Tuesday, 19 April 2016

Dumping Clear Text browser passwords from Windows Memory


We all know about Mimikatz tool being used for dumping windows credentials from memory.
What if we want to retrieve passwords from web browser or other applications from memory?
Ex. google.com, facebook.com or any other website/corporate web portals

Most of the time in corporate network, employees logs in to corporate portal with Domain passwords.
If you can dump memory from machine and analyse to it to get web passwords in clear text then this trick really helps!

Download tool called Dumpit from here

Lets imagine a scenario where victim has logged in to Gmail.com

Attacker executed Dumpit.exe with Admin rights

You can simply analyse .raw dump file with windows "find" command or "findstr" command.
and you can get all passwords in clear text!

Below screenshot you can see clear text passwords for gmail.com entered earlier in browser!

No comments:

Post a Comment