Source
This commit is contained in:
Thorsten Sick 2014-02-14 14:57:35 +01:00
parent 083926cf24
commit f0e2ce07f9
3 changed files with 53 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pafish/main.c
View File

@ -200,6 +200,13 @@ int main(int argc, char *argv[])
else {
print_not_traced();
}
printf("[*] Looking for MAC ");
if (vbox_mac() == 0) {
}
else {
print_not_traced();
}
/* VMware detection tricks */
printf("\n[-] VMware detection\n");

47
pafish/vbox.c
View File

@ -1,7 +1,9 @@
#include <winsock2.h>
#include <windows.h>
#include <string.h>
#include <stdio.h>
#include <iphlpapi.h>
#include "vbox.h"
typedef char * string;
@ -183,7 +185,46 @@ int vbox_sysfile2() {
res = 0;
}
}
return res;
}
int vbox_mac() {
WSADATA WSD;
int res=1;
char * message[200];
char mac[6]={0};
if(!WSAStartup(MAKEWORD(2,2),&WSD)){
unsigned long alist_size=0;
// getting the size of the adapter list
int ret = GetAdaptersAddresses(AF_UNSPEC,GAA_FLAG_INCLUDE_PREFIX,0,0,&alist_size);
if(ret==ERROR_BUFFER_OVERFLOW) {
IP_ADAPTER_ADDRESSES* palist = (IP_ADAPTER_ADDRESSES*)LocalAlloc(LMEM_ZEROINIT,alist_size);
if(palist) {
ret=GetAdaptersAddresses(AF_UNSPEC,GAA_FLAG_INCLUDE_PREFIX,0,palist,&alist_size);
IP_ADAPTER_ADDRESSES* ppalist=palist;
while (ppalist){
if (ppalist->PhysicalAddressLength==0x6){
memcpy(mac,ppalist->PhysicalAddress,6);
if(mac[0]==0x08 && mac[1]==0x00 && mac[2]==0x27) { // VirtualBox mac starts with 08:00:27
write_log("VirtualBox traced using MAC starting with 08:00:27");
res = 0;
}
}
ppalist = ppalist->Next;
}
LocalFree(palist);
}
}
if (res == 0){
print_traced();
write_trace("hi_virtualbox");
}
WSACleanup();
}
return res;
}

2
pafish/vbox.h
View File

@ -12,4 +12,6 @@ int vbox_reg_key4();
int vbox_sysfile1();
int vbox_mac();
#endif