Penetration skills - the lateral penetration - Save export Firefox and other browsers password

Others 2020-03-16 23:14:22 views: null

Transfer: https://3gstudent.github.io/

  • Password save mode
  • Introduce the principle of
  • Common export tool
  • Use ideas

As the browser keeps track of the saved user name and password for the next user to automatically log on.

It includes the following information:

  • Website address
  • Username
  • Password
  • Created
  • Last modified
  • Last used
All records are kept in the same file, the specific location is: 
% APPDATA% \ Mozilla \ Firefox \ Profiles \ xxxxxxxx.default \

Note:

xxxxxxxx 8-bit random combination of letters and numbers

Different versions of Firefox keep a record of the file name, the specific differences are as follows:

  • Version 32.0 or greater, record-keeping files logins.json
  • Version 3.5 or greater, less than 32.0, record file is signons.sqlite

A more detailed explanation can refer to the file:

http://kb.mozillazine.org/Profile_folder_-_Firefox

Different versions of Firefox Download:

http://ftp.mozilla.org/pub/firefox/releases/

Logins.json position location can be achieved by the file cmd command, as follows:

dir %APPDATA%\Mozilla\Firefox\Profiles\*logins.json /s /b

View the contents of logins.json file, as shown below

Where encryptedUsernameand encryptedPasswordis the encrypted content, the decryption key file need (key and iv) for 3DES-CBC decryption and

Different locations in different versions of Firefox key files, the specific differences are as follows:

  • Version less than 58.0.2, the key file is key3.db
  • Version 58.0.2 or greater, the key file is key4.db

Note:

Version difference key3.db and key4.db derived from https://github.com/lclevy/firepwd/blob/master/firepwd.py#L236

I was in my test system (Win7x64), install the 64-bit Firefox, the test results are different, as follows:

  • If Firefox versions lower than 58.0, the key file is key3.db
  • If Firefox is a later version, the key file is key4.db

By default, the current user's privileges can view all saved passwords in Firefox browser, in order to improve security, support for Firefox browser add additional protection for saved passwords: Set Master Password

DETAILED position below

After adding Master Password, view saved passwords require additional input Master Password

Decryption process:

  1. Read the key file (key4.db or key3.db), and iv obtain key
  2. Read the contents of the log file (logins.json or signons.sqlite) of
  3. If you do not set the Master Password, use the key to encrypt the content and iv records in the file are 3DES-CBC decryption If Master Password, also need to get clear text Master Password, in order to decrypt

 

0x03 export tool

1.WebBrowserPassView.exe

download link:

https://www.nirsoft.net/utils/web_browser_password.html

Note:

This version does not support command line operation

The command line version need to download another address:

https://www.nirsoft.net/password_recovery_tools.html

Under the command line using the method:

WebBrowserPassView.exe /LoadPasswordsFirefox 1 /shtml "c:\test\passwords.html"

Result is stored in c:\test\passwords.htmlthe content as shown below

You can get complete information, including the following categories:

  • Website address
  • Username
  • Password
  • Created
  • Last modified
  • Last used

It does not support the use of Master Password to decrypt

2.firepwd.py

Address: https: //github.com/lclevy/firepwd

Need to install dependencies:

pip install pyasn1
pip install pycrypto

Access to part information, including the following categories:

  • Website address
  • Username
  • Password

Command examples:

firepwd.py -d C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\5a4gs6zh.default-release\

The results shown below

It supports the use of Master Password to decrypt

Note:

In my own testing environment, firepwd.py only support the Master Passwor key3.db decryption, key4.db the Master Passwor decrypt a bug

Command examples:

Use a test file mozilla_db (key3.db), Master Password is MISC*ordered as follows:

python firepwd.py -p 'MISC*' -d mozilla_db/

Normal, below

 My test environment (key4.db), Master Password is 12345678ordered as follows:

firepwd.py -d C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\5a4gs6zh.default-release\ -p "12345678"

Decryption exist bug, failed password prompt, as shown below

3.Lazagne

address:

https://github.com/AlessandroZ/LaZagne/

Export Firefox browser code from https://github.com/lclevy/firepwd

The results above, below

4.firefox_decrypt.py

Address: https: //github.com/unode/firefox_decrypt

Use NSS (Network Security Services) to decrypt support key3.db and key4.db the Master Password to decrypt

Access to part information, including the following categories:

  • Website address
  • Username
  • Password

Test results as shown below

In 64-bit systems, Python and Firefox versions need to be consistent (with the same 32-bit or 64-bit), otherwise it will promptERROR - Problems opening 'nss3.dll' required for password decryption

5.Firefox browser

Achieved by exporting the profile of the way

Documents required to obtain a log file (logins.json or signons.sqlite) and key file (key4.db or key3.db), stored in the local folderC:\test\data1

-Profile parameter to start using Firefox:

firefox.exe -profile C:\test\data1

Enter the correct Master Password, successfully obtained information saved Firefox browser

0x04 exploit ideas

If you set up Firefox Master Password, use the above tools try to export a password, the result will be displayed as 0 results, so you need to read the log file to confirm the existence of records

Firefox version can be obtained by way of querying the registry, open source before you can reference the code here: https: //github.com/3gstudent/ListInstalledPrograms/blob/master/ListInstalledPrograms.ps1

Different versions of the record corresponding to the file Firefox, specifically the following differences:

  • Version 32.0 or greater, record-keeping files logins.json
  • Version 3.5 or greater, less than 32.0, record file is signons.sqlite

Command to locate logins.json file is as follows:

dir %APPDATA%\Mozilla\Firefox\Profiles\*logins.json /s /b

Command to locate signons.sqlite file is as follows:

dir %APPDATA%\Mozilla\Firefox\Profiles\*signons.sqlite /s /b

If a record exists, then you can use the tool to try to export

Offline export to note the following issues:

1. Master Password not set

Just need to get a log file (logins.json or signons.sqlite) and key file (key4.db or key3.db)

Use firepwd.py or Firefox browser to import configuration files

2. Set Master Password

(1) only obtained record file (logins.json or signons.sqlite) and key file (key4.db or key3.db,)

Local use the Firefox browser import the configuration file, enter the Master Password

(2) requires a complete profile

Need to include the following files:

  • %APPDATA%\Mozilla\Firefox\profiles.ini
  • % APPDATA% \ Mozilla \ Firefox \ Profiles \ file xxxxxxxx.default \ in

Use firefox_decrypt.py, command example:

firefox_decrypt.py C:\test\data1

For ordinary users, in order to increase password security, it is recommended to set Master Password

Gangster other two articles:

Penetration skills - save export Chrome browser password

Export saved passwords in Firefox browser by Network Security Services

 

Guess you like

Origin www.cnblogs.com/ethtool/p/12507649.html
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com