ChromePE
[Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.
This script is purely for educational use. Any consequenses or damages arising from the usage of it in an illegal or unethical way are purely the fault of the end-user, and in no way is the developer responsible for it.
Usage
Starting
ChromePE is a post-exploitation tool. This means that it is meant to be placed on a victim's computer, where it will then remotely alert the attacker to more data.
Attacker Setup
cd path-to-chromePE/attacker
python3 ChromePE.py
Target Setup
cd path-to-chromePE/client
python3 comm.py
Attacking/Screenshots
Attacker
After starting the program, the attacker will be presented with a CLI and asked to select an option.
Option Guide:
- Start the Program
- Get help (can also do when started via
--help
flag)- Exit the program
Command Guide
When the program is started, the attacker can remotely execute functions on the victim's computer through the CLI. A list of accepted commands is compiled below:
--get-pwds : Returns the autofill password data stored on the victim's computer
--get-bkmrks : Returns the bookmarks stored by the victim's computer
--get-hist : Returns the browser history of the victim
--get-dwnlds : Returns the victim's files recently downloaded through Chrome
--redir URL True/False : Redirects the victim's Chrome session to a specified URL, with keylogging enabled/disabled.
--help : returns a list of commands
exit : exits the program
Credits
Chrome password function : originally sourced from HERE, modified to allow silent returns, fix various special charcter bugs, etc. Give them a
License
Copyright 2021 Finn Lancaster
Permission is hereby granted, free of charge, to any person obtaining a copy of this
software and associated documentation files (the "Software"), to deal in the Software
without restriction, including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or
substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.