Question Regarding Remembered Passwords
So if you would for example want to find out someone's login credentials, and this could be any website(Facebook, Gmail, whatever you want it to be), then it would be an option to just run a keylogger from for example a metasploit meterpreter session. However in practice many people click the remember me box for their credentials so that they don't have to login again each time. Therefore my question is how it would be possible to get these credentials in such a case and how do I know if the target system actually has its passwords remembered or not?
3 Responses
What if you captured the request sent from the browser, with the passwords in it? Is that even possible? I don't know, but that might work.
I would recommend you to check how Rubber Ducky works. That should give you nice information.
I actually have a usb rubber ducky so that might be an option. However I don't think(hypothetically speaking) it is that good when putting it into practice cause when you have let's say 1min or 2min access to a computer physically it would be much better to use that usb rubber ducky to autorun a payload that provides you with a meterpreter session. This way you can get yourself permanent access and do almost everything you want.
This seems to be better to me because the ducky script would only steal passwords that are actually rememberd by chrome. So if you really wanted to get someone's gmail credentials but he did not save them you use your risky 2min physical access not very wisely I believe. Therefore I was thinking of a way to check from a meterpreter session whether someone actually saved the password but I can't really think of a way to do this yet.
Share Your Thoughts