How To: Simply Gather Saved Passwords (Quick Tutorial)

Simply Gather Saved Passwords (Quick Tutorial)

Hello you sexy, savage, surreptitiously tech-savvy penetrators (Pun intended)!

Today I'm going to show you two really quick tricks that allows you to find someones saved passwords on their browser. To use these tricks you must have access to their browser, which means you are either in their house (LEGALLY you bunch of hooligans!) or you are running VNC on their computer after executing a payload. So if you don't have access to any of these things, this article will not work out for you, but keep reading to just be informed. So lets get this party started!

Method 1: Browser Settings

On most browsers, including Google Chrome and Firefox, a user may be asked if he/she wishes to save their passwords when signing in to a webpage in order to make their future log in process faster. What they don't know is that when they click yes, that password can be seen by anyone else who uses the same machine. For my example, I will be using Google Chrome to find these passwords, but Firefox and other browsers have their equivalent pathways, so just try to follow along as best as you can.

  • Step 1

Open the browser and head to the settings. From their look for a tab that have keywords such as "Manage Passwords" or "User Password". You may have to click the "Show Advanced Settings at the bottom of the settings page".

  • Step 2

From their, click whatever seems to be the most likely place to find passwords. By now you should be displayed with a bunch of emails, where they have been used, and hidden passwords. If you hover your mouse over the password you intend to see, you will be able to put it in plain text. If no emails show up here, it means that your targets were smart enough to not trust this feature and you'll have to find another way of getting access to their passwords. Obviously, I blacked out my emails and websites, but yours will look normal.

Method 2: Using the Autofill Function

On certain sites such as Facebook and *ahem... (online banks) there is an autofill function on browsers such as Google Chrome and if you ever come across these sites with an already filled in login text box, you know you have the password. Take this for example: facebook.

  • Step 1

Go over to the text box with the hidden password and right click on your mouse. Go to Inspect Element (Thats when you know you're a 1337 HaX0r). Inspect Element shoud have already highlighted the line you are *puts on sunglasses* inspecting the element on. If it didn't than use the picture below to see what the line looks like.

  • Step 2

Double click and edit the part of the code that says "type=password" and make it say "type=text". Then press enter and look at the text box that previously had the hidden password. The box should now show the password in plain text.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Image via memecdn.com

I hope this quick tutorial at least helped you, to some degree convince your roommate, family, or significant other that you are the 1337est HaX0r that ever lived (Oh and BTW I DO NOT ENDORSE HACKING BANKS: THAT'S BAD AND YOU'LL GET A SLAP ON THE WRIST SO DON'T DO IT)! Thanks for reading and have a good day.

11 Comments

Thanks Sarge :D

i love the way you write. and your puns. and the memes you put at the end of your posts.

hacker-brofist

-Phoenix750

heavy-hacker brofisting intensifies

Thanks for reading Phoenix!

Sorry sexu ROOT343 but your method 1 step 2 has another flaw to be mentioned :P

If the session in use (login) doesn't have a blanl password, you will not see the stored passwords because, it will ask for it (for the user's session password) - this in windows 7, at the others OS i d not know.

Cheers :P

And that step 2 in method 2 seems to work in many other sites/pages besides facebook :P
Thanks ROOT343

Well that's assuming that the person has an account on chrome and everyone that I know, including me, doesn't even use this feature. However tale it if it works for you. I found out this works on my colleges computers even though everyone has to sign in to an account to use the computers. Thanks for reading BTW!!

Well this is odd... I have to login into the company's computer, and when accessing the Chrome password manager, it always asks for the password. Maybe is a domain controler thing. :\

Not odd. It's the standard Chrome behavior.

I'm guessing if it's working on library computers, it's because either 1) they have a blank OS password, and when you authenticate to the computer you're not actually logging into the OS, or 2) someone configured Chrome to not prompt for the OS password.

In the end, it's a meaningless security gesture because you can disable it using a Chrome flag:
chrome://flags/#password-manager-reauthentication

I guess it is because this has even worked me in libraries.

I use aMemoryJog (http://apple.co/1MwKeX4) to manage all my passwords and easy-to-forget info. I use it everyday, cannot imagine not having it.

Share Your Thoughts

  • Hot
  • Latest