Automated sticky keys hack. Post exploitation it grabs browser passwords, history, and network passwords. Here’s the plan. We create a way to automate doing the sticky keys windows hack from a bootable USB which we can call as WinPirate. Then, we automate getting as many saved passwords as possible, drop a listener, and delete all traces that we were there.
All without being detected by antivirus. We should add a mimikittenz option if the computer was found running and unlocked, otherwise we can just run it later remotely.
Also Read Malicious Apps Change Their Name To Be Back On Google Play Store
How to Use WinPirate
Requirements : a linux bootable USB, this repo on the USB (not in the OS, just put it in the root directory)
Note : chromepasswords.py requires PyWin32
If the computer is locked:
- shutdown windows (make sure not hibernating by holding shift while pressing shut down)
- hit F12 and select USB
sudo -ifdisk -l(note: if you’re on Kali Linux, runparted -l)mkdir /media/windowsmount /dev/WHATEVERTHEWINDOWSPARTITIONWASCALLED /media/windows -t ntfs- run Stickykeys.sh
- restart and boot to Windows
- hit Shift 5 times fast, a command prompt will appear
- cd to the USB and run WinPirate.bat
If the computer isn’t locked:
cd to the USB and run Run.bat (this will run WinPirate.bat silently in the background, it should be done in < 10 seconds
Current Issues
- The chrome passwords grabber that I made is still a .py For it to work, I need to convert it to exe so it doesn’t require python to be installed on the system.
You can run it withpython chromepasswords.py -csvand it will decrypt the Chrome saved passwords database and export it as a CSV - The sticky keys automation doesn’t speed the process up as much as I previously thought, as evident by the lengthy “How to Use” section
- I haven’t been able to write any tools that grab passwords for IE or Firefox
