In a bid to not always have to type in your Passwords, you take Google’s option of storing them in your web browser. But is it safe?
Learn more from the video below.
Watch the Video
https://www.youtube.com/watch?v=yBy2H6VZqpA&ab_channel=GrantCollins
00:00
all right so have you ever been up on a
00:01
website such as the one right in front
00:03
of me
00:04
and you're on your browser and you have
00:06
the option to save your password
00:08
now this is a very standard thing to do
00:09
just go ahead and click save and move
00:11
forward although it may be
00:13
a standard practice it is not the most
00:14
secure way to store your passwords
00:16
so in today's video i'm going to show
00:18
you why it is that you should never
00:20
store your passwords in
00:21
browser through a couple of
00:22
demonstrations and then after that i'm
00:24
going to quickly overview
00:25
some solutions that you can use to
00:27
tackle this
00:28
problem before i get started with demo
00:30
one allow me to overview the scope of
00:32
attack and target devices
00:33
so for double one i will be overviewing
00:35
and running a simple python script to
00:37
capture passwords through the google
00:38
chrome browser
00:39
because google chrome browser has the
00:41
majority share in the browser market and
00:43
windows has the lead in the os wars i
00:45
will be using both
00:46
services to conduct my attack demo for
00:48
number two i will be switching up things
00:50
moving over to my home lab environment
00:52
which is running an ubuntu 1804 desktop
00:54
lts version this environment i have a
00:56
post exploitation tool
00:58
installed to capture passwords this time
01:00
the scope is mozilla firefox as my
01:02
browser in
01:03
linux as my os now let's just talk about
01:05
some general limitations to each of
01:07
these attacks first off both demos
01:08
require a scenario where the attacker
01:10
has full remote or physical access
01:13
with correct privileges to the target
01:14
machine also they both require
01:16
python 2.7 or 3.8 to be installed to use
01:20
the python script or
01:21
post exploitation tool alright so with
01:23
this behind us let's get into
01:25
demo number one
01:26
[Music]
01:30
all right so for the first demonstration
01:32
this is a bit outdated
01:34
all you need is a remote access to a
01:36
windows machine as well as python
01:38
installed so with that being said let's
01:40
go ahead and transition over to my
01:42
screen here
01:43
in front of me i have a virtual
01:45
connection to my home lab which is
01:46
running a virtual machine
01:48
specifically windows 10 home edition
01:51
now this virtual machine has the latest
01:53
version of google chrome installed
01:55
and it has python 3.8 installed so for
01:58
the first technique
01:59
it is a python script which allows you
02:01
to get the username and
02:03
password in front of me i have a python
02:05
script which i pulled off
02:07
from an online article link in the
02:09
description below as well on the side of
02:10
the screen
02:11
full credit goes to this author i made
02:13
just a couple of edits for my specific
02:16
use case
02:16
up until chrome 79 you could get all the
02:18
passwords and usernames
02:20
and to do this all you had to do was go
02:22
to the folder location where chrome
02:25
stores its passwords
02:26
get the website url the value in the
02:29
password value
02:30
right here from the sql database and
02:33
then you could iterate through
02:34
the lines and get the password so i'm
02:37
gonna go ahead and
02:38
run this in my case and you're gonna see
02:41
two things
02:42
the first thing is a tuple and we're
02:44
gonna go over that in a moment but the
02:45
second thing
02:46
is an error from chrome 80 and up google
02:49
made a patch or changed their method of
02:52
storing the password
02:53
which no longer allows you to unencrypt
02:56
the password
02:57
in this case it's a bit outdated if you
02:58
were to find a machine
03:00
say in chrome 79 you could go ahead and
03:02
use this method the first
03:04
bit of output is a tuple and in this
03:06
case
03:07
we can locate both the websites as well
03:11
as the
03:11
username so we have both of those things
03:14
and then as you can see here we have an
03:16
encrypted password which we don't have
03:19
access
03:20
to now you do have to have a saved
03:22
password in google chrome which i went
03:24
ahead and saved
03:25
and there you go you can get the website
03:28
as well
03:28
as the username it's not very
03:31
sophisticated anymore it's outdated but
03:33
if it is up to chrome 79 you can go
03:35
ahead and do this
03:36
method now let's get on to demonstration
03:39
number two
03:45
all right for the second demonstration
03:46
we're going to be quickly reviewing the
03:48
post
03:48
exploitation tool in this case it's
03:50
called laziness target is going to be
03:52
firefox
03:52
and the linux operating system now here
03:55
in front of me we see a github
03:56
page and it's an overview of the lazane
03:59
tool you can go ahead and install it for
04:01
linux mac or
04:02
windows and we're going to be using the
04:04
linux in this case
04:06
now zane is a post exploitation tool
04:08
which allows you to extract passwords
04:11
from various types of systems including
04:13
browsers and wi-fi
04:14
in this case the scope is browsers in a
04:17
real world scenario once you would have
04:18
access to
04:20
the machine you'd go ahead and install
04:22
the zane on here
04:23
and then you could go ahead and extract
04:25
the passwords while zane is already
04:26
installed on
04:27
this environment it is very easy to
04:30
extract the passwords
04:31
from whatever browser it goes through a
04:33
lot of browsers here in front of me i
04:35
have a journal session open
04:36
and i'm going to go ahead and launch the
04:39
lazane tool
04:40
using python
04:47
i'm going to be using the browsers
04:49
option so in front of me once i hit
04:50
enter
04:51
we are going to see that the passwords
04:54
have been found
04:55
now in this case what i've done is i
04:58
went ahead and saved a couple passwords
05:00
to uh the browser firefox and as you can
05:03
see we have the url
05:05
login and the password so there you go
05:08
zing is a very easy tool to use once you
05:11
have gained access
05:12
to the remote systems all right so with
05:14
these two demonstrations behind us
05:17
what can you do to really remediate or
05:20
i guess protect yourself against an
05:22
attack like this one but let's go ahead
05:24
and overview a solution that i propose
05:27
[Music]
05:28
[Applause]
05:32
first off i wouldn't save your passwords
05:35
to your browser now the limitation to
05:37
this entire attack is that
05:39
the attacker is already gonna have to
05:41
have access
05:42
to your machine which that could be
05:44
remotely or
05:45
physical so that is the big limitation
05:47
to this attack what i would recommend
05:48
you do is look into a password
05:51
management solution now there's all
05:53
types of password management solutions
05:54
out there
05:55
you have locally hosted ones such as
05:57
keepass you can even locally host your
05:59
own
06:00
password manager on your home network or
06:02
you can look into
06:04
something that's a little bit more
06:05
convenient such as third-party
06:08
cloud hosted password managers one
06:10
password
06:11
i highly recommend lastpass there is all
06:13
types of password managers out there
06:15
that's what i would recommend that you
06:17
do
06:17
instead of entering the limitation of
06:20
chrome
06:21
firefox or any of the popular browsers
06:23
which only have your password saved to
06:25
that specific
06:26
browser i would recommend looking into a
06:29
password management solution
06:31
alright so that's it for today's video
06:33
hopefully that you have learned
06:34
something new
06:35
i just thought that this was a very
06:36
interesting topic to just overview
06:38
really quickly
06:39
and you know maybe suggest a password
06:41
management solution
06:42
if you've enjoyed uh please consider
06:45
liking the video which would help me
06:47
and yeah until the next time have a good
06:49
day
