Skip to content

Script for Digispark Attiny85, ATMEGA32U4 to steal passwords, cookies and send to your mail

License

Notifications You must be signed in to change notification settings

kovinevmv/DigiSparkStealer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DigiSparkStealer 🚀

This project allows you to steal passwords and cookies of the victim by inserting a Digispark Attiny85, ATMEGA32U4 or another programming controller with this software and after few seconds you have all the data by mail

Just plug BadUSB and get all data

Warning

Everything in this repository is strictly for educational purposes. Notice I am not responsible for stolen data. You are responsible for your actions using developed script for BadUSB

About

All your data when working with a browser is cached. Since popular browsers like Chrome, Opera or Yandex Browser are chromium based browsers, all stored data on a computer has a similar structure.

The interesting for us data collected in database SQLite. The url, login fields are stored explicitly, but password must be decrypted by win32crypt. This type of encryption means that passwords can be extended only on the client’s computer and nowhere else. We run our program on the client, it uses the client's keys to decrypt passwords and send the decrypted data to our email. Moreover, we can also send cookies and another useful information.

For example, to get all the saved passwords from earlier connected Wi-Fi networks, you just need to type the command:

netsh wlan show profiles

It displays a list of all saved networks. For each network, you must write a command with name (ESSID) of the network. You can read more here

This way we get more victims information. MAC-addresses also can be extracted, using ipconig /all

Alpha version NTLM

Try to extract Windows user password using mimikatz, pypykatz and pypykatz + procdump

Run

Based on the fact that antivirus programs define chrompass as malicious and do not allow it to be run, I had to write a program myself that receives all the data. My modified code sends data to the mail, while in the previous version of the program a powershell was involved in SMTP server creation.

Advantages:

  • Not blocked by firewall
  • Steals WI-FI passwords
  • Works not only with Chrome, but also with Opera and Yandex
  • Simple w3-style css report.

Output example

Disadvantages:

  • Big executable file (5Mb)

Getting Started

Requirements

  1. Buy Digispark ATtiny85
  2. Install Arduino IDE for Digispark

Install

  1. Download this repo

Linux:

$ git clone https://github.com/kovinevmv/DigiSparkStealer
$ cd DigiSparkStealer

Windows: Click on green button on right top of main page. Then - "Download Zip"

  1. Replace your mail, password from the mail and the recipient with your data here
  2. Compile your code by pyinstaller to create executable file
pyinstaller --onefile main.py
  1. Upload executable file from dist to Internet (like git or DropBox)
  2. Replace LINK_HERE with your url here
  3. Run sketch in Arduino IDE, plug Digispark Attiny85
  4. Find victim)

Requirements for victim's PC

  • Switch the keyboard layout to English.
  • Internet is required on the victim's computer

TODO

  • Integrate mimikatz to extract passwords from windows.
  • Rewrite WI-FI password grabber to powershell script, to get all the passwords including those requiring administrator rights.
  • Fix Yandex Browser

Old versions

Based on Nirsoft program

Nirsoft sources

First version is based on Nirsoft program - ChromePass

This software is very convenient and has own advantages. The company has developed software for recovering forgotten passwords. To see your passwords, you just need to run the program and get all your passwords saved on the PC in the "Login Data" file. Most antivirus programs, including Windows Defender, block this file, so most likely the result of this script is poor. Here is report. A PC with a disabled protector and no antivirus is required.

Remember that it only steals Chrome passwords. No more!!!

Advantages:

  • Fast download. Executable file is <1Mb. Can be used in case of bad internet at the victim.
  • Simple presentation of the report in csv, html text forms.

Disadvantages:

  • High probability of launch blocking

Donate for coffee

Boosty