Shuhei Enomoto epcnt19

## test.txt
''''''',,,,,,,,,,,,,,:c:cccdc;;:lcl:;;;;;;;;;;:;;;;.       .c,oodll.  [37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m    ..''',,
[37m:[0m[37m;[0m',,;,,,,,,,''',,,,,,,,,,;::;:;::cc;;coxkO0KK00Oxd:...    .c,oodll.  [37m [0m                 ...''',,
[37mk[0mx[37mo[0m[37mo[0m[37md[0mdo[37mo[0m[37mo[0mc:[37mc[0m[37ml[0m..;l:::colll;;:::;;;:lxOKKKXXK[37mX[0mXXXNNNNNXXKOxc,;c;dddll.   ....................''',,
[37mk[0mxxxddxxxxxxxdxdddo[37ml[0m[37mc[0m[37ml[0moddo[37ml[0m[37mo[0m[37md[0m[37mx[0m[37mx[0m[37mk[0m[37mO[0m0KKXXXXXXX[37mX[0mX[37mX[0mNNNNNNNNNNNNXK0xkxdol. .............  ......'''',,
[37m,[0m;::;:ccdxxx[37mx[0mxdddddddxxxxxxxkO0KXXXXKKXXXXXXX[37mN[0mNNNNNNNNNNNNNXXK0kkdl.   ...........   .....'''',,
...... .[37ml[0m[37md[0m[37md[0m[37md[0m[37md[0m;'..',,,,:cokkdOKXXX[37mX[0mKKKK[37mX[0m[37mX[0mXXXXXXNNNNNNNNNNNN[37mN[0m[37mN[0mXX

## test.py
import requests
import time
import json
from datetime import datetime

slacl_server_url = 'https://slack.com/api/'
camera_server_url = 'http://127.0.0.1:8080'
token = 'slack api token'


## checkblocking.py
#coding:utf-8
import time
import socket
from stem import Signal
from stem.control import Controller

password= 'password'
domain = 'torproject.org'
domain_dic = {domain:['138.201.14.197','154.35.132.71']}
correct = 0

## auto.py
#coding:utf-8
import time
import argparse
import subprocess
import commands

ip_addr = "10.0.0.2"
netmask = "255.255.255.0"
gateway = "10.0.0.1"
dns_addr = "10.0.0.1"

## result.log
DRAKVUF v0.5-a642efc
Socketmon plugin requires the Rekall profile for tcpip.sys!
poolmon,0,0xed1b85e0,notepad.exe,1,usbp,unknown_pool_type,140
poolmon,0,0xed1b85e0,notepad.exe,1,ExTm,unknown_pool_type,144
poolmon,0,0xed1b85e0,notepad.exe,1,IoUs,unknown_pool_type,16,nt!io,I/O SubSystem completion Context Allocation
syscall,1 0xed1b81e0,svchost.exe,0,ntoskrnl.exe,NtQuerySystemInformation,4,IN,SYSTEM_INFORMATION_CLASS,SystemInformationClass,0x2,,,OUT,PVOID,SystemInformation,0x3c7fc18,,,IN,ULONG,SystemInformationLength,0x158,,,OUT,PULONG,ReturnLength,0x0,,
filetracer,1,0xed1b81e0,svchost.exe,0,NtCreateFile,\??\PhysicalDrive0
syscall,1 0xed1b81e0,svchost.exe,0,ntoskrnl.exe,NtCreateFile,11,OUT,PHANDLE,FileHandle,0x3c7fa24,,,IN,ACCESS_MASK,DesiredAccess,0x100080,,,IN,POBJECT_ATTRIBUTES,ObjectAttributes,0x3c7fa58,,,OUT,PIO_STATUS_BLOCK,IoStatusBlock,0x3c7fa30,,,IN,PLARGE_INTEGER,AllocationSize,0x0,,,IN,ULONG,FileAttributes,0x0,,,IN,ULONG,ShareAccess,0x3,,,IN,ULONG,CreateDisposition,0x1,,,IN,ULONG,CreateOptions,0x60,,

## msrmon
root@ubuntu:/usr/local/DRAKBUF/drakvuf# sudo find . \( -name "*.cpp" -o -name "*.h" -o -name "*.ac" -o -name "*.am" \) -print | xargs grep -i "msrmon"
./configure.ac:AC_ARG_ENABLE([plugin_msrmon],
./configure.ac:  [AS_HELP_STRING([--disable-plugin-msrmon],
./configure.ac:    [Enable the MSRMON example plugin @<:@yes@:>@])],
./configure.ac:  [plugin_msrmon="$enableval"],
./configure.ac:  [plugin_msrmon="yes"])
./configure.ac:AM_CONDITIONAL([PLUGIN_MSRMON], [test x$plugin_msrmon = xyes])
./configure.ac:if test x$plugin_msrmon = xyes; then
./configure.ac:  AC_DEFINE_UNQUOTED(ENABLE_PLUGIN_MSRMON, 1, "")
./configure.ac:MSRmon:   $plugin_msrmon

## injector.cpp
#include "stdafx.h"
#include <iostream>
#include <Windows.h>

using namespace std;

int main(int argc,char *argv[])
{
	int pid;
	char* dllpath = "C:\\users\\user\\documents\\visual studio 2015\\Projects\\injector\\x64\\Debug\\dllexample.dll";

## dllmain.cpp
#include "stdafx.h"
#include "Windows.h"

BOOL APIENTRY DllMain( HMODULE hModule,DWORD  ul_reason_for_call,LPVOID lpReserved){
	switch (ul_reason_for_call){
		case DLL_PROCESS_ATTACH:
			MessageBox(NULL,"helloworld", "helloworld", NULL);
			break;
		case DLL_THREAD_ATTACH:
		case DLL_THREAD_DETACH:

## http.py
#coding:utf-8
import random
from scapy.all import *


HOST = 'www.example.com'
PORT = 80


if __name__=='__main__':

## exitmap
$ ./bin/exitmap dnspoison
2017-06-07 23:10:13,644 exitmap [INFO] Attempting to invoke Tor process in directory "/tmp/exitmap_tor_datadir".  This might take a while.
2017-06-07 23:10:13,644 exitmap [INFO] No first hop given.  Using randomly determined first hops for circuits.
2017-06-07 23:10:13,848 util [INFO] Tor Bootstrapped 0%: Starting
2017-06-07 23:10:15,837 util [INFO] Tor Bootstrapped 80%: Connecting to the Tor network
2017-06-07 23:10:15,837 exitmap [INFO] Successfully started Tor process (PID=30465).
2017-06-07 23:10:15,960 exitmap [INFO] Running module 'dnspoison'.
2017-06-07 23:10:17,148 modules.dnspoison [INFO] Domain whitelist: {'torrentfreak.com': [u'104.25.104.105', u'104.25.103.105'], 'www.youporn.com': [u'67.22.32.168'], 'blockchain.info': [u'104.16.55.3', u'104.16.54.3'], 'youporn.com': [u'67.22.32.168'], 'www.wikileaks.org': [u'95.211.113.154', u'141.105.69.239', u'95.211.113.131', u'195.35.109.53', u'141.105.65.113', u'195.35.109.44'], 'www.torproject.org': [u'89.45.235.21', u'138.201.14.1
	''''''',,,,,,,,,,,,,,:c:cccdc;;:lcl:;;;;;;;;;;:;;;;. .c,oodll. [37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m ..''',,
	[37m:[0m[37m;[0m',,;,,,,,,,''',,,,,,,,,,;::;:;::cc;;coxkO0KK00Oxd:... .c,oodll. [37m [0m ...''',,
	[37mk[0mx[37mo[0m[37mo[0m[37md[0mdo[37mo[0m[37mo[0mc:[37mc[0m[37ml[0m..;l:::colll;;:::;;;:lxOKKKXXK[37mX[0mXXXNNNNNXXKOxc,;c;dddll. ....................''',,
	[37mk[0mxxxddxxxxxxxdxdddo[37ml[0m[37mc[0m[37ml[0moddo[37ml[0m[37mo[0m[37md[0m[37mx[0m[37mx[0m[37mk[0m[37mO[0m0KKXXXXXXX[37mX[0mX[37mX[0mNNNNNNNNNNNNXK0xkxdol. ............. ......'''',,
	[37m,[0m;::;:ccdxxx[37mx[0mxdddddddxxxxxxxkO0KXXXXKKXXXXXXX[37mN[0mNNNNNNNNNNNNNXXK0kkdl. ........... .....'''',,
	...... .[37ml[0m[37md[0m[37md[0m[37md[0m[37md[0m;'..',,,,:cokkdOKXXX[37mX[0mKKKK[37mX[0m[37mX[0mXXXXXXNNNNNNNNNNNN[37mN[0m[37mN[0mXX
	import requests
	import time
	import json
	from datetime import datetime

	slacl_server_url = 'https://slack.com/api/'
	camera_server_url = 'http://127.0.0.1:8080'
	token = 'slack api token'
	#coding:utf-8
	import time
	import socket
	from stem import Signal
	from stem.control import Controller

	password= 'password'
	domain = 'torproject.org'
	domain_dic = {domain:['138.201.14.197','154.35.132.71']}
	correct = 0
	#coding:utf-8
	import time
	import argparse
	import subprocess
	import commands

	ip_addr = "10.0.0.2"
	netmask = "255.255.255.0"
	gateway = "10.0.0.1"
	dns_addr = "10.0.0.1"
	DRAKVUF v0.5-a642efc
	Socketmon plugin requires the Rekall profile for tcpip.sys!
	poolmon,0,0xed1b85e0,notepad.exe,1,usbp,unknown_pool_type,140
	poolmon,0,0xed1b85e0,notepad.exe,1,ExTm,unknown_pool_type,144
	poolmon,0,0xed1b85e0,notepad.exe,1,IoUs,unknown_pool_type,16,nt!io,I/O SubSystem completion Context Allocation
	syscall,1 0xed1b81e0,svchost.exe,0,ntoskrnl.exe,NtQuerySystemInformation,4,IN,SYSTEM_INFORMATION_CLASS,SystemInformationClass,0x2,,,OUT,PVOID,SystemInformation,0x3c7fc18,,,IN,ULONG,SystemInformationLength,0x158,,,OUT,PULONG,ReturnLength,0x0,,
	filetracer,1,0xed1b81e0,svchost.exe,0,NtCreateFile,\??\PhysicalDrive0
	syscall,1 0xed1b81e0,svchost.exe,0,ntoskrnl.exe,NtCreateFile,11,OUT,PHANDLE,FileHandle,0x3c7fa24,,,IN,ACCESS_MASK,DesiredAccess,0x100080,,,IN,POBJECT_ATTRIBUTES,ObjectAttributes,0x3c7fa58,,,OUT,PIO_STATUS_BLOCK,IoStatusBlock,0x3c7fa30,,,IN,PLARGE_INTEGER,AllocationSize,0x0,,,IN,ULONG,FileAttributes,0x0,,,IN,ULONG,ShareAccess,0x3,,,IN,ULONG,CreateDisposition,0x1,,,IN,ULONG,CreateOptions,0x60,,
	root@ubuntu:/usr/local/DRAKBUF/drakvuf# sudo find . \( -name ".cpp" -o -name ".h" -o -name ".ac" -o -name ".am" \) -print \| xargs grep -i "msrmon"
	./configure.ac:AC_ARG_ENABLE([plugin_msrmon],
	./configure.ac: [AS_HELP_STRING([--disable-plugin-msrmon],
	./configure.ac: [Enable the MSRMON example plugin @<:@yes@:>@])],
	./configure.ac: [plugin_msrmon="$enableval"],
	./configure.ac: [plugin_msrmon="yes"])
	./configure.ac:AM_CONDITIONAL([PLUGIN_MSRMON], [test x$plugin_msrmon = xyes])
	./configure.ac:if test x$plugin_msrmon = xyes; then
	./configure.ac: AC_DEFINE_UNQUOTED(ENABLE_PLUGIN_MSRMON, 1, "")
	./configure.ac:MSRmon: $plugin_msrmon
	#include "stdafx.h"
	#include <iostream>
	#include <Windows.h>

	using namespace std;

	int main(int argc,char *argv[])
	{
	int pid;
	char* dllpath = "C:\\users\\user\\documents\\visual studio 2015\\Projects\\injector\\x64\\Debug\\dllexample.dll";
	#include "stdafx.h"
	#include "Windows.h"

	BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved){
	switch (ul_reason_for_call){
	case DLL_PROCESS_ATTACH:
	MessageBox(NULL,"helloworld", "helloworld", NULL);
	break;
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	#coding:utf-8
	import random
	from scapy.all import *


	HOST = 'www.example.com'
	PORT = 80


	if __name__=='__main__':
	$ ./bin/exitmap dnspoison
	2017-06-07 23:10:13,644 exitmap [INFO] Attempting to invoke Tor process in directory "/tmp/exitmap_tor_datadir". This might take a while.
	2017-06-07 23:10:13,644 exitmap [INFO] No first hop given. Using randomly determined first hops for circuits.
	2017-06-07 23:10:13,848 util [INFO] Tor Bootstrapped 0%: Starting
	2017-06-07 23:10:15,837 util [INFO] Tor Bootstrapped 80%: Connecting to the Tor network
	2017-06-07 23:10:15,837 exitmap [INFO] Successfully started Tor process (PID=30465).
	2017-06-07 23:10:15,960 exitmap [INFO] Running module 'dnspoison'.
	2017-06-07 23:10:17,148 modules.dnspoison [INFO] Domain whitelist: {'torrentfreak.com': [u'104.25.104.105', u'104.25.103.105'], 'www.youporn.com': [u'67.22.32.168'], 'blockchain.info': [u'104.16.55.3', u'104.16.54.3'], 'youporn.com': [u'67.22.32.168'], 'www.wikileaks.org': [u'95.211.113.154', u'141.105.69.239', u'95.211.113.131', u'195.35.109.53', u'141.105.65.113', u'195.35.109.44'], 'www.torproject.org': [u'89.45.235.21', u'138.201.14.1