oXis Posted March 17, 2017 Share Posted March 17, 2017 (edited) Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy Edited March 18, 2017 by oXis Quote Link to post Share on other sites
oXis Posted March 18, 2017 Author Share Posted March 18, 2017 Ok, I wrote the payload (mainly using illwill code base) and also support for Firefox cookies. https://github.com/oXis/WindowsCookies What do you you think? Quote Link to post Share on other sites
illwill Posted March 19, 2017 Share Posted March 19, 2017 (edited) Violation of CoC Edited October 8, 2017 by illwill Violation of CoC 1 Quote Link to post Share on other sites
oXis Posted March 20, 2017 Author Share Posted March 20, 2017 I had the same problem. Your solution seems fine I rewrote the password grabber for firefox because the powershell script is detected by kaspersky. Instead of grabbing the password and decrypt it using powershell, I copy key3, cert8, and logins in the loot folder and use a python script to decrypt the password within the BB. 1 Quote Link to post Share on other sites
illwill Posted March 21, 2017 Share Posted March 21, 2017 (edited) Violation of CoC Edited October 8, 2017 by illwill Violation of CoC Quote Link to post Share on other sites
oXis Posted March 23, 2017 Author Share Posted March 23, 2017 (edited) Payload updated! Now without any connexion to the Internet. A python script will pop a HTTP server, powershell will use this http server to download the payload and then upload the results to it. Check it out here -> https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/WindowsCookies But, I've come across some bugs in Windows 7, powershell regex groups are not working.... Edited March 23, 2017 by oXis Quote Link to post Share on other sites
coplamhacker Posted June 26, 2018 Share Posted June 26, 2018 i have downloaded your script. how to run them ? run powershell file or python file ? Quote Link to post Share on other sites
oXis Posted June 26, 2018 Author Share Posted June 26, 2018 `get_facebook_cookies.ps1` is a Powershell script that creates two functions ( Get-FacebookCreds-Firefox and Get-FacebookCreds-Chrome). If you import this script inside one of yours, or if you import this script inside a Powershell shell you can then use those functions. Quote Link to post Share on other sites
coplamhacker Posted June 26, 2018 Share Posted June 26, 2018 ok ty. newbie to hacker world Quote Link to post Share on other sites
oXis Posted June 26, 2018 Author Share Posted June 26, 2018 . C:\YOURPATH\get_facebook_cookies.ps1 To import the code. Windows might warn you that the code is not signed or something like that. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.