Hi,
We all know about Mimikatz tool being used for dumping windows credentials from memory.
What if we want to retrieve passwords from web browser or other applications from memory?
Ex. google.com, facebook.com or any other website/corporate web portals
Most of the time in corporate network, employees logs in to corporate portal with Domain passwords.
If you can dump memory from machine and analyse to it to get web passwords in clear text then this trick really helps!
Download tool called Dumpit from here
Lets imagine a scenario where victim has logged in to Gmail.com
Attacker executed Dumpit.exe with Admin rights
You can simply analyse .raw dump file with windows "find" command or "findstr" command.
and you can get all passwords in clear text!
Below screenshot you can see clear text passwords for gmail.com entered earlier in browser!
No comments:
Post a Comment