Monday 27 August 2018

Remotely getting the Chrome Browser's  encrypted password file



Background
Chrome browser using a win32 API win32crypt.CryptProtectData and win32crypt.CryptUnprotectData to encrypt and decrypt the "reminder" password DB in sqlite respectively, this file saved at c:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Login Data

Tools:
OS: Kali
Language: Python 3

Target Client OS: Window 10 Professional, with the latest patch and anti-virus enabled

Steps
1)  the Python HTTP Server started up at Kali Linux
2)  a Python Malware Client (PMC) got a single from a Twister Account "fkclai" to start the attack
3)  this PMC sent an HTTP Get request to Kali HTTP server
4)  the server returned a post request with commend "showChromePwd" to instruct the PMC return the Chrome Browser Password
5)  the PMC got the password file and decrypted it using win32 API and returned the result
6)  Kali HTTP server display the result at the console




No comments:

Post a Comment

Calvin Work A) My Study Plan B) My CTF Record C) My Python Code-  github    1) Crypto    2) Crunch in python (generate d...