Here's how i managed to hack my school website or: Why chrome is not a good password manager

Here's how i managed to hack my school website or: Why chrome is not a good password manager

·

2 min read

People are used to save their data into their browser. Maybe to sync contents across multiple devices, maybe for laziness or convenience. Doing in this way on a public machine they just giving access to a lot of their data to anyone enough skilled to know where to look further.

The idea

I got this idea, during a reverse engineering session, (I was analyzing an infostealer), more specifically how the author of this malware managed to decrypt and exfiltrate chrome data. If my teachers had saved some data before, maybe I could be able to exfiltrate the database and decrypt this later?

Concept

As far i know, chrome stores saved passwords in a file named Login Data. This file is just an SQLite database. The passwords are encrypted with an API named CryptProtectData (it encrypt a data blob with univoque encryption key), and the Chrome Key blob is stored in another file named Local State hat can we do now?

Using an admin account with the default password on the computers located in the computer science laboratory (yes they use the same pwd everywhere), installed a C# application that exfiltrate chrome files on other machines. After decrypting the db using CryptUnprotectData

this is the result

How it ended?

I logged in into the wordpress panel, in order to report this fact.

image.png

Then without doing damages, i logged out. Well, i got suspended for two fucking days. The bright side is that my school improved their security: first they wiped all the chrome files from all computers, then they have implemented MFA auth. and changed all the passwords.

In conclusion

Don't try to replicate this!, i got suspended, but i risked more serious conseguences. If you want highter grades, open your book, not the login page of your school :)