\ In a bid to not always have to type in your Passwords, you take Google’s option of storing them in your web browser. But is it safe? \ Learn more from the video below. ## Watch the Video [https://www.youtube.com/watch?v=yBy2H6VZqpA&ab_channel=GrantCollins](https://www.youtube.com/watch?v=yBy2H6VZqpA&ab_channel=GrantCollins) \ \ 00:00 all right so have you ever been up on a 00:01 website such as the one right in front 00:03 of me 00:04 and you're on your browser and you have 00:06 the option to save your password 00:08 now this is a very standard thing to do 00:09 just go ahead and click save and move 00:11 forward although it may be 00:13 a standard practice it is not the most 00:14 secure way to store your passwords 00:16 so in today's video i'm going to show 00:18 you why it is that you should never 00:20 store your passwords in 00:21 browser through a couple of 00:22 demonstrations and then after that i'm 00:24 going to quickly overview 00:25 some solutions that you can use to 00:27 tackle this 00:28 problem before i get started with demo 00:30 one allow me to overview the scope of 00:32 attack and target devices 00:33 so for double one i will be overviewing 00:35 and running a simple python script to 00:37 capture passwords through the google 00:38 chrome browser 00:39 because google chrome browser has the 00:41 majority share in the browser market and 00:43 windows has the lead in the os wars i 00:45 will be using both 00:46 services to conduct my attack demo for 00:48 number two i will be switching up things 00:50 moving over to my home lab environment 00:52 which is running an ubuntu 1804 desktop 00:54 lts version this environment i have a 00:56 post exploitation tool 00:58 installed to capture passwords this time 01:00 the scope is mozilla firefox as my 01:02 browser in 01:03 linux as my os now let's just talk about 01:05 some general limitations to each of 01:07 these attacks first off both demos 01:08 require a scenario where the attacker 01:10 has full remote or physical access 01:13 with correct privileges to the target 01:14 machine also they both require 01:16 python 2.7 or 3.8 to be installed to use 01:20 the python script or 01:21 post exploitation tool alright so with 01:23 this behind us let's get into 01:25 demo number one 01:26 \[Music\] 01:30 all right so for the first demonstration 01:32 this is a bit outdated 01:34 all you need is a remote access to a 01:36 windows machine as well as python 01:38 installed so with that being said let's 01:40 go ahead and transition over to my 01:42 screen here 01:43 in front of me i have a virtual 01:45 connection to my home lab which is 01:46 running a virtual machine 01:48 specifically windows 10 home edition 01:51 now this virtual machine has the latest 01:53 version of google chrome installed 01:55 and it has python 3.8 installed so for 01:58 the first technique 01:59 it is a python script which allows you 02:01 to get the username and 02:03 password in front of me i have a python 02:05 script which i pulled off 02:07 from an online article link in the 02:09 description below as well on the side of 02:10 the screen 02:11 full credit goes to this author i made 02:13 just a couple of edits for my specific 02:16 use case 02:16 up until chrome 79 you could get all the 02:18 passwords and usernames 02:20 and to do this all you had to do was go 02:22 to the folder location where chrome 02:25 stores its passwords 02:26 get the website url the value in the 02:29 password value 02:30 right here from the sql database and 02:33 then you could iterate through 02:34 the lines and get the password so i'm 02:37 gonna go ahead and 02:38 run this in my case and you're gonna see 02:41 two things 02:42 the first thing is a tuple and we're 02:44 gonna go over that in a moment but the 02:45 second thing 02:46 is an error from chrome 80 and up google 02:49 made a patch or changed their method of 02:52 storing the password 02:53 which no longer allows you to unencrypt 02:56 the password 02:57 in this case it's a bit outdated if you 02:58 were to find a machine 03:00 say in chrome 79 you could go ahead and 03:02 use this method the first 03:04 bit of output is a tuple and in this 03:06 case 03:07 we can locate both the websites as well 03:11 as the 03:11 username so we have both of those things 03:14 and then as you can see here we have an 03:16 encrypted password which we don't have 03:19 access 03:20 to now you do have to have a saved 03:22 password in google chrome which i went 03:24 ahead and saved 03:25 and there you go you can get the website 03:28 as well 03:28 as the username it's not very 03:31 sophisticated anymore it's outdated but 03:33 if it is up to chrome 79 you can go 03:35 ahead and do this 03:36 method now let's get on to demonstration 03:39 number two 03:45 all right for the second demonstration 03:46 we're going to be quickly reviewing the 03:48 post 03:48 exploitation tool in this case it's 03:50 called laziness target is going to be 03:52 firefox 03:52 and the linux operating system now here 03:55 in front of me we see a github 03:56 page and it's an overview of the lazane 03:59 tool you can go ahead and install it for 04:01 linux mac or 04:02 windows and we're going to be using the 04:04 linux in this case 04:06 now zane is a post exploitation tool 04:08 which allows you to extract passwords 04:11 from various types of systems including 04:13 browsers and wi-fi 04:14 in this case the scope is browsers in a 04:17 real world scenario once you would have 04:18 access to 04:20 the machine you'd go ahead and install 04:22 the zane on here 04:23 and then you could go ahead and extract 04:25 the passwords while zane is already 04:26 installed on 04:27 this environment it is very easy to 04:30 extract the passwords 04:31 from whatever browser it goes through a 04:33 lot of browsers here in front of me i 04:35 have a journal session open 04:36 and i'm going to go ahead and launch the 04:39 lazane tool 04:40 using python 04:47 i'm going to be using the browsers 04:49 option so in front of me once i hit 04:50 enter 04:51 we are going to see that the passwords 04:54 have been found 04:55 now in this case what i've done is i 04:58 went ahead and saved a couple passwords 05:00 to uh the browser firefox and as you can 05:03 see we have the url 05:05 login and the password so there you go 05:08 zing is a very easy tool to use once you 05:11 have gained access 05:12 to the remote systems all right so with 05:14 these two demonstrations behind us 05:17 what can you do to really remediate or 05:20 i guess protect yourself against an 05:22 attack like this one but let's go ahead 05:24 and overview a solution that i propose 05:27 \[Music\] 05:28 \[Applause\] 05:32 first off i wouldn't save your passwords 05:35 to your browser now the limitation to 05:37 this entire attack is that 05:39 the attacker is already gonna have to 05:41 have access 05:42 to your machine which that could be 05:44 remotely or 05:45 physical so that is the big limitation 05:47 to this attack what i would recommend 05:48 you do is look into a password 05:51 management solution now there's all 05:53 types of password management solutions 05:54 out there 05:55 you have locally hosted ones such as 05:57 keepass you can even locally host your 05:59 own 06:00 password manager on your home network or 06:02 you can look into 06:04 something that's a little bit more 06:05 convenient such as third-party 06:08 cloud hosted password managers one 06:10 password 06:11 i highly recommend lastpass there is all 06:13 types of password managers out there 06:15 that's what i would recommend that you 06:17 do 06:17 instead of entering the limitation of 06:20 chrome 06:21 firefox or any of the popular browsers 06:23 which only have your password saved to 06:25 that specific 06:26 browser i would recommend looking into a 06:29 password management solution 06:31 alright so that's it for today's video 06:33 hopefully that you have learned 06:34 something new 06:35 i just thought that this was a very 06:36 interesting topic to just overview 06:38 really quickly 06:39 and you know maybe suggest a password 06:41 management solution 06:42 if you've enjoyed uh please consider 06:45 liking the video which would help me 06:47 and yeah until the next time have a good 06:49 day \n \