Book Image

Python for Offensive PenTest

By : Hussam Khrais
Book Image

Python for Offensive PenTest

By: Hussam Khrais

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.
Table of Contents (13 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

Dumping saved passwords out of Google Chrome


In this section, we will discuss another password-hacking technique. This technique was originally created to recover your password if you forget it. Here we will take advantage and hack the saved password remotely. For this attack to work successfully, your target should be using Google Chrome, and they should have previously saved the login password. Let's look at how this works. Log into your Facebook account. You will notice a prompt at the top-right corner of the screen, which asks you whether to save the password with a Save password button. If our target has clicked on Save password, then we will be able to grab that password remotely.

We will now see how to do that. To do this, we will Log out from Facebook first.

Acquiring the password remotely

Let's get started by understanding how Google Chrome stores and recovers the saved password in the first place:

So, the first fact is, we should know that Google Chrome uses the Windows login password...