format pe console
entry start
include 'win32ax.inc'
sPath equ dword[ebx+4]
Espacio equ 13,10
.data
struct TSECItem
SECItemType dd ?
SECItemData dd ?
SECItemLen dd ?
ends
url dd ?
valor dd ?
lvLibs0 dd ?
Logo db ' =====================================================',13,10
db ' = Humilde Visor de claves de el Firefox 0.1v by YST =',13,10
db ' =====================================================',13,10,0
URL dd ?
Campo dd ?
tsec TSECItem
tSecDec TSECItem
lvLibs7 dd ?
lKeySlot dd ?
P dd ?
bUsados dd ?
hFile dd ?
tamAr dd ?
IB dd ?
sFFPath rb MAX_PATH+1
sRet rb 260
sRet2 rb 260
comp dd ?
.code
start:
invoke system,"color 03"
invoke printf,"%s",Logo
invoke SHGetSpecialFolderLocation,0,26h,ebx
invoke LocalAlloc,40h,MAX_PATH+1
mov dword[ebx+4] ,eax
invoke SHGetPathFromIDList,dword[ebx],sPath
invoke lstrcat,sPath,"\Mozilla Firefox\"
stdcall Cargar,dword[ebx+4],"mozcrt19.dll"
stdcall Cargar,dword[ebx+4],"sqlite3.dll"
stdcall Cargar,dword[ebx+4],"nspr4.dll"
stdcall Cargar,dword[ebx+4],"plc4.dll"
stdcall Cargar,dword[ebx+4],"plds4.dll"
stdcall Cargar,dword[ebx+4],"nssutil3.dll"
stdcall Cargar,dword[ebx+4],"softokn3.dll"
stdcall Cargar,dword[ebx+4],"softokn3.dll"
;"nss3.dll"
invoke LocalAlloc,40h,MAX_PATH+1
mov [P],eax
stdcall Concat,sPath, "nss3.dll",eax
invoke LoadLibrary,[P]
mov [lvLibs7],eax
invoke LocalFree,[P]
;1A
invoke SHGetSpecialFolderLocation,0,1ah,ebx
invoke SHGetPathFromIDList,dword[ebx],sFFPath
invoke lstrcat,sFFPath,"\Mozilla\Firefox\profiles.ini"
invoke GetPrivateProfileString,"Profile0", "Path", 0, sRet, 260, sFFPath
stdcall Zerar,sFFPath,MAX_PATH
invoke SHGetSpecialFolderLocation,0,1ah,ebx
invoke SHGetPathFromIDList,dword[ebx],sFFPath
invoke lstrcat,sFFPath,"\Mozilla\Firefox\"
invoke lstrcat,sFFPath,sRet
invoke lstrcat,sFFPath,"\signons3.txt"
invoke CreateFile, sFFPath, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0
mov [hFile], eax
invoke GetFileSize, eax, 0
mov [tamAr], eax
invoke GlobalAlloc, GPTR, eax
mov [IB], eax
invoke ReadFile, [hFile], [IB], [tamAr], bUsados, 0
invoke SHGetSpecialFolderLocation,0,1ah,ebx
invoke SHGetPathFromIDList,dword[ebx],sRet2
invoke lstrcat,sRet2 ,"\Mozilla\Firefox\"
invoke lstrcat,sRet2 ,sRet
;lKeySlot
invoke GetProcAddress,[lvLibs7], "NSS_Init"
stdcall eax,sRet2
.if eax = 0
invoke GetProcAddress,[lvLibs7], "PK11_GetInternalKeySlot"
stdcall eax
mov [lKeySlot],eax
.if eax <> 0
invoke GetProcAddress,[lvLibs7], "PK11_Authenticate"
stdcall eax,[lKeySlot],TRUE,0
.if eax = 0
xor edi,edi
mov ebx,[IB]
invoke printf,Espacio
invoke printf,Espacio
.bucle:
inc edi
cmp edi, [tamAr]
je salir
inc ebx
cmp byte[ebx],"."
jne .bucle
cmp byte[ebx+1],13
jne .bucle
cmp byte[ebx+2],10
jne .bucle
add ebx,3
.if byte[ebx] <> 0
mov [URL],ebx
.bucle2:
inc edi
cmp edi, [tamAr]
je salir
inc ebx
cmp byte[ebx],13
jne .bucle2
cmp byte[ebx+1],10
jne .bucle2
mov byte[ebx],0
mov byte[ebx+1],0
invoke printf,Espacio
invoke printf,Espacio
invoke printf,"WEB: %s",[URL]
invoke printf,Espacio
.campo:
add ebx,2
mov [Campo],ebx
.bucle3:
inc edi
cmp edi, [tamAr]
je salir
inc ebx
cmp byte[ebx],13
jne .bucle3
cmp byte[ebx+1],10
jne .bucle3
mov byte[ebx],0
mov byte[ebx+1],0
invoke printf,"Campo: %s",[Campo]
invoke printf,Espacio
add ebx,2
mov [valor],ebx
.bucle4:
inc edi
cmp edi, [tamAr]
je salir
inc ebx
cmp byte[ebx],13
jne .bucle4
cmp byte[ebx+1],10
jne .bucle4
mov byte[ebx],0
mov byte[ebx+1],0
invoke lstrlen,[valor]
mov [Campo],eax
invoke GetProcAddress,[lvLibs7], "NSSBase64_DecodeBuffer"
stdcall eax,0, tsec, [valor], [Campo]
invoke GetProcAddress,[lvLibs7], "PK11SDR_Decrypt"
stdcall eax, tsec,tSecDec, 0
invoke printf,"Datos: %s",[tSecDec.SECItemData]
invoke printf,Espacio
add ebx,2
.if dword[ebx] = "http"
sub ebx,2
jmp .bucle
.else
sub ebx,2
jmp .campo
.endif
.endif
.endif
.endif
.endif
.endif
salir:
invoke ExitProcess,0
proc Cargar, sPathL, libreria
invoke LocalAlloc,40h,MAX_PATH+1
mov [P],eax
stdcall Concat,[sPathL],[libreria] ,eax
invoke LoadLibrary,[P]
invoke LocalFree,[P]
ret
endp
proc Concat uses esi edi, @AdrSrc1, @AdrSrc2, @AdrDest
mov esi,[@AdrSrc1]
mov edi,[@AdrDest]
.concat_src1:
movsb
cmp byte[esi],0
jne .concat_src1
mov esi,[@AdrSrc2]
.concat_src2:
movsb
cmp byte[esi],0
jne .concat_src2
movsb
ret
endp
proc Zerar,Puntero,Cantidad
push ecx
push ebx
mov ecx,[Cantidad]
mov ebx,[Puntero]
.bucle:
mov byte[ebx+ecx],0
loop .bucle
mov byte[ebx],0
pop ebx
pop ecx
ret
endp
section '.idata' import data readable writeable
library kernel32,'kernel32.dll',user32,'user32.dll',msvcrt,'msvcrt.dll',shell32,'shell32.dll'
include 'api/kernel32.inc'
include 'api/user32.inc'
import msvcrt,printf,"printf",system,"system"
include 'api/shell32.inc'
section '.reloc' fixups data discardable
entry start
include 'win32ax.inc'
sPath equ dword[ebx+4]
Espacio equ 13,10
.data
struct TSECItem
SECItemType dd ?
SECItemData dd ?
SECItemLen dd ?
ends
url dd ?
valor dd ?
lvLibs0 dd ?
Logo db ' =====================================================',13,10
db ' = Humilde Visor de claves de el Firefox 0.1v by YST =',13,10
db ' =====================================================',13,10,0
URL dd ?
Campo dd ?
tsec TSECItem
tSecDec TSECItem
lvLibs7 dd ?
lKeySlot dd ?
P dd ?
bUsados dd ?
hFile dd ?
tamAr dd ?
IB dd ?
sFFPath rb MAX_PATH+1
sRet rb 260
sRet2 rb 260
comp dd ?
.code
start:
invoke system,"color 03"
invoke printf,"%s",Logo
invoke SHGetSpecialFolderLocation,0,26h,ebx
invoke LocalAlloc,40h,MAX_PATH+1
mov dword[ebx+4] ,eax
invoke SHGetPathFromIDList,dword[ebx],sPath
invoke lstrcat,sPath,"\Mozilla Firefox\"
stdcall Cargar,dword[ebx+4],"mozcrt19.dll"
stdcall Cargar,dword[ebx+4],"sqlite3.dll"
stdcall Cargar,dword[ebx+4],"nspr4.dll"
stdcall Cargar,dword[ebx+4],"plc4.dll"
stdcall Cargar,dword[ebx+4],"plds4.dll"
stdcall Cargar,dword[ebx+4],"nssutil3.dll"
stdcall Cargar,dword[ebx+4],"softokn3.dll"
stdcall Cargar,dword[ebx+4],"softokn3.dll"
;"nss3.dll"
invoke LocalAlloc,40h,MAX_PATH+1
mov [P],eax
stdcall Concat,sPath, "nss3.dll",eax
invoke LoadLibrary,[P]
mov [lvLibs7],eax
invoke LocalFree,[P]
;1A
invoke SHGetSpecialFolderLocation,0,1ah,ebx
invoke SHGetPathFromIDList,dword[ebx],sFFPath
invoke lstrcat,sFFPath,"\Mozilla\Firefox\profiles.ini"
invoke GetPrivateProfileString,"Profile0", "Path", 0, sRet, 260, sFFPath
stdcall Zerar,sFFPath,MAX_PATH
invoke SHGetSpecialFolderLocation,0,1ah,ebx
invoke SHGetPathFromIDList,dword[ebx],sFFPath
invoke lstrcat,sFFPath,"\Mozilla\Firefox\"
invoke lstrcat,sFFPath,sRet
invoke lstrcat,sFFPath,"\signons3.txt"
invoke CreateFile, sFFPath, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0
mov [hFile], eax
invoke GetFileSize, eax, 0
mov [tamAr], eax
invoke GlobalAlloc, GPTR, eax
mov [IB], eax
invoke ReadFile, [hFile], [IB], [tamAr], bUsados, 0
invoke SHGetSpecialFolderLocation,0,1ah,ebx
invoke SHGetPathFromIDList,dword[ebx],sRet2
invoke lstrcat,sRet2 ,"\Mozilla\Firefox\"
invoke lstrcat,sRet2 ,sRet
;lKeySlot
invoke GetProcAddress,[lvLibs7], "NSS_Init"
stdcall eax,sRet2
.if eax = 0
invoke GetProcAddress,[lvLibs7], "PK11_GetInternalKeySlot"
stdcall eax
mov [lKeySlot],eax
.if eax <> 0
invoke GetProcAddress,[lvLibs7], "PK11_Authenticate"
stdcall eax,[lKeySlot],TRUE,0
.if eax = 0
xor edi,edi
mov ebx,[IB]
invoke printf,Espacio
invoke printf,Espacio
.bucle:
inc edi
cmp edi, [tamAr]
je salir
inc ebx
cmp byte[ebx],"."
jne .bucle
cmp byte[ebx+1],13
jne .bucle
cmp byte[ebx+2],10
jne .bucle
add ebx,3
.if byte[ebx] <> 0
mov [URL],ebx
.bucle2:
inc edi
cmp edi, [tamAr]
je salir
inc ebx
cmp byte[ebx],13
jne .bucle2
cmp byte[ebx+1],10
jne .bucle2
mov byte[ebx],0
mov byte[ebx+1],0
invoke printf,Espacio
invoke printf,Espacio
invoke printf,"WEB: %s",[URL]
invoke printf,Espacio
.campo:
add ebx,2
mov [Campo],ebx
.bucle3:
inc edi
cmp edi, [tamAr]
je salir
inc ebx
cmp byte[ebx],13
jne .bucle3
cmp byte[ebx+1],10
jne .bucle3
mov byte[ebx],0
mov byte[ebx+1],0
invoke printf,"Campo: %s",[Campo]
invoke printf,Espacio
add ebx,2
mov [valor],ebx
.bucle4:
inc edi
cmp edi, [tamAr]
je salir
inc ebx
cmp byte[ebx],13
jne .bucle4
cmp byte[ebx+1],10
jne .bucle4
mov byte[ebx],0
mov byte[ebx+1],0
invoke lstrlen,[valor]
mov [Campo],eax
invoke GetProcAddress,[lvLibs7], "NSSBase64_DecodeBuffer"
stdcall eax,0, tsec, [valor], [Campo]
invoke GetProcAddress,[lvLibs7], "PK11SDR_Decrypt"
stdcall eax, tsec,tSecDec, 0
invoke printf,"Datos: %s",[tSecDec.SECItemData]
invoke printf,Espacio
add ebx,2
.if dword[ebx] = "http"
sub ebx,2
jmp .bucle
.else
sub ebx,2
jmp .campo
.endif
.endif
.endif
.endif
.endif
.endif
salir:
invoke ExitProcess,0
proc Cargar, sPathL, libreria
invoke LocalAlloc,40h,MAX_PATH+1
mov [P],eax
stdcall Concat,[sPathL],[libreria] ,eax
invoke LoadLibrary,[P]
invoke LocalFree,[P]
ret
endp
proc Concat uses esi edi, @AdrSrc1, @AdrSrc2, @AdrDest
mov esi,[@AdrSrc1]
mov edi,[@AdrDest]
.concat_src1:
movsb
cmp byte[esi],0
jne .concat_src1
mov esi,[@AdrSrc2]
.concat_src2:
movsb
cmp byte[esi],0
jne .concat_src2
movsb
ret
endp
proc Zerar,Puntero,Cantidad
push ecx
push ebx
mov ecx,[Cantidad]
mov ebx,[Puntero]
.bucle:
mov byte[ebx+ecx],0
loop .bucle
mov byte[ebx],0
pop ebx
pop ecx
ret
endp
section '.idata' import data readable writeable
library kernel32,'kernel32.dll',user32,'user32.dll',msvcrt,'msvcrt.dll',shell32,'shell32.dll'
include 'api/kernel32.inc'
include 'api/user32.inc'
import msvcrt,printf,"printf",system,"system"
include 'api/shell32.inc'
section '.reloc' fixups data discardable
Comments (0)
Publicar un comentario