InfoPuller

Menu driven CLI application that can get basic details for given website domain or local machine. It also has basic persistence similar to malware or threat. It's a personal project to get familiarity of Windows core functionalities... 🙂

Features overview :

Visible key features :

• Extract all of the available IPv4 and IPv6 addresses for given website.
• Fetch response robots.txt for given website, then save and/or show.
• Extract local machine's available IPv4 and IPv6 addresses.
• Extract Media Access Control (MAC) details for local machine, either in basic or in detailed form.

Hidden key features :

• The application copies itself to other place and becomes hidden.

• Makes changes in Windows registry to autostart things after every system startup.

• Also make sure to read post on Medium.com which explains the hidden (or sort of malicious) features in more detail.

Win32 API headers :

1. Windows.h - A Windows-specific header file for the C and C++ programming languages which contains declarations for all of the functions in the Windows API.
2. stdio.h - Provides many standard library functions for input and output.
3. stdlib.h - Provides macros, type definitions and functions for tasks such as string handling, mathematical computations, input/output processing, memory management, and several other operating system services.
4. fileapi.h - Used for Data Access and Storage.
5. WinSock2.h - Provides useful functions for network programming such as sockets, IP addresses and so on. It is used by Quality of Service (QOS).
6. WinInet.h - To handle files over FTP/HTTP URL.
7. WS2tcpip.h - WinSock2 Protocol-Specific Annex document for TCP/IP that includes newer functions and structures used to retrieve IP addresses.
8. iphlpapi.h - Provides functions to get MAC address details.

Features in detail :

{🌟} Visible key features :

1. Set website domain :

• When application is launched, the console window will opened and gets auto-maximized containing some fancy text representing the name of application with few numbered menu options to choose from :
  

  

• To get information about website, first set the domain using option '1' (the domain should be in form of www.example.com or example.com) :
  

  

• Now the website domain is all set; the other related menu options also get reflected :
  

  

• Setting the website domain is essential to get results otherwise one can not use menu options '2' and '3' related to website domains :
  

  

• Providing empty input will clear the domain that is set previously :
  

  

  

2. Extract IP details :

• If the website domain set properly, program will list of all available IPv4 and IPv6 addresses :
  

  

• If any of IPv4 or IPv6 is not available, then useful message with related error code is returned :
  

  

  - Functions used :
  getaddrinfo(), inet_ntop().

3. Fetch 'robots.txt' :

• Based on the website domain, the program will try to get contents of 'robots.txt' and will ask user to choose either save (S) or print (p) :
  

  

• If user opted to save (S), program will save the response content in uniquely generated TEMP file and again will ask whether to view saved file in notepad (by creating separate process) :
  

  

  

  The file opened in notepad as a separate process.

• If user opted to print (p), program will print the response content in console :
  

  

  - Functions used :
  InternetOpenA(), InternetOpenUrlA(), InternetCloseHandle(), GetTempPathA(), GetTempFileNameA(), CreateFileA(), InternetReadFile(), WriteFile(), CloseHandle(), InternetCloseHandle(), CreateProcessA().

4. My machine's IP :

• Shows the available IPv4 and IPv6 for the local machine. Here the IP addresses mostly contain collection of local and global addresses :
  

  

  - Functions used :
  getaddrinfo(), inet_ntop().

5. My Media Access Control (MAC) details :

• Shows the Media Access Control (MAC) details for local machine. It offers to choose either basic (B) or detailed (d).
  The basic mode is similar to the command ipconfig /all and the detailed mode performs extensive searching and provide hardware details including the adapters created by virtualization softwares :
  

  

  

  

  

  - Functions used :
  HeapAlloc(), GetAdaptersAddresses(), HeapFree(), GetProcessHeap().

Help :

Provides the usage information about the application.

{🌟} Hidden key features :

1. Copy application and make hidden :

• As soon as the application launched, it checks and creates a copy of itself at TEMP path and make it hidden in order to keep a persistence :

  

  - Functions used :
  GetTempPathA(), CopyFileA(), GetFileAttributesA(), SetFileAttributesA().

2. Change Windows registry for autostart :

• Application adds some entries in Windows registry to autostart itself alongwith calculator and a text file saved as hidden at TEMP location :
  

  

  

  - Functions used :
  RegOpenCurrentUser(), RegSetKeyValueA(), GetTempPathA(), CreateFileA(), WriteFile(), CloseHandle(), RegCloseKey().

- Other functions used :
WSAStartup(), WSACleanup(), SetConsoleTitleA(), SecureZeroMemory() (or RtlSecureZeroMemory()), FindWindowA(), ShowWindow(), SetForegroundWindow().

NOTE :

As listed in hidden features above, application uses core Windows OS headers and to avoid its use for malicious purposes, the code is not open sourced; instead the executable is provided if some one wants to see in action. 🙂