Skip to content

Commit

Permalink
Create README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@kovinevmv
kovinevmv authored Feb 19, 2019
1 parent 3f445e8 commit c543539
Showing 1 changed file with 120 additions and 0 deletions.
120 changes: 120 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
# DigiSparkStealer 🚀

This project allows you to steal passwords and cookies of the victim by inserting a Digispark Attiny85, ATMEGA32U4 or another programming controller with this software and after few seconds you have all the data by mail

**Just plug BadUSB and get all data**

# News

Due to large increase of visitors number, I have to delete the source code of stealer for the safety of the other people.

If you want to get a private build or participate in further project development, contact me [@kovinevmv](https://t.me/kovinevmv)


# Warning

**Everything in this repository is strictly for educational purposes. Notice I am not responsible for stolen data. You are responsible for your actions using developed script for BadUSB**



# About

All your data when working with a browser is cached. Since popular browsers like **Chrome, Opera or Yandex Browser** are [chromium based browsers](https://en.wikipedia.org/wiki/Chromium_%28web_browser%29#Other_browsers_based_on_Chromium), all stored data on a computer has a similar structure.

The interesting for us data collected in database SQLite. The url, login fields are stored explicitly, but password must be decrypted by [win32crypt](https://sourceforge.net/projects/pywin32/files/). This type of encryption means that passwords can be extended only on the client’s computer and nowhere else. We run our program on the client, it uses the client's keys to decrypt passwords and send the decrypted data to our email. Moreover, we can also send cookies and another useful information.

For example, to get all the saved passwords from earlier connected Wi-Fi networks, you just need to type the command:
```bash
netsh wlan show profiles
```
It displays a list of all saved networks. For each network, you must write a command with name (ESSID) of the network. You can read more [here](https://superuser.com/a/709541)

This way we get more victims information. Mac-addresses also can be extracted, using ```ipconig /all```


# Builds

During the implementation of this idea, I created 2 versions of the script.

* Based on Nirsoft program
* Python script

## 1. Based on Nirsoft program

First version is based on [Nirsoft program](https://www.nirsoft.net/utils/chromepass.html) - **ChromePass**

This software is very convenient and has own advantages. The company has developed software for recovering forgotten passwords. To see your passwords, you just need to run the program and get all your passwords saved on the PC in the "Login Data" file. Most antivirus programs, including Windows Defender, block this file, so most likely the result of this script is poor. Here is [report](https://www.virustotal.com/#/file/0c32986c997f194a82610110f5eb3abe552ce63540cfb8bae2048a3df5d3cb10/detection). A PC with a disabled protector and no antivirus is required.

**Remember that it only steals Chrome passwords. No more!!!**

Advantages:
* Fast download. Executable file is \<1Mb. Can be used in case of bad internet at the victim.
* Simple presentation of the report in csv, html text forms.

Disadvantages:
* High probability of launch blocking

## 2. Python script

Based on the fact that antivirus programs define chrompass as malicious and do not allow it to be run, I had to write a program myself that receives all the data. Thanks [@hassaanaliw](https://github.com/hassaanaliw) for the source code and idea. My modified code sends data to the mail, while in the previous version of the program a powershell was involved in SMTP server creation.

Advantages:
* Not blocked by firewall
* Steals WI-FI passwords
* Works not only with Chrome, but also with Opera and Yandex
* Simple w3-style css report.

![Output example](https://github.com/kovinevmv/DigiSparkStealer/raw/master/docs/example.png)

Disadvantages:
* Big executable file (5Mb)


# Getting Started (Not actual)

### Requirements

1. Buy [Digispark ATtiny85](https://www.ebay.com/sch/i.html?_from=R40&_trksid=p2047675.m570.l1311.R1.TR3.TRC1.A0.H0.Xdigispark+atti.TRS0&_nkw=digispark+attiny85&_sacat=0)
2. Install Arduino IDE for [Digispark](https://digistump.com/wiki/digispark/tutorials/connecting)


### Install


1. Download this repo


**Linux:**

$ git clone https://github.com/kovinevmv/DigiSparkStealer
$ cd DigiSparkStealer

**Windows:** Click on green button on right top of main page. Then - "Download Zip"

2. Replace your mail, password from the mail and the recipient with your data [here](https://github.com/kovinevmv/DigiSparkStealer/blob/master/source/main.py#L14)
3. Compile your code by [pyinstaller](http://www.pyinstaller.org/) to create executable file
```
pyinstaller --onefile mystealer.py
```
4. Upload executable file from *dist* to Internet (like git or DropBox)
5. Replace LINK_TO_EXE with your url [here](https://github.com/kovinevmv/DigiSparkStealer/blob/master/source/sketch.ino#L25)
6. Run sketch in Arduino IDE, plug Digispark Attiny85
7. Find victim)



### Requirements for victim's PC

* Switch the keyboard layout to English.
* Internet is required on the victim's computer




# TODO

* Integrate mimikatz to extract passwords from windows.
* Rewrite WI-FI password grabber to powershell script, to get all the passwords including those requiring administrator rights.
* Fix Yandex Browser


0 comments on commit c543539

Please sign in to comment.