can the same method be used to dump passwords?
evilsh3ll opened this issue · 4 comments
can the same method be used to dump passwords?
Absolutely! The Login Data file may contain passwords. I'll work on updating the project soon to include downloading the Login Data file. In the upcoming update I'll add a decrypt cookies/passwords based on DonPAPI's python implementation. Until then, check out lockless! https://github.com/antroguy/LocklessBof for downloading a locked Login Data file.
I'm not sure what method is used by your tool when you say "through a BOF or exe": if the browser process is not open, do you have a chance to extract the database by only locating the exe? (I didn't read all your code, I'll do it soon)
In the BOF, if chrome or edge is currently running, the program looks for a handle to the cookies file, duplicates the handle, and then downloads the file. If the browser is not running it simply downloads the cookies file since it shouldn't be locked. In the EXE, the tool does the same thing but copies the file to you PWD instead of downloading the Cookies to your C2 server.
Updated project to include obtaining Chrome/Edge credentials in Login Data. It does not appear that Login Data is a locked file but in the event browsers update this file to have similar protections as Cookies, the project behaves the same as it would for Cookies. Thank you for the recommendation!