module
Multi Gather Firefox Signon Credential Collection
| Disclosed | Created |
|---|---|
| 01/01/1970 | 05/30/2018 |
Disclosed
01/01/1970
Created
05/30/2018
Description
This module will collect credentials from the Firefox web browser if it is
installed on the targeted machine. Additionally, cookies are downloaded. Which
could potentially yield valid web sessions.
Firefox stores passwords within the signons.sqlite database file. There is also a
keys3.db file which contains the key for decrypting these passwords. In cases where
a Master Password has not been set, the passwords can easily be decrypted using
3rd party tools or by setting the DECRYPT option to true. Using the latter often
needs root privileges. Also be warned that if your session dies in the middle of the
file renaming process, this could leave Firefox in a non working state. If a
Master Password was used the only option would be to bruteforce.
Useful 3rd party tools:
+ firefox_decrypt (https://github.com/Unode/firefox_decrypt)
+ pswRecovery4Moz (https://github.com/philsmd/pswRecovery4Moz)
installed on the targeted machine. Additionally, cookies are downloaded. Which
could potentially yield valid web sessions.
Firefox stores passwords within the signons.sqlite database file. There is also a
keys3.db file which contains the key for decrypting these passwords. In cases where
a Master Password has not been set, the passwords can easily be decrypted using
3rd party tools or by setting the DECRYPT option to true. Using the latter often
needs root privileges. Also be warned that if your session dies in the middle of the
file renaming process, this could leave Firefox in a non working state. If a
Master Password was used the only option would be to bruteforce.
Useful 3rd party tools:
+ firefox_decrypt (https://github.com/Unode/firefox_decrypt)
+ pswRecovery4Moz (https://github.com/philsmd/pswRecovery4Moz)
Authors
bannedit xard4sg0tmi1k
Platform
BSD,Linux,OSX,Unix,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use post/multi/gather/firefox_creds
msf /(s) > show actions
...actions...
msf /(s) > set ACTION < action-name >
msf /(s) > show options
...show and set options...
msf /(s) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.