• XSS.stack #1 – первый литературный журнал от юзеров форума

FREE & opensrc Rust Stealer

Отслеживать
Thanks for work on project. Work perfect. Seems mine issue affect to release build - if buffer.len() < 15, glad to help.
Let me try to purpose additional function.
There is a tool Chlonium https://github.com/rxwx/chlonium

with C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies file
and Statekey wich is provided by tool like =
> Chlonium.exe "c:\users\user\AppData\Local\Microsoft\Edge\User Data\Local State"
[+] Statekey = 3Cms3YxFXVyJRUbulYCnxqY2dO/jubDkYBQBoYIvqfc=
you can import whole cookie db to your browser (+prechanging key with chlonium import tool)

So maybe it possible to add feature - steal Cookie db file and Key?

There is another db's (in sql format) wich can be imported - like password , history etc = way to full clone browser (+ reverse proxy = cool pivot).
might be helpfull - https://github.com/Meckazin/ChromeKatz
 
nobody0 сказал(а):
Thanks for work on project. Work perfect. Seems mine issue affect to release build - if buffer.len() < 15, glad to help.
Let me try to purpose additional function.
There is a tool Chlonium https://github.com/rxwx/chlonium

with C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies file
and Statekey wich is provided by tool like =
> Chlonium.exe "c:\users\user\AppData\Local\Microsoft\Edge\User Data\Local State"
[+] Statekey = 3Cms3YxFXVyJRUbulYCnxqY2dO/jubDkYBQBoYIvqfc=
you can import whole cookie db to your browser (+prechanging key with chlonium import tool)

So maybe it possible to add feature - steal Cookie db file and Key?

There is another db's (in sql format) wich can be imported - like password , history etc = way to full clone browser (+ reverse proxy = cool pivot).
might be helpfull - https://github.com/Meckazin/ChromeKatz
I don't see reason to steal DB file and key, since all cookies are already saved in stealer, you just have to import this .txt file with cookies via browser add-on and you have all stolen sessions.
 
Tomek сказал(а):
I don't see reason to steal DB file and key, since all cookies are already saved in stealer, you just have to import this .txt file with cookies via browser add-on and you have all stolen sessions.
blog.chromium.org

Fighting cookie theft using device bound sessions

Cookies – small files created by sites you visit – are fundamental to the modern web. They make your online experience easier by saving bro...
blog.chromium.org blog.chromium.org
github.com

GitHub - w3c/webappsec-dbsc: Device Bound Session Credentials: A Protocol for Protecting From Cookie Theft

Device Bound Session Credentials: A Protocol for Protecting From Cookie Theft - w3c/webappsec-dbsc
github.com github.com
I am new to that cookie,chrome theme - was thought there is some browser cheking in webapps

Can you plz advice some conrete addon wich will easy eat exactly that format of output txt (without any json encoding) . Thx
1715790395720.png
 
nobody0 сказал(а):
blog.chromium.org

Fighting cookie theft using device bound sessions

Cookies – small files created by sites you visit – are fundamental to the modern web. They make your online experience easier by saving bro...
blog.chromium.org blog.chromium.org
github.com

GitHub - w3c/webappsec-dbsc: Device Bound Session Credentials: A Protocol for Protecting From Cookie Theft

Device Bound Session Credentials: A Protocol for Protecting From Cookie Theft - w3c/webappsec-dbsc
github.com github.com
I am new to that cookie,chrome theme - was thought there is some browser cheking in webapps

Can you plz advice some conrete addon wich will easy eat exactly that format of output txt (without any json encoding) . Thx
Посмотреть вложение 84664
any add-on just look for import cookies button from .txt file

I use this add-on, but this is only for firefox

GitHub - ysard/cookie-quick-manager: An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.

An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox. - ysard/cookie-quick-manager
github.com
 
Последнее редактирование:
s1sm0x0 сказал(а):
Hello, is the HVNC still working currently?
You mean RAT option, yes but check how is it working because it will just create new user on somebody PC, and you will use RDP to connect to it, thus it will only work if infected PC is running windows PRO version!!!
 
Tomek сказал(а):
You mean RAT option, yes but check how is it working because it will just create new user on somebody PC, and you will use RDP to connect to it, thus it will only work if infected PC is running windows PRO version!!!
Is it possible for it to port-forward to expose itself through NAT?
 
Lipshitz сказал(а):
Is it possible for it to port-forward to expose itself through NAT?
Eh, idk much about thing u are asking about, but the thing I know is that we are using in Rust stealer windows RDP, thus this is windows default program, this function RAT will only create new user on windows machine, and login/password are hardcoded in src, thus you know these, the only missing thing is IP that will be in logs. With these information you can connect to somebody machine, but they need windows pro to do it, because machine that we want to connect to, there is requirement of windows pro, but we can connect from any windows. Tell me if this is what you want to know ;)
 
Tomek сказал(а):
Eh, idk much about thing u are asking about, but the thing I know is that we are using in Rust stealer windows RDP, thus this is windows default program, this function RAT will only create new user on windows machine, and login/password are hardcoded in src, thus you know these, the only missing thing is IP that will be in logs. With these information you can connect to somebody machine, but they need windows pro to do it, because machine that we want to connect to, there is requirement of windows pro, but we can connect from any windows. Tell me if this is what you want to know ;)
please. check dm
 
Tomek сказал(а):
Eh, idk much about thing u are asking about, but the thing I know is that we are using in Rust stealer windows RDP, thus this is windows default program, this function RAT will only create new user on windows machine, and login/password are hardcoded in src, thus you know these, the only missing thing is IP that will be in logs. With these information you can connect to somebody machine, but they need windows pro to do it, because machine that we want to connect to, there is requirement of windows pro, but we can connect from any windows. Tell me if this is what you want to know ;)
I mean if the PC is not directly exposed to the Internet will it make RDP visible to the outside world? Through NAT for example
 
Lipshitz сказал(а):
I mean if the PC is not directly exposed to the Internet will it make RDP visible to the outside world? Through NAT for example
idk, but you can google it, this function is just very simple exploitation of existing windows feature.
 
I can write a module that will work around CNAT or Port Fwd requirements if you want, but I don't know rust. Let me know if you want to convert from C or GO, and I will do it.
 
Can anyone help me change the firefox/firefox.rs to be more like chromium logic where it searches for different Mozilla programs (i.e thunderbird, icedragon, etc) based on string in path? I added a couple more browsers to chromium (opera, sogou) but not sure how to do it in this file
 
Lipshitz сказал(а):
Can anyone help me change the firefox/firefox.rs to be more like chromium logic where it searches for different Mozilla programs (i.e thunderbird, icedragon, etc) based on string in path? I added a couple more browsers to chromium (opera, sogou) but not sure how to do it in this file
Wdym? For gecko based browser there is only firefox due to hardcoded path, but for chromium based browser everything is dynamic, thus it will support everything but only not yandex, due to different encryption/decryption.
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх