Hak5 915 – Extracting browser passwords, EXIF data tools, Maker Faire and more
This time on the show, we’re cracking the code: EXIF Data tools, Windows login hash cracking, Extracting passwords from Firefox and other browsers, what’s in that P-CAP file and special report form Maker Faire 2011. All that and more, this time on Hak5.
You know how you can store and save all you login credentials in Firefox, Chrome, as well as other browsers? Well, maybe that’s not such a great idea. There are several portable (yes, portable!) tools that can instantly recover login credentials stored by Firefox, Chrome and others. Broswers store your username and password for every website you visit as long as you give them consent in the settings. The credentials are saved by Firefox, Chrome and others in a sign-on database that is securely encrypted. Today I’m focusing on Firefox.
FirePassword, the tool in question today, can instantly decrypt and recover the data even if there’s a master password protecting it.
Not only this, but FirePassword can even recover sign-on passwords for other profiles (on the same system) and info from other OS’s like Linux and Mac. This can obviously be used for malicious intent, or can be used for the greater good of forensic investigators who need to transmit data from the target PC to another machine without disrupting the original target machine.
FirePassword portable works from XP-7, and loads DLLs from the firefox executable location automatically. DLLs aren’t packaged with the tool, and the newest version presents an easy to use color based display so you can clearly view password details.
Lets get started on cracking my Firefox passwords!
To install, follow the on screen instructions from securityxploded.com. They have nice detailed instructions on how to use the program so you shouldn’t have a problem.
Once installed, open your command prompt and change directory to your FirePassword.exe folder, probably in your program files.
Mine is c:\ Program Files (x86)\SecurityXploded\FirePassword\. Once there, type in FirePassword.exe and hit enter. You should see a screen kind of like the one on my monitor.
It will list every website, username, and password you have saved into FireFox.
It’ll also show you any OLD passwords that you never deleted out of the FireFox settings.
If you have a master password set on FireFox, you will need that password to be able to see your other passwords. For example, I will go into the FireFox options, choose Master Password and set it.
Over in my CMD, I’ll type FirePassword.exe -m kerby and click enter. Now it’ll give me my other passwords. If you do this wrong, you’ll get this error code.
You can also copy the Firefox profile files from different operating system such as Linux or Mac to the Windows system locally and then specify that path with FirePassword to recover data from the offline profiles.
It’s pretty surprising how easy this really is for anyone to discover. To protect yourself, do what I do and DON’T save your passwords in FireFox! Make your machine log off every time you close it or leave it idle for more than a minute. Anything, but really, just don’t save your passwords.
It’s also worth mentioning the WebBrowserPassView tool from NirSoft. It’s a password recovery tool for Internet Explorer, Firefox, Chrome and Opera.
Now, if you’ve got another tool for me to check out, email [email protected]
If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!
Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more
And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at [email protected].