search

Blank-c / Blank-Grabber

The most powerful stealer written in Python 3 and packed with a lot of features.
MIT License
756 stars 208 forks source link

Failed to grab any chrome credentials #337

Closed darknightmc80 closed 1 year ago

darknightmc80 commented 1 year ago

To test my claim against it, I put it on the device and set it up. While testing, I attempted to run the payload on the PC's virtual machine, but it failed to capture the five dummy credentials that I had previously saved in Chrome.

Blank-c commented 1 year ago

To test my claim against it, I put it on the device and set it up. While testing, I attempted to run the payload on the PC's virtual machine, but it failed to capture the five dummy credentials that I had previously saved in Chrome.

Can you tell me: 1) The Chrome version. 2) The Windows version. 3) Does %localappdata%\Google\Chrome\User Data exists? 4) Is your PC a VM, and if it is then what type (Windows sandbox/VMware/Virtual Box/RDP/something else)? 5) Does this tool shows your passwords?

And if there were error logs in the archive file, can you show them?

darknightmc80 commented 1 year ago

To test my claim against it, I put it on the device and set it up. While testing, I attempted to run the payload on the PC's virtual machine, but it failed to capture the five dummy credentials that I had previously saved in Chrome.

Can you tell me:

  1. The Chrome version.
  2. The Windows version.
  3. Does %localappdata%\Google\Chrome\User Data exists?
  4. Is your PC a VM, and if it is then what type (Windows sandbox/VMware/Virtual Box/RDP/something else)?
  5. Does this tool shows your passwords?

And if there were error logs in the archive file, can you show them?

1.Chrome: 115.0.5790.110 2.Windows: 22H2 3.yes it does 4.VMware 5.yep it does show em

darknightmc80 commented 1 year ago

Also side note what is the password for the Blank-{username}.rar file it generates in the dc server with the grabbed data

Blank-c commented 1 year ago

Also side note what is the password for the Blank-Abby.rar file it generates in the dc server with the grabbed data

Look inside config.json file along with the builder.

Blank-c commented 1 year ago

Hey there, I am unable to reproduce the problem. Can you try to run the grabber with keeping chrome closed.

darknightmc80 commented 1 year ago

I tried running it while Chrome was closed and it worked fine. However, when I ran it with Chrome open, there were some issues. To improve the user experience, it may be useful to add a feature that terminates Chrome and other browser processes before attempting to grab data.

darknightmc80 commented 1 year ago

man Grammarly helps out

Blank-c commented 1 year ago

It actually autocloses chrome. I am not sure why your chrome was still running.

smthpy commented 1 year ago

It actually autocloses chrome. I am not sure why your chrome was still running.

And I get why, given the credentials cannot be accessed at all while chrome is opened, I've already tried this with a different library.

Blank-c commented 1 year ago

It actually autocloses chrome. I am not sure why your chrome was still running.

And I get why, given the credentials cannot be accessed at all while chrome is opened, I've already tried this with a different library.

You get them without closing chrome? May I see the code?

One thing I tried as a poc was to try to copy the chrome's Cookies file while it was running and Windows didn't let me do that.

Blank-c commented 1 year ago

I have the same version of chrome but I am unable to reproduce the issue.