search

Busindre / dumpzilla

Extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers
http://www.dumpzilla.org
130 stars 25 forks source link

libnss not found (libnss3.so) #6

Closed tokyoneon closed 6 years ago

tokyoneon commented 6 years ago

Hey @onehdev

I took the 9kwbffy3.default/ Firefox profile from my MacBook v10.13 using Firefox v60.0.2 and saved it to my Kali machine.

Using the below command in Kali:

> python3 dumpzilla.py /path/to/9kwbffy3.default/

[ERROR] Error decoding passwords: libnss not found (libnss3.so)
[WARNING] No session info found!

I've installed python-nss using pip3, libnss3* and nss-passwords using apt-get but still dumpzilla gives the same error and isn't able to decode the passwords. After trying older versions of dumpzilla, this issue doesn't exist. I think it started with this commit but I'm not positive.

Any help here would be great. I'm hoping to feature dumpzilla in one of my articles this week.

onehdev commented 6 years ago

Hi @tokyoneon ,

Could you tell us which are the libnss locations in your computer?

Thanks!

tokyoneon commented 6 years ago 
    > whereis libnss
libnss: /usr/lib/x86_64-linux-gnu/libnss3.so

    > find / -type f -iname *libnss*
/var/lib/dpkg/info/libnss-mdns:amd64.shlibs
/var/lib/dpkg/info/libnss-mdns:amd64.postrm
/var/lib/dpkg/info/libnss3:amd64.md5sums
/var/lib/dpkg/info/libnss-mdns:amd64.triggers
/var/lib/dpkg/info/libnss-mdns:amd64.md5sums
/var/lib/dpkg/info/libnss3:amd64.triggers
/var/lib/dpkg/info/libnss-mdns:amd64.postinst
/var/lib/dpkg/info/libnss-mdns:amd64.list
/var/lib/dpkg/info/libnss3:amd64.list
/var/lib/dpkg/info/libnss3:amd64.symbols
/usr/share/lintian/overrides/libnss-mdns
/usr/share/lintian/overrides/libnss3
/usr/lib/x86_64-linux-gnu/samba/libnss-info.so.0
/usr/lib/x86_64-linux-gnu/libnssutil3.so
/usr/lib/x86_64-linux-gnu/nss/libnssdbm3.chk
/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
/usr/lib/x86_64-linux-gnu/nss/libnssdbm3.so
/usr/lib/x86_64-linux-gnu/libnss3.so
/lib32/libnss_dns-2.27.so
/lib32/libnss_nisplus-2.27.so
/lib32/libnss_nis-2.27.so
/lib32/libnss_compat-2.27.so
/lib32/libnss_files-2.27.so
/lib32/libnss_hesiod-2.27.so
/lib/x86_64-linux-gnu/libnss_mdns6.so.2
/lib/x86_64-linux-gnu/libnss_dns-2.27.so
/lib/x86_64-linux-gnu/libnss_mdns4.so.2
/lib/x86_64-linux-gnu/libnss_nisplus-2.27.so
/lib/x86_64-linux-gnu/libnss_nis-2.27.so
/lib/x86_64-linux-gnu/libnss_mdns.so.2
/lib/x86_64-linux-gnu/libnss_compat-2.27.so
/lib/x86_64-linux-gnu/libnss_mdns_minimal.so.2
/lib/x86_64-linux-gnu/libnss_files-2.27.so
/lib/x86_64-linux-gnu/libnss_mdns6_minimal.so.2
/lib/x86_64-linux-gnu/libnss_hesiod-2.27.so
/lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2
/lib/i386-linux-gnu/libnss_dns-2.27.so
/lib/i386-linux-gnu/libnss_nisplus-2.27.so
/lib/i386-linux-gnu/libnss_nis-2.27.so
/lib/i386-linux-gnu/libnss_compat-2.27.so
/lib/i386-linux-gnu/libnss_files-2.27.so
/lib/i386-linux-gnu/libnss_hesiod-2.27.so
tokyoneon commented 6 years ago

https://null-byte.wonderhowto.com/how-to/hacking-macos-dump-passwords-stored-firefox-browsers-remotely-0185234/

2A2U commented 1 year ago

I don't know if this a good way in solving this problem. But I solved it changing the path in the script from 

elif sys.platform.endswith('win') == False: # LINUX`
        libnss_path = "libnss3.so"

to

elif sys.platform.endswith('win') == False: # LINUX
        libnss_path = "/usr/lib/x86_64-linux-gnu/libnss3.so"