impacket icon indicating copy to clipboard operation
impacket copied to clipboard

Published 20 hours ago verified publisher icon fortra

secretsdump: Dump passwords saved in browsers, perhaps cookies?

Open AdrianVollmer opened this issue 3 years ago • 1 comments

Would you see this feature as in scope of secretsdump? It would have been very beneficial for me recently if I could have dumped passwords stored by Chrome. They are stored in sqlite databases encrypted with DPAPI keys, so with local admin rights we should be able to get to them. Similarly with cookies, which could be of interest as well.

I might take a stab at it with a PR, unless you think this is out of scope. Don't want to waste anyone's time.

AdrianVollmer avatar Sep 01 '22 09:09 AdrianVollmer

Hey!

You should give a try to https://github.com/login-securite/DonPAPI

:sunflower:

ThePirateWhoSmellsOfSunflowers avatar Sep 01 '22 15:09 ThePirateWhoSmellsOfSunflowers

Closing since DonPAPI fills this gap

AdrianVollmer avatar Dec 16 '22 17:12 AdrianVollmer

Just adding to this, netexec also supports this.

https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-dpapi

netexec smb srvr -d 'domain' -u 'user' -p 'password' --dpapi

Anon-Exploiter avatar Jun 01 '24 06:06 Anon-Exploiter