Open ThePirateWhoSmellsOfSunflowers opened 4 months ago
Hello,
During an engagement I found that DonPAPI looks for the Default user profile. However, many of my targets has non default profile name (such as "Profile 1") or multiple profiles. Current profile name can be found within the Local State file:
Default
Local State
Renamed profile
{ "info_cache": { "Profile 5": { "active_time": REDACTED.135468, "avatar_icon": "chrome://theme/IREDACTED", "background_apps": false, "first_account_name_hash": 477, "force_signin_profile_locked": false, "gaia_given_name": "REDACTED", "gaia_id": "REDACTED", "gaia_name": "REDACTED", "gaia_picture_file_name": "Google Profile Picture.png", "hosted_domain": "REDACTED", "is_consented_primary_account": false, "is_ephemeral": false, "is_using_default_avatar": true, "is_using_default_name": true, "last_downloaded_gaia_picture_url_with_size": "REDACTED", "managed_user_id": "", "metrics_bucket_index": 5, "name": "Personne 2", "shortcut_name": "REDACTED", "signin.with_credential_provider": false, "user_accepted_account_management": false, "user_name": "REDACTED" } }, "last_active_profiles": [ "Profile 5" ], "last_used": "Profile 5", "metrics": { "next_bucket_index": 6 }, "picker_shown": true, "profile_counts_reported": "REDACTED", "profiles_created": 6, "profiles_order": [ "Profile 5" ] }
Multiple Profiles
{ "info_cache": { "Default": { "active_time": REDACTED.728178, "avatar_icon": "chrome://theme/REDACTED", "background_apps": false, "first_account_name_hash": 822, "force_signin_profile_locked": false, "gaia_given_name": "REDACTED", "gaia_id": "REDACTED", "gaia_name": "REDACTED REDACTED", "gaia_picture_file_name": "Google Profile Picture.png", "has_multiple_account_names": true, "hosted_domain": "REDACTED", "is_consented_primary_account": true, "is_ephemeral": false, "is_using_default_avatar": true, "is_using_default_name": true, "last_downloaded_gaia_picture_url_with_size": "REDACTED", "managed_user_id": "", "metrics_bucket_index": 1, "name": "Personne 1", "shortcut_name": "REDACTED", "signin.with_credential_provider": false, "user_accepted_account_management": true, "user_name": "REDACTED" }, "Profile 1": { "active_time": REDACTED.65364, "avatar_icon": "chrome://theme/REDACTED", "background_apps": false, "first_account_name_hash": 822, "force_signin_profile_locked": false, "gaia_given_name": "", "gaia_id": "", "gaia_name": "", "gaia_picture_file_name": "", "hosted_domain": "", "is_consented_primary_account": false, "is_ephemeral": false, "is_using_default_avatar": true, "is_using_default_name": false, "last_downloaded_gaia_picture_url_with_size": "", "managed_user_id": "", "metrics_bucket_index": 2, "name": "REDACTED REDACTED", "shortcut_name": "REDACTED REDACTED", "user_accepted_account_management": false, "user_name": "" }, "Profile 3": { "active_time": REDACTED.08738, "avatar_icon": "chrome://theme/REDACTED", "background_apps": false, "default_avatar_fill_color": -10831423, "default_avatar_stroke_color": -16248044, "first_account_name_hash": 655, "force_signin_profile_locked": false, "gaia_given_name": "", "gaia_id": "", "gaia_name": "", "gaia_picture_file_name": "", "hosted_domain": "", "is_consented_primary_account": false, "is_ephemeral": false, "is_using_default_avatar": true, "is_using_default_name": false, "last_downloaded_gaia_picture_url_with_size": "", "managed_user_id": "", "metrics_bucket_index": 4, "name": "REDACTED", "profile_highlight_color": -10831423, "shortcut_name": "REDACTED", "signin.with_credential_provider": false, "user_accepted_account_management": false, "user_name": "" }, [...] }, "last_active_profiles": [ "Default" ], "last_used": "Default", "metrics": { "next_bucket_index": 7 }, "picker_shown": true, "profile_counts_reported": "REDACTED", "profiles_created": 10, "profiles_order": [ "Profile 2", "Profile 4", "Profile 3", "Default", "Profile 1", "Profile 8" ] }
Maybe it is possible to loop through the profiles or just dump the last_active_profiles ?
last_active_profiles
:sunflower:
Hello,
During an engagement I found that DonPAPI looks for the
Defaultuser profile. However, many of my targets has non default profile name (such as "Profile 1") or multiple profiles. Current profile name can be found within theLocal Statefile:Renamed profile
Multiple Profiles
Maybe it is possible to loop through the profiles or just dump the
last_active_profiles?:sunflower: