Browser passwords
Configuring
Download Firefox and the Chrome standalone installers.
2. Transfer them to and install them on DATA01
.
3. Login with Administrator
and the password Welcome01!
to DC03
and create a user with the name bob
.
4. Login with the user Bob
and the password CredentialDumping01!
on DATA01
.
Firefox Credentials
Open FireFox, go to the settings by opening the menu in the right top and clicking "Settings".
Open the "Privacy and Security" tab and scroll down to the "Login and Passwords" section.
3. Click on "Saved Logins" and click in the bottom on "Create New Login". Fill in the following information to save something within the Browser:
Google Chrome
Open Google Chrome, go to the settings by opening the menu in the right top and clicking "Settings".
Click on "Autofill" and then on "Passwords"
3. In the "Save Passwords" section click on "Add". Fill in the following information and click "Save".
Attacking
How it works
The saved passwords are stored in a which lets the user decrypt them without asking for a password as long as they aren't protected with a master password.
Tools
Executing the attack
To execute the attack administrator privileges to the machine and user credentials for the users which we want to extract the credentials from are required.
From the Kali machine install the DonPapi tool.
Create a
creds.txt
file and place the credentials frombob
in here with the<USER>:<PASSWORD>
format.Bob:CredentialDumping01!
3. Execute the following command to run DonPapi against DATA01
using the creds.txt
file and dumping all the credentials saved for this user on DATA01
:
We discovered the saved credentials in Chrome and Firefox.
Defending
Recommendations
Don't save passwords in browsers and use a passwordmanager such as LastPass, BitWarden or KeePass.
Detection
Last updated