oXis Posted March 17, 2017 Posted March 17, 2017 Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy
oXis Posted March 18, 2017 Author Posted March 18, 2017 Ok, I wrote the payload (mainly using illwill code base) and also support for Firefox cookies. https://github.com/oXis/WindowsCookies What do you you think?
oXis Posted March 20, 2017 Author Posted March 20, 2017 I had the same problem. Your solution seems fine I rewrote the password grabber for firefox because the powershell script is detected by kaspersky. Instead of grabbing the password and decrypt it using powershell, I copy key3, cert8, and logins in the loot folder and use a python script to decrypt the password within the BB.
oXis Posted March 23, 2017 Author Posted March 23, 2017 Payload updated! Now without any connexion to the Internet. A python script will pop a HTTP server, powershell will use this http server to download the payload and then upload the results to it. Check it out here -> https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/WindowsCookies But, I've come across some bugs in Windows 7, powershell regex groups are not working....
coplamhacker Posted June 26, 2018 Posted June 26, 2018 i have downloaded your script. how to run them ? run powershell file or python file ?
oXis Posted June 26, 2018 Author Posted June 26, 2018 `get_facebook_cookies.ps1` is a Powershell script that creates two functions ( Get-FacebookCreds-Firefox and Get-FacebookCreds-Chrome). If you import this script inside one of yours, or if you import this script inside a Powershell shell you can then use those functions.
oXis Posted June 26, 2018 Author Posted June 26, 2018 . C:\YOURPATH\get_facebook_cookies.ps1 To import the code. Windows might warn you that the code is not signed or something like that.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.