Monday, April 13, 2020

Chromepass - Hacking Chrome Saved Passwords


Chromepass is a python-based console application that generates a windows executable with the following features:
  • Decrypt Chrome saved paswords
  • Send a file with the login/password combinations remotely (email or reverse-http)
  • Custom icon
  • Completely undetectable by AntiVirus Engines

AV Detection!
Due to the way this has been coded, it is currently fully undetected. Here are some links to scans performed using a variety of websites
  • VirusTotal Scan (0/68) 30-09-2019
    • this is an educational project, so distribution (or the lack thereof) is not a concern, hence the usage of VirusTotal
  • AntiScan (0/26) 24-09-2019
  • Hibrid Analysis All Clean (CrowdStrike Falcon, MetaDefender and Virustotal) 24-09-2019

Getting started

Dependencies and Requirements
This is a very simple application, which uses only:
  • Python - Only tested on 3.7.4 but should work in 3.6+

Installation
Chromepass requires Python 3.6+ to run.
Install the dependencies:
> cd chromepass
> pip install -r requirements.txt
If any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+ (preferably 3.7.4). If the errors persist, try:
> python -m pip install --upgrade pip
> python -m pip install -r requirements.txt

Usage
Chromepass is very straightforward. Start by running:
> python create_server.py
It will ask you to select between two options:
  • (1) via email [To be fixed]
    • This will ask you for an email address and a password
    • It will then ask you if you wish to send to another address or to yourself
    • Next, you're asked if you want to display an error message. This is a fake message that if enabled will appear when the victim opens the executable, after the passwords have been transferred.
    • You can then write your own message or leave it blank
    • You're done! Wait for the executable to be generated and then it's ready.
  • (2) via client.exe [Recommended at the moment]
    • First you're asked to input an IP Address for a reverse connection. This is the address that belongs to the attacker. It can be a local IP address or a remote IP Address. If a remote address is chosen, Port Forwarding needs to be in place.
    • You're then asked if you want to display an error message. This is a fake message that if enabled will appear when the victim opens the executable, after the passwords have been transferred.
    • You can then write your own message or leave it blank
    • You're done! Wait for the executables to be generated and then it's ready.
    • The client.exe must be started before the server_ip.exe. The server_ip.exe is the file the victim receives.
  • Note: To set a custom icon, replace icon.ico by the desired icon with the same name and format.

Todo
  • Sending Real-time precise location of the victim (completed, releases next update)
  • Also steal Firefox passwords (Completed, releases next update)
  • Option of installing a backdoor allowing remote control of the victim's computer (completed, releases next update)
  • Support for more email providers (in progress)
  • Also steal passwords from other programs, such as keychains(in progress)
  • Add Night Mode (in progress)

Errors, Bugs and feature requests
If you find an error or a bug, please report it as an issue. If you wish to suggest a feature or an improvement please report it in the issue pages.
Please follow the templates shown when creating the issue.

Learn More
For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran, join our Discord Server: WhiteHat Hacking
If you wish to contact me, you can do so via: marionascimento@itsec.us

Disclaimer
I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.




via KitPloit

More articles


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.