Exploiting Brave Browser :Red Teaming
When an attacker has an access to the target system then there are multiple methods to retrieve the credentials stored in that target. So what are the popular credentials an attacker might look into which can be of help to him in further testing the system
Popular credentials stored in target system can be broadly classified as under
- Browser saved credentials
- Windows Credential Manager: Adversaries may acquire credentials from the Windows Credential Manager which stores credentials for signing into websites, applications, and/or devices that request authentication through NTLM or Kerberos in Credential Lockers (previously known as Windows Vaults)
- Scavenging password from stored files of target system
I will addressing each section in detail with a proper demo which will help you to understand the techniques involved. In this article I am taking first point in detail.
Credentials from Web Browsers
Attacker may acquire credentials from web browsers by reading files specific to the target browser after having an initial hold in Red Teaming exercise. Web browsers commonly save credentials such as website usernames and passwords so that they do not need to be entered manually in the future. Web browsers typically store the credentials in an encrypted format within a credential store; however, methods exist to extract plaintext credentials from web browsers.
Chromium based browser:-Chromium is not only the name of a browser, but also of the open-source project that generates the source code used by Chrome, Edge and others. Google is the primary backer of Chromium — it kicked off the project when it launched Chrome in September 2008.Popular chromium based browsers:
- Brave
- Edge
- Opera etc.
For the demo I would be taking Brave to demonstrate the credentials dumping. Which is considered as One of the Top browser when its comes to protect the privacy of users .
The script below would help a user to dump the credentials from chromium based browsers on Windows platform.(You just need to change the path of browser installation)
Thanks for time.