A small program that grabs saved passwords from Chrome using a vulnerability where saved passwords are vulnerable to attacks/grabs when Chrome is closed.
- Python 3.3+
- pywin32 module - The program will automatically install this module if you don't have it
To run the script just launch the PwnChrome.py using python PwnChrome.py.
The script will automatically detect the operating system (Windows/MacOS/Linux) and if the operating system is Windows,
it will check if the pywin32 module is present. If the module isn't present, the script will automatically install it.
Afterwards the script will check if chrome.exe is running and if it is, it will kill the task forcefully and silently
so that it can navigate to Chrome's saved passwords directory and access the saved passwords; which are unprotected
while Chrome is closed. At that point the script will extract the url, username and password to PwnChrome.txt
which will be placed where PwnChrome.py is located at.
The reason why the script checks if your operating system is Windows' is because pywin32 can't be installed in MacOS
or Linux due to pywin32 requiring Windows due to the module providing access to many of the Windows' APIs for
Python. I am looking for ways to decrypt OS X Keychain for MacOS and GNOME Keyring or KWallet on Linux.
This project is for educational purposes ONLY.
Written with Python 3.7.
- w3w3w3 - ncorbuk for the original code & exploit.
This project is for educational purposes ONLY. As the MIT License states:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.