In a bid to not always have to type in your Passwords, you take Google’s option of storing them in your web browser. But is it safe? Learn more from the video below. Watch the Video https://www.youtube.com/watch?v=yBy2H6VZqpA&ab_channel=GrantCollins 00:00 all right so have you ever been up on a 00:01 website such as the one right in front 00:03 of me 00:04 and you're on your browser and you have 00:06 the option to save your password 00:08 now this is a very standard thing to do 00:09 just go ahead and click save and move 00:11 forward although it may be 00:13 a standard practice it is not the most 00:14 secure way to store your passwords 00:16 so in today's video i'm going to show 00:18 you why it is that you should never 00:20 store your passwords in 00:21 browser through a couple of 00:22 demonstrations and then after that i'm 00:24 going to quickly overview 00:25 some solutions that you can use to 00:27 tackle this 00:28 problem before i get started with demo 00:30 one allow me to overview the scope of 00:32 attack and target devices 00:33 so for double one i will be overviewing 00:35 and running a simple python script to 00:37 capture passwords through the google 00:38 chrome browser 00:39 because google chrome browser has the 00:41 majority share in the browser market and 00:43 windows has the lead in the os wars i 00:45 will be using both 00:46 services to conduct my attack demo for 00:48 number two i will be switching up things 00:50 moving over to my home lab environment 00:52 which is running an ubuntu 1804 desktop 00:54 lts version this environment i have a 00:56 post exploitation tool 00:58 installed to capture passwords this time 01:00 the scope is mozilla firefox as my 01:02 browser in 01:03 linux as my os now let's just talk about 01:05 some general limitations to each of 01:07 these attacks first off both demos 01:08 require a scenario where the attacker 01:10 has full remote or physical access 01:13 with correct privileges to the target 01:14 machine also they both require 01:16 python 2.7 or 3.8 to be installed to use 01:20 the python script or 01:21 post exploitation tool alright so with 01:23 this behind us let's get into 01:25 demo number one 01:26 [Music] 01:30 all right so for the first demonstration 01:32 this is a bit outdated 01:34 all you need is a remote access to a 01:36 windows machine as well as python 01:38 installed so with that being said let's 01:40 go ahead and transition over to my 01:42 screen here 01:43 in front of me i have a virtual 01:45 connection to my home lab which is 01:46 running a virtual machine 01:48 specifically windows 10 home edition 01:51 now this virtual machine has the latest 01:53 version of google chrome installed 01:55 and it has python 3.8 installed so for 01:58 the first technique 01:59 it is a python script which allows you 02:01 to get the username and 02:03 password in front of me i have a python 02:05 script which i pulled off 02:07 from an online article link in the 02:09 description below as well on the side of 02:10 the screen 02:11 full credit goes to this author i made 02:13 just a couple of edits for my specific 02:16 use case 02:16 up until chrome 79 you could get all the 02:18 passwords and usernames 02:20 and to do this all you had to do was go 02:22 to the folder location where chrome 02:25 stores its passwords 02:26 get the website url the value in the 02:29 password value 02:30 right here from the sql database and 02:33 then you could iterate through 02:34 the lines and get the password so i'm 02:37 gonna go ahead and 02:38 run this in my case and you're gonna see 02:41 two things 02:42 the first thing is a tuple and we're 02:44 gonna go over that in a moment but the 02:45 second thing 02:46 is an error from chrome 80 and up google 02:49 made a patch or changed their method of 02:52 storing the password 02:53 which no longer allows you to unencrypt 02:56 the password 02:57 in this case it's a bit outdated if you 02:58 were to find a machine 03:00 say in chrome 79 you could go ahead and 03:02 use this method the first 03:04 bit of output is a tuple and in this 03:06 case 03:07 we can locate both the websites as well 03:11 as the 03:11 username so we have both of those things 03:14 and then as you can see here we have an 03:16 encrypted password which we don't have 03:19 access 03:20 to now you do have to have a saved 03:22 password in google chrome which i went 03:24 ahead and saved 03:25 and there you go you can get the website 03:28 as well 03:28 as the username it's not very 03:31 sophisticated anymore it's outdated but 03:33 if it is up to chrome 79 you can go 03:35 ahead and do this 03:36 method now let's get on to demonstration 03:39 number two 03:45 all right for the second demonstration 03:46 we're going to be quickly reviewing the 03:48 post 03:48 exploitation tool in this case it's 03:50 called laziness target is going to be 03:52 firefox 03:52 and the linux operating system now here 03:55 in front of me we see a github 03:56 page and it's an overview of the lazane 03:59 tool you can go ahead and install it for 04:01 linux mac or 04:02 windows and we're going to be using the 04:04 linux in this case 04:06 now zane is a post exploitation tool 04:08 which allows you to extract passwords 04:11 from various types of systems including 04:13 browsers and wi-fi 04:14 in this case the scope is browsers in a 04:17 real world scenario once you would have 04:18 access to 04:20 the machine you'd go ahead and install 04:22 the zane on here 04:23 and then you could go ahead and extract 04:25 the passwords while zane is already 04:26 installed on 04:27 this environment it is very easy to 04:30 extract the passwords 04:31 from whatever browser it goes through a 04:33 lot of browsers here in front of me i 04:35 have a journal session open 04:36 and i'm going to go ahead and launch the 04:39 lazane tool 04:40 using python 04:47 i'm going to be using the browsers 04:49 option so in front of me once i hit 04:50 enter 04:51 we are going to see that the passwords 04:54 have been found 04:55 now in this case what i've done is i 04:58 went ahead and saved a couple passwords 05:00 to uh the browser firefox and as you can 05:03 see we have the url 05:05 login and the password so there you go 05:08 zing is a very easy tool to use once you 05:11 have gained access 05:12 to the remote systems all right so with 05:14 these two demonstrations behind us 05:17 what can you do to really remediate or 05:20 i guess protect yourself against an 05:22 attack like this one but let's go ahead 05:24 and overview a solution that i propose 05:27 [Music] 05:28 [Applause] 05:32 first off i wouldn't save your passwords 05:35 to your browser now the limitation to 05:37 this entire attack is that 05:39 the attacker is already gonna have to 05:41 have access 05:42 to your machine which that could be 05:44 remotely or 05:45 physical so that is the big limitation 05:47 to this attack what i would recommend 05:48 you do is look into a password 05:51 management solution now there's all 05:53 types of password management solutions 05:54 out there 05:55 you have locally hosted ones such as 05:57 keepass you can even locally host your 05:59 own 06:00 password manager on your home network or 06:02 you can look into 06:04 something that's a little bit more 06:05 convenient such as third-party 06:08 cloud hosted password managers one 06:10 password 06:11 i highly recommend lastpass there is all 06:13 types of password managers out there 06:15 that's what i would recommend that you 06:17 do 06:17 instead of entering the limitation of 06:20 chrome 06:21 firefox or any of the popular browsers 06:23 which only have your password saved to 06:25 that specific 06:26 browser i would recommend looking into a 06:29 password management solution 06:31 alright so that's it for today's video 06:33 hopefully that you have learned 06:34 something new 06:35 i just thought that this was a very 06:36 interesting topic to just overview 06:38 really quickly 06:39 and you know maybe suggest a password 06:41 management solution 06:42 if you've enjoyed uh please consider 06:45 liking the video which would help me 06:47 and yeah until the next time have a good 06:49 day