I have succesfully exploited a pc and i got the meterpreter i managed to run vnc but the problem is i can't dump sam file , or anyother option similar to it , i already got system id but i guess its because of kaspersky installed on that pc .
My main point is how can i gather all the save accounts in browsers , plus is there a way to steal an open session ? for example if he is using whatsapp web can i steal that session and use in on my pc ,
13 Responses
browser passwords are stored somewhere in User/Appdata/blabla
encrypted in sqlite files..at least that's what i remember..
If you have meterpreter you shoud be able to dump SAM.file..
however, you can use wireshark to sniff tcp packets then add filter : 'http.cookie' to find http cookies and inject them into your browser with the help of greasemonkey for example..
Good Luck
@ANTHON thank you for your reply ,as for the sniffer i will try it out but i need to read a tutorial first .
as for browser passwords i know they are in this folder i already copied them to my local machine but i was wondering .. if i replace the my local profile content with the victim Profile content wouldn't it work ?.
does it still works ?! i tried it with no luck on facebook ..
What's the extent of your access? Are you an administrator?
yes i'm an administrator and i'm using psexecpsh exploit , after that i'm using getsystem command my meterpreter is reversetcp
Use the meterpreter and use hashdump to get the password hashes.
didn't work , and i know its strange i used it before on another pc , could it be because of the antivirus ? and is there a new way other than killav to stop it ? thanks you :-)
Have you tried uploading pwdump?
yep and still didn't work .. i tried using it in both ways through memory and executing it from a shell .
my lab pc is windows 8.1 updated + kaspersky installed , does make any difference in case if its updated or not ?
If you have VNC on the target, why not just turn off the AV?
;-)
I adapted a small Python script to decrypt the sql database from chrome and send the text file to a listener. I can release it if you'd like. Chrome uses an inbuilt windows function which means if you encrypt data on a machine it can only be decrypted on the same machine. Which is what my program does; it decrypts it on the same machine and stores it as plaintext. If you'd like I can release it later today, when I get home.
Robyn
I'll also link the page with the original script which I modified :P
Robyn
EDIT: I found it here . It explains the cryptprotectdata function really well
Share Your Thoughts