feat: ✨ Add browser stealer artefact

frack113 · Jun 9, 2024 · 7607fec · 7607fec
1 parent f0e11df
commit 7607fec
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -4,7 +4,7 @@
 
 [package]
 name = "wag"
-version = "1.0.0"
+version = "1.1.0"
 edition = "2021"
 description = "Windows Artefact Generator"
 
@@ -41,3 +41,4 @@ rand = "0"
 regex_generate = "0"
 widestring = "1"
 sysinfo = "0.30.5"
+walkdir = "2.5.0"
diff --git a/src/cli.rs b/src/cli.rs
@@ -14,6 +14,7 @@
 */
 
 use crate::commands::ads::ADS;
+use crate::commands::browserstealer::BrowserStealer;
 use crate::commands::file::FileCreate;
 use crate::commands::mutex::Mutex;
 use crate::commands::namepipe::NamePipe;
@@ -38,6 +39,7 @@ impl Arguments {
             Some(Commands::Mutex(mutex)) => mutex.run(),
             Some(Commands::BYOVD(byovd)) => byovd.run(),
             Some(Commands::PPID(ppid)) => ppid.run(),
+            Some(Commands::BrowserStealer(mystealer)) => mystealer.run(),
             None => {
                 return 2;
             }
@@ -59,4 +61,6 @@ pub enum Commands {
     BYOVD(BYOVD),
     #[clap(arg_required_else_help = true)]
     PPID(PPID),
+    #[clap(arg_required_else_help = false)]
+    BrowserStealer(BrowserStealer),
 }
diff --git a/src/commands/browserstealer.rs b/src/commands/browserstealer.rs
@@ -0,0 +1,56 @@
+// SPDX-FileCopyrightText: 2023 The WAG development team
+//
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+//
+// Mimic stealer action on file
+//
+// Last update 20240609
+
+use std::env;
+use std::fs;
+use walkdir::WalkDir;
+
+// Some others
+use crate::commands::tools::EXIST_ALL_GOOD;
+use clap::ArgAction;
+use clap::Parser;
+
+#[derive(Parser)]
+pub struct BrowserStealer {
+    #[clap(short = 'c', long, help = "Compress file into the default temp", action=ArgAction::SetFalse,required = false)]
+    compress: bool,
+}
+
+fn steal_file(name: walkdir::DirEntry, temp: &str) {
+    let infile: String = name.path().display().to_string();
+    let outfile: String =
+        temp.to_owned() + &String::from('\\') + name.file_name().to_str().unwrap();
+    fs::copy(infile, outfile).unwrap();
+}
+
+impl BrowserStealer {
+    /* Version 202406xx */
+    pub fn run(&self) -> i32 {
+        let sensitive_file = ["key4.db", "cookies.sqlite"];
+        println!("Mimic stealer file access ");
+        if self.compress {
+            println!("No compress for now :)");
+        }
+
+        let userprofile = env::var("USERPROFILE").unwrap();
+        println!("😈 looking in the folder {}", userprofile);
+
+        let tempfolder = env::var("TEMP").unwrap();
+
+        for entry in WalkDir::new(userprofile).into_iter().filter_map(|e| e.ok()) {
+            let filename: &str = entry.file_name().to_str().unwrap();
+            if sensitive_file.contains(&&filename) {
+                println!("😈 stealing the file {}", filename);
+                steal_file(entry, &tempfolder);
+            }
+        }
+
+        return EXIST_ALL_GOOD;
+    }
+}
diff --git a/src/commands/mod.rs b/src/commands/mod.rs
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
 
 pub mod ads;
+pub mod browserstealer;
 pub mod file;
 pub mod mutex;
 pub mod namepipe;