Help needed on dumping user input database in Google chrome
#1
This post will be a two directional thing.The first one will be to help with the script to dump user saved username and password out of Google chrome version 46 and earlier versions.
This script is actually not my original idea I got it from a course I bought on udemy.Its a very good course no doubt but some help on it will still do very much good.Its full of exploit using pure python which is the newest but most challenging language I'm getting introduced to
 
   password = win32crypt.CryptUnprotectData(raw[2])[1] # pass the encrypted Password to CryptUnprotectData API funt works perfectly fine.Kudos to the tutor on udemy but the problem I can't seem get my feeble beginner hands around is removing the print functionality and sending the database dump over an http server of my own.
And this leads to my question for the gurus:
Am I to create a .txt file to store the database dump on in the victim's machine ?
How do I navigate to the .txt file thus created ?
How do I send the file over the server to my own machine?
These are the things I am pondering on.Thanks.
I got scripts for Firefox and IE too
Reply
#2
Why don't you just email the entire sqlite3 file to yourself?
Reply
#3
A good start would be learning more python. Jumping head-first into some password stealing script isn't probably ideal if your goal is to learn Python with Udemy. I don't know much Python you know, but enough that you come here to ask us "experts" to add more functionality for it?

We're not here to do your dirty work. It's another matter if you are doing an open source project and authoring the code on your own. But to me it seems you are just here for your own benefit and no one else. You found a script you want to use, but you don't know how to use it. And now you come here to ask us to do it for you?

There's a word for that you know. Script kiddie.
Reply
#4
(05-22-2018, 10:59 PM)Insider Wrote: A good start would be learning more python. Jumping head-first into some password stealing script isn't probably ideal if your goal is to learn Python with Udemy. I don't know much Python you know, but enough that you come here to ask us "experts" to add more functionality for it?

We're not here to do your dirty work. It's another matter if you are doing an open source project and authoring the code on your own. But to me it seems you are just here for your own benefit and no one else. You found a script you want to use, but you don't know how to use it. And now you come here to ask us to do it for you?

There's a word for that you know. Script kiddie.

Lol.I'm good at interpreting python just that I seem to commit blunders when putting together the codes myself.So I don't think it's too much to ask of others who know about it to help me.Well talking about what you said about learning python.I think I WILL FOLLOW THE ADVICE OF "REAL EXPERTS" ;HACK TO LEARN AND NOT LEARN TO HACK.Cos if we all had to wait to know python fully before hacking then maybe metasploit would have been chargin us by now.All Im saying is there's nothing wrong in teaching people things if you know it and if they NEEDED it enough to ask

(05-22-2018, 05:09 PM)ekultek Wrote: Why don't you just email the entire sqlite3 file to yourself?
Thanks man that's exactly what I'all do
Reply
#5
(05-23-2018, 02:29 AM)Criticalport Wrote: Lol.I'm good at interpreting python just that I seem to commit blunders when putting together the codes myself.So I don't think it's too much to ask of others who know about it to help me.Well talking about what you said about learning python.I think I WILL FOLLOW THE ADVICE OF "REAL EXPERTS" ;HACK TO LEARN AND NOT LEARN TO HACK.Cos if we all had to wait to know python fully before hacking then maybe metasploit would have been chargin us by now.All Im saying is there's nothing wrong in teaching people things if you know it and if they NEEDED it enough to ask

I think that the main purpose of Insider was to mkae constructive criticism, not to roast you.

You´re correct, you probably don't need to fully know python for your project, but some basics might help.
That's what I like about the hacking community it's not let's learn everything to apply it but let's learn what I need to make it work.
As ekultek said, using a mail account you can achieve what you want.
If you want to automate that process too you can use a library called "smtplib" it's very easy to use and you will find thousands of tuts on the internet.

Hope I could help, even if it's a bit late  Big Grin
Reply
#6
(05-23-2018, 02:29 AM)Criticalport Wrote: Lol.I'm good at interpreting python just that I seem to commit blunders when putting together the codes myself.So I don't think it's too much to ask of others who know about it to help me.Well talking about what you said about learning python.

If that's your intention, I'll take your word for it. It's just that you gave me the impression that you came here to have us do your code for you. And not actually learn anything on your own. In other words, spoon-feeding. Not something I take lightly.

Maybe I missunderstood you? Enmafia is right, I only meant to call you out. But I admit I think I may have been too rude. Sorry man, calling you a script kiddie is a bit too much from just one post.

(05-23-2018, 02:29 AM)Criticalport Wrote: I think I WILL FOLLOW THE ADVICE OF "REAL EXPERTS" ;HACK TO LEARN AND NOT LEARN TO HACK.Cos if we all had to wait to know python fully before hacking then maybe metasploit would have been chargin us by now.

Fair enough. That's a good idea.

(05-23-2018, 02:29 AM)Criticalport Wrote: All Im saying is there's nothing wrong in teaching people things if you know it and if they NEEDED it enough to ask

I didn't think you came here to learn. My impression were that you wanted us to modify your script for you. Not actually looking for advice. You can correct me if I'm wrong though.
Reply
#7
1) Hacking is a lonely road, you can’t trust anybody if you go down it, and once you go down it you can’t just stop.
2) Python isn’t “the hacking language” it’s just an easy to learn programming language. If you want to hack shit you should learn multiple languages
3) Real experts don’t exist, nobody is an expert in IT and if they tell you otherwise they’re liars. IT is forever changing and always getting better, an expert is someone who has nothing left to learn.
4) Never ask people to be your mentors, everyone wants to see you fail and themselves succeed. People will help you, but don’t straight up ask someone to help you break into something
5) You’re going about this the completely wrong way. The smartest option would be to send yourself the SQLite file and parse it from your end, that way there are no traces in the log files of you parsing their SQLite file.
6) You catch more flies with honey, than with vinegar.
Reply
#8
I appreciate you Eku, but i don't consider myself to be someone that wants to see other people fail. In fact i like helping out. So in that vein;

@OP
You want to send it off to a server you control? What do you have in place on this server that allows you to receive data? Is it an FTP server? Is it a website that has a form for uploads? Or do you want to receive it via SMTP? I agree that it would be a good idea to send over the entire SQLite file and parse it from your end.

Depending on how you answer my questions on how you would like to receive the data there are multiple ways to go about it.

In any case, a quick Google search led me to this.

https://gist.github.com/pcdinh/2102372

It's a little python script that will send out an email with attached files. The files will be base64 encoded as well, adds a small layer of security as they are in transit. Just add your var `path2` at the array called files like so `files = [path2]` in fact i think you can just leave the brackets out, you don't need an array for a single file.

I could go on, and i might if you want to send it to some place that is not an SMTP server. But since you mentioned you are good at interpreting Python, i am just going to leave it at that for now.
Reply
#9
Here is a script that I wrote that will pull browser history off of macOS systems, it then create a temporary folder as a collection point and creates a perl script to email you the history it pulls. It can be easily reconfigured to pull the SQLite password files. https://github.com/TheBrownGroup/script-...ter/pbh.py
Reply
#10
(05-29-2018, 12:47 PM)ekultek Wrote: Here is a script that I wrote that will pull browser history off of macOS systems, it then create a temporary folder as a collection point and creates a perl script to email you the history it pulls. It can be easily reconfigured to pull the SQLite password files. https://github.com/TheBrownGroup/script-...ter/pbh.py

Lol, what i said to you wasn't meant to guilt you into writing a script for the OP. just so you know. I just meant to say that if it is the case that most people want to see other people fail i personally may be the exception <3
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Student card hacking help GreenHorse 2 1,970 11-12-2021, 02:14 PM
Last Post: Lewis
  Who can help me remove crypt from .DAT files? Saddam 1 2,952 10-26-2021, 06:03 PM
Last Post: dev
  Help me hacking WPA2 wifi brandroot 5 13,280 03-01-2021, 08:13 PM
Last Post: Vector
  HEY FAMILY.. Help me out :-( ALPXHAX 7 16,600 12-26-2020, 04:47 PM
Last Post: FancyBear