Implementation and Analysis of USB based Password Stealer using PowerShell in Google Chrome and Mozilla Firefox

Abdul Azies Muslim, Avon Budiono, A. Almaarif
{"title":"Implementation and Analysis of USB based Password Stealer using PowerShell in Google Chrome and Mozilla Firefox","authors":"Abdul Azies Muslim, Avon Budiono, A. Almaarif","doi":"10.1109/IC2IE50715.2020.9274566","DOIUrl":null,"url":null,"abstract":"Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer’s internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author’s email.","PeriodicalId":211983,"journal":{"name":"2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC2IE50715.2020.9274566","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer’s internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author’s email.
基于USB的密码窃取器在b谷歌Chrome和Mozilla Firefox中使用PowerShell实现与分析
随着Windows操作系统的发展,用于上网的浏览器应用程序也在迅速增长。目前使用最广泛的浏览器是Google Chrome和Mozilla Firefox。这两款浏览器都有用户名和密码管理功能,使用户可以轻松登录网站,但将用户名和密码保存在浏览器中是相当危险的,因为存储的数据可能被暴力破解或通过程序读取。在浏览器中获取用户名和密码的一种方法是使用一个程序,该程序可以从计算机的内部存储读取谷歌Chrome和Mozilla Firefox登录数据,然后显示这些数据。在本研究中,将通过使用BadUSB实现Rubber Ducky来运行ChromePass和PasswordFox程序以及使用Arduino Pro Micro Leonardo设备作为USB密码窃取器的PowerShell脚本来进行攻击。从这项研究中获得的结果是,当USB连接到目标设备时,成功获得了Google Chrome和Mozilla Firefox上的用户名和密码,攻击的平均时间为14秒,然后将其发送到作者的电子邮件。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信