Post-Exploitation with HackBrowserData.

Steal saved passwords, cookies, bookmarks, and history from the victim’s browser.

Febin Mon Saji

CEH(MASTER) | eJPT | OSCP

Hi, this is Febin, an Infosec professional. In this article, I came up with a Post-Exploitation technique to steal saved passwords, cookies, bookmarks, and history from the victim’s browser using a tool named “HackBrowserData”.

Post Exploitation: The term “Post-Exploitation” means nothing but what you as an attacker do after a successful attack or exploitation on a target without being detected, such as harvesting credentials, stealing sensitive files, gathering information, data exfiltration, and so on.

In this technique, we’re gonna harvest sensitive data such as saved passwords, cookies, bookmarks, and history from the target’s browser.

It requires no admin/root privileges to perform this attack. After getting access to a normal user account/shell, you can pretty much perform this attack in order to collect data from his/her browser.

Let’s get started.

Simulate an attack scenario. Let’s assume that I got a shell on a target machine(ubuntu VM) via ssh with a leaked or a weak password as a normal user(febin).

Successfully logged in as user “febin”. Now it’s time to steal his cookies, passwords, and history.

Let’s download the tool first. https://github.com/moonD4rk/HackBrowserData

In our case, let’s download the linux-amd64 release.

Now, just upload the binary to the target system.

It’s showtime! Run the binary, steal all data from the browser. :D

Successfully collected saved passwords, cookies, bookmarks, and Firefox history. The data will be stored inside the results directory in CSV format.

Let’s open the CSV file in the WPS office to view it in a more organized way.

Woo!

(Note: This is just a demo. In a real-world engagement, you need to be more stealthy and sneaky. Upload the binary into a temp directory, rename the binary to something not suspicious, hide the binary file, transfer the results to the attacker machine, then delete the results directory and the binary as well.)

HackBrowserData is an awesome tool that can be used not only for post-exploitation but DFIR as well.

Thanks.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Febin

Febin

96 Followers

CEH | CEH(Master) | eJPT | OSCP | CRTP |CyberSecurity Enthusiast | Security Researcher | Bug Hunter | Always seeks for knowledge