Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3132] No subject

Browse source
This commit is contained in:
CPol 2022-04-28 10:43:42 +00:00 committed by gitbook-bot
parent f72fa0049e
commit 59d8dc2310
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
linux-unix/privilege-escalation/electron-cef-chromium-debugger-abuse.md
View file

@ -124,6 +124,16 @@ ws.send(JSON.stringify({
}));
```
### Post-Exploitation
In a real environment and **after compromising** a user PC that uses Chrome/Chromium based browser you could launch a Chrome process with the **debugging activated and port-forward the debugging port** so you can access it. This way you will be able to **inspect everything the victim does with Chrome and steal sensitive information**.
The stealth way is to **terminate every Chrome process** and then call something like
```bash
Start-Process "Chrome" "--remote-debugging-port=9222 --restore-last-session"
```
## References
* [https://www.youtube.com/watch?v=iwR746pfTEc\&t=6345s](https://www.youtube.com/watch?v=iwR746pfTEc\&t=6345s)
@ -135,3 +145,4 @@ ws.send(JSON.stringify({
* [https://nodejs.org/en/docs/guides/debugging-getting-started/](https://nodejs.org/en/docs/guides/debugging-getting-started/)
* [https://chromedevtools.github.io/devtools-protocol/](https://chromedevtools.github.io/devtools-protocol/)
* [https://larry.science/post/corctf-2021/#saasme-2-solves](https://larry.science/post/corctf-2021/#saasme-2-solves)
* [https://embracethered.com/blog/posts/2020/chrome-spy-remote-control/](https://embracethered.com/blog/posts/2020/chrome-spy-remote-control/)