cckuailong/HackChrome

Stars
333
Rank 126,599 (Top 3 %)
Language
Go
License
MIT License
Created over 4 years ago
Updated over 4 years ago

cckuailong/HackChrome

cckuailong

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

⛄ Get the User:Password from Chrome(include version < 80 and version > 80)

HackChrome

English ReadMe || 中文 ReadMe

Get the User:Password from Chrome(include version < 80 and version > 80)

Chrome version Affact

All version

Platform

Windows

Usage

Download the exe file here
Open cmd or powershell
Run

Hackone.exe > res.txt

Demo

Theory

version < 80

User:Password pairs were stored in the file named "Login Data".

Password was encrypted, But we can use "CryptUnprotectData" Function in "Crypt32.dll" to decrypt them.

Finally, We get the plaintext of the User:Password pairs stored in Chrome

version > 80

Based on the Algorithm used by "version < 80", It use AES-GCM to encrypt the password via a and a .

The can be found in the "Local State" file, and can be decypted by "CryptUnprotectData" mentioned above.

The can be found at the begin of the encrypted_password.

Therefore, we can decrpted all the password.

Merge the result

If someone update the Chrome recently, we need to find the two ways of User:Password pairs.

What's more, I use some rules to merge the results into an array.

LICENSE

The Project follows MIT LICENSE.

vulbase

各大漏洞文库合集

JNDI-Injection-Exploit-Plus

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

hostscan

自动化Host碰撞工具，帮助红队快速扩展网络边界，获取更多目标点

awesome-gpt-security

A curated list of awesome security tools, experimental case or other interesting things with LLM or GPT.

py2sec

🐍 py2sec is a Cross-Platform, Fast and Flexible tool to change the .py to .so(Linux and Mac) or .pyd(Win).

SuperAdapters

Finetune ALL LLMs with ALL Adapeters on ALL Platforms!

pocsploit

a lightweight, flexible and novel open source poc verification framework

py2so

🐍 py2so is tool to change the .py to .so, you can use it to hide the source code of py [Deprecated]. Please navigate to Py2sec

spring-cloud-function-SpEL-RCE

spring-cloud-function SpEL RCE, Vultarget & Poc

YarnRpcRCE

colorsys-go

🎃 colorsys-go is a go package(or lib) for everyone to transform one color system to another. The transformation is among RGB, YIQ, HLS and HSV.

InformationGather

SRC Assets Information Gather Website(SRC资产信息聚合网站)

netuser

Add or Delete User via windows api，it can be used when .net is inaccessible.

MosaicImage

自动获取用户指定类别图片，并制作马赛克图片

CVE-2022-40146_Exploit_Jar

PocCollect

Poc Collected for study and develop

ICS-Protocal-Detect-Nmap-Script

Some nmap scripts to detetct the infomations of the different ICS Here are 16 main ics protocal scan-scripts include Modbus, S7 and so on.

Shyvana

A full vul scanner which contains many aspects (adding)

gitAutoStar

配合GitStar编写的自动Star工具，稳定快速，跨平台

log4shell_1.x

log4j 1.x RCE Poc -- CVE-2021-4104

Log4j_CVE-2021-45046

Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046

simHtml

Compare html similarity using structural and style metrics

Log4j_dos_CVE-2021-45105

Log4j_dos_CVE-2021-45105

nginx_vultarget

gitAutoStar-py

最新版gitStar自动点赞，使用selenium

HaveIReg

HaveIReg用于查找出特定用户在哪些网站注册过

Interview

面试题整理分享(持续更新ing)

cckuailong.github.io

Writing 1000 Words a Day Changed My Life

Small_Functions

Some interesting code fragments to please

awesome-ml-for-cybersecurity-books

PDF books for awesome-ml-for-cybersecurity-books

CS-Fun-500-Questions

计算机科学中有趣的500问

DgaDetect

Use Keras or TFLearn to detetct DGA via LSTM, AMSGrad and NAdam

log4j_RCE_CVE-2021-44832

BGPStream_Operate_Plugin

I write two shell scripts to help people create or delete the bgpcorsaro's plugin with only one shell command.

KerGaNs

Various GANs with Keras (With diginmon generator as example)

WebsiteApp

We provide a tiny Anddroid App which collects many website for whoerver wants to get the main information of news in a short time

CVE-2021-2471

Learning

好文章收集整理

Colorsys.jl

🌈 Colorsys.jl is a Julia package(or lib) for everyone to transform one color system to another. The transformation is among RGB, YIQ, HLS and HSV.

vultarget_web

pget

pget is a go package for people to add parallel download func into there project. (Adapt from the go download client [https://github.com/Code-Hex/pget])

clonehub

clone all images(with all tags) on dockerhub to your own dockerhub repo

Test-JNDI-Injection-Exploit-Plus

Examples for JNDI-Injection-Exploit-Plus

DLMovies

提供查询下载电影的网站，爬取各大电影网站

apereo-cas-docker

apereo cas docker-compose (can customize cas version)

Dga.jl

Dga.jl can make you customize one or many DGAs. The included DGAs are [Banjori,Corebot,Cryptolocker,Dircrypt,Kraken,Lockyv2,Pykspa,Qakbot Ramdo,Ramnit,Simda]

Spark-Scala-Handle

Leetcode-go

Leetcode write in Golang.

gunicorn_request_smuggling

gunicorn 20.0.4 request smuggling

Spiders

随便写的爬虫

Paper_torrent

Academic papers to download, the data is more than 10 TB