Hey Folks, in this tutorial we are going to talk about some interesting password dumping tools, through which we can steal all available credentials on Chrome, Firefox and Intel browsers. Actually in this article we will show some tools that will help us to steal passwords remotely and the remaining tools will help to recover lost passwords and that too for free.

Content You Will Get ?

  • Extact Browsers Password Via
  • Lazagne
  • BrowserPasswordDump
  • Chromepass
  • Browser Passwords – Sterjosoft
  • Google Chrome

Let’s take a look 🙂 !!

Compromised

We have already compromise to victim machine along with meterpreter session and at the same time we came to know that the victims are using a window 10 machine.

Admin Privileges

Besides, you can see that we also have all the admin rights of the victim machine. If you want to do the whole process from the beginning, then you can check the article from here.

Extract Browsers Password Remotely via Lazagne

Back to the main topic and start the password dumping. The LaZagne project is an open source application used to retrieve lots of passwords stored on a computer. This tool has been developed for the purpose of finding these passwords for the most commonly-used software. The first thing we need to do is download this tool from here. After downloading we need to move the payload to the appropriate location but we would advise you to place it at the root folder. After done it then just come back again to the meterpreter session and check the present working directory by using the “pwd” command. If you are in the “/windows/system32/” directory then try to access the desktop folder of the victim machine by cd command. Now upload the payload using the upload command and go to the victim machine’s cmd prompt by executing the shell command.

Execute 🙂 !! Just execute the following command to dump all available credentials on the victim machine.

Done 😛 !! The tutorial is based on dumping browser credentials, so we’ll only show passwords dumped from browsers but in fact it takes all passwords, wifi passwords, hashes etc. from the target machine.

Check 🙂 !! As you can see how many different options we get for dumping credentials.

BrowserPasswordDump – Remotely

This is another password extracting utility that we can control through both the GUI interface and the CLI interface but we will try to get credentials remotely through this CLI version. First of all you have to download this tool from here and transfer it to your favorable location.

Upload 🙂 !! Again repeat the same process that we did earlier, which means only go to the location where upload is allowed, upload the payload and infiltrate in cmd prompt with the shell command.

Ready 🙂 !! It time to carry out its work by execute the following command.

Excellent 😛 !! As you can see, all valid and saved usernames and passwords have been extract from the target’s chrome and firefox browsers.

Chromepass – Extract Chrome Passwords ( One Click )

Chromepass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. One of the best things we felt after using this tool is the simplicity of use because we can boot it with just one click and extract all passwords from browsers. Just download it from here.

Hmm 🙂 !! During unzipping the downloaded file, it will ask for the password where you can enter given password and unzip the file successfully.

Done 🙂 !! As you can see that the zip file has been successfully unzip inside of which we get following files, but you only need to click on the highlighted file to boot this tool.

Great 😛 !! That’s it ! without any installation you can retrieve or dump all passwords saved on chrome browsers by opening it directly.

Browser Passwords – Sterjosoft

SterJo Browser Passwords is an easy-to-use tool that recovers passwords for most popular web browsers like: Chrome, Firefox, Internet Explorer, Microsoft Edge, Opera, Vivaldi, Yandex, Brave, Epic Privacy Browser and Torch. You can just download it from here.

Brilliant 😛 !! After doing a small installation of this tool we can retrieve all the saved passwords even we can save and share the password in a text file to someone else.

Recover Lost Passwords Through Google Chrome

The last option we have left is chrome itself. After opening the chrome browser on your system just open the following location and that’s it, you can find out all the passwords saved in google chrome : P !!!

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

Leave a Reply