Chrome stealer malware – Digitalmunition

Home Forums Chrome stealer malware

This topic contains 1 reply, has 2 voices, and was last updated by  T4O2M0 1 month, 1 week ago.

  • Author
  • #257544


    So im coding a chrome creds stealer in c++ and i need to obtain a user profile username since the folder where the database for chrome is named after this username.I can take the name from something like ‘echo %username%’ using cmd or ‘whoami’ but what if the user changes his username.According to microsoft docs the user profile folder doesnt change its name.What is the best way to acomplish this ?

  • #257545


    Btw chrome changed the way the database thing works so if you’re using a method that’s like a year old or older it probably doesn’t work

    If it do work could you like link me the tutorial or smthin lmao

  • #257546


    You could just pull the username from the current logged in user should work for domain or local. I’ve done it with outlook MAPI code before but in C#.

  • #257547


    #include <windows.h>
    #include <Lmcons.h>

    char username[UNLEN+1];
    DWORD username_len = UNLEN+1;
    GetUserName(username, &username_len);

  • #257548


    You could just iterate through all the usernames in the users folder – skipping Public and Default.

  • #257549


    Pretty sure profile names are listed in the registry. The old way to do it was find the install location via registry, then loop through the profile folders

  • #257550


    Cant you just enum the directory where it is and do a loop on each index?

You must be logged in to reply to this topic.