oXis Posted March 17, 2017 Share Posted March 17, 2017 Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy Link to comment Share on other sites More sharing options...
oXis Posted March 18, 2017 Author Share Posted March 18, 2017 Ok, I wrote the payload (mainly using illwill code base) and also support for Firefox cookies. https://github.com/oXis/WindowsCookies What do you you think? Link to comment Share on other sites More sharing options...
illwill Posted March 19, 2017 Share Posted March 19, 2017 Violation of CoC Link to comment Share on other sites More sharing options...
oXis Posted March 20, 2017 Author Share Posted March 20, 2017 I had the same problem. Your solution seems fine I rewrote the password grabber for firefox because the powershell script is detected by kaspersky. Instead of grabbing the password and decrypt it using powershell, I copy key3, cert8, and logins in the loot folder and use a python script to decrypt the password within the BB. Link to comment Share on other sites More sharing options...
illwill Posted March 21, 2017 Share Posted March 21, 2017 Violation of CoC Link to comment Share on other sites More sharing options...
oXis Posted March 23, 2017 Author Share Posted March 23, 2017 Payload updated! Now without any connexion to the Internet. A python script will pop a HTTP server, powershell will use this http server to download the payload and then upload the results to it. Check it out here -> https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/WindowsCookies But, I've come across some bugs in Windows 7, powershell regex groups are not working.... Link to comment Share on other sites More sharing options...
coplamhacker Posted June 26, 2018 Share Posted June 26, 2018 i have downloaded your script. how to run them ? run powershell file or python file ? Link to comment Share on other sites More sharing options...
oXis Posted June 26, 2018 Author Share Posted June 26, 2018 `get_facebook_cookies.ps1` is a Powershell script that creates two functions ( Get-FacebookCreds-Firefox and Get-FacebookCreds-Chrome). If you import this script inside one of yours, or if you import this script inside a Powershell shell you can then use those functions. Link to comment Share on other sites More sharing options...
coplamhacker Posted June 26, 2018 Share Posted June 26, 2018 ok ty. newbie to hacker world Link to comment Share on other sites More sharing options...
oXis Posted June 26, 2018 Author Share Posted June 26, 2018 . C:\YOURPATH\get_facebook_cookies.ps1 To import the code. Windows might warn you that the code is not signed or something like that. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.