Get the User:Password from Chrome(include version < 80 and version > 80)
All version
Windows
-
Download the exe file here
-
Open cmd or powershell
-
Run
Hackone.exe > res.txt
- version < 80
User:Password pairs were stored in the file named "Login Data".
Password was encrypted, But we can use "CryptUnprotectData" Function in "Crypt32.dll" to decrypt them.
Finally, We get the plaintext of the User:Password pairs stored in Chrome
- version > 80
Based on the Algorithm used by "version < 80", It use AES-GCM to encrypt the password via a and a .
The can be found in the "Local State" file, and can be decypted by "CryptUnprotectData" mentioned above.
The can be found at the begin of the encrypted_password.
Therefore, we can decrpted all the password.
- Merge the result
If someone update the Chrome recently, we need to find the two ways of User:Password pairs.
What's more, I use some rules to merge the results into an array.
The Project follows MIT LICENSE.