MikeVazovsky Posted July 14, 2015 Share Posted July 14, 2015 Hello. Please help, I collect the passwords from the browser chrome on the victim's computer. How do I encrypt them (eg DES, AES, RC4), then I was able to decipher them on my program in C# Quote Link to comment Share on other sites More sharing options...
Polisher Posted July 17, 2015 Share Posted July 17, 2015 Why do you want to use email to send the data? Email headers contain much more info as to what is happening than in the email itself.... Quote Link to comment Share on other sites More sharing options...
overwraith Posted July 20, 2015 Share Posted July 20, 2015 (edited) You might want to go back and restructure your sentence in your first post via "edit". You seem to be asking how to encrypt/decrypt data via C#. There is actually a Crypto API, is some very cool stuff. I am learning about it myself. So what you need to know is that there are basically 3 kinds of crypto algorithims, Symmetric which allows for the encrypting, and decrypting of data, HashAlgorithims which are to say one way functions (password goes in, non-reversible crypto text comes out, good for authentication schemes), and AsymmetricAlgorithims which are basically public key algorithms, like SSH/HTTPS/TLS. You are asking about symmetric algorithms, for the transfer of data, you encrypt on one side, and decrypt on the other. Here is some MSDN documentation on the SymmetricAlgorithim class, I would read it, especially since it lists some inheriting classes: https://msdn.microsoft.com/en-us/library/system.security.cryptography.symmetricalgorithm%28v=vs.110%29.aspx Here is some of the Encryption algorithm classes you asked for: https://msdn.microsoft.com/en-us/library/system.security.cryptography.aes%28v=vs.110%29.aspx https://msdn.microsoft.com/en-us/library/system.security.cryptography.des%28v=vs.110%29.aspx Concerning RC4, I could only find a Microsoft/.NET class for RC2. I would not recommend implementing your own RC4 class unless you absolutely know what you're doing. They warn in Practical cryptography books that programmers are not supposed to implement crypto algorithms without a cryptanalyst due to the inevitability of completely messing it up. I am reading the following book, and it seems to be the most current C# crypto book, and is a pretty good read: http://www.amazon.com/Data-Security-Handbook-Matthew-Macdonald/dp/1861008015/ref=sr_1_1?ie=UTF8&qid=1437434431&sr=8-1&keywords=data+security+C%23 If you are going to learn about crypto, make sure you buy the most current book you can about it. Last time I checked no more current books existed, but double check. Since you are going to be sending via email, you will probably need to convert your cypher text to a text format at some point, so do a quick msdn search for a base64 converter function. Recently I figured out what Base64 does in programming, it converts the naturally "binary data" nature of cypher text (or anything else) to a text readable format (binary data chars usually fall outside of the ranges of legible characters). You need to convert to and from base64 on both the decrypt and encrypt sides of the process. encrypt->base64->data->from base64->decrypt. Another thing you should know is that an Initialization Vector in crypto is basically like another password, or a shim, it makes things a lot more difficult to crack since the crypto algorithm then has a starting point (an initialization) other than what it would normally have. If you really wanted to you could pick up a C# sockets book also to figure out how to make a "client" program that could exfiltrate the data less noisily. You could for instance create a web client which would send data via posts (don't take my word on this, some of my web experience is a little rusty) or something. Ultimately there would still be a network log, but it would be a little less noisy. Who checks the logs honestly? Edited July 20, 2015 by overwraith Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.