JMC31337 Posted January 20, 2014 Share Posted January 20, 2014 working on doing a lil phishing expedition (yea its for the birds but i gotta write a good one in C# before i move on) Grabbed CheatEngine to scan through some memory (cheat engine is not bad, but i dont like the crap it tries to install with it - GOT A BETTER ONE LEMME KNOW-) using Chrome to login in to GMAIL I put a fake password as 16 A's: GALX=p_COcLCigQk&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&rm=false<mpl=default&hl=en&scc=1&ss=1&_utf8=%E2%98%83&bgresponse=%21A0I0ITH9HDNvS0R6sejAokAPWwIAAADsUgAAAA0qAQ54RhVt-Qu2LVKb4J23WkCZueD1ffB8V_ZSE_jIE04XOzOSUwm16rZ2suDsEJH9riKKR60AWqjQpirqHTN-qJ64hB7Rl61SZaj_8KJtFx7acjUssgK9TT9e_me_XItnElcj1EmvDDvW8vxZKcTIXNLRhCxGdE8Yz8hd7iMoRz8HyrUbs6hhI7CZfl57yuPKLjmfmzdmzsCTJsuhV3y9HbFD5g0xEN7zTpRTUxe-YXiSPUneyoK-r4bWfA05QUKBeN0z7IAN8cHnCWLG2AvHluEWKeywleXZh01bQ8qAEBEvZvMqPTlyFuWT_MEmRik0n-WN-V8fLKzJDVnTeCOKPTpV542ShGQKkU3NyRN2BuI&pstMsg=1&dnConn=&checkConnection=youtube%3A414%3A1&checkedDomains=youtube&Email=jmc31337%40gmail.com&Passwd=AAAAAAAAAAAAAAAA&signIn=Sign+in&rmShown=1 now it immediately overwrites that portion of memory with crap that is fed thru the sockets from your gmail services.. but umm.. i'd like to see chrome encrypt that a lil better Email=jmc31337%40gmail.com&Passwd=AAAAAAAAAAAAAAAA&signIn So, I guess it would have to be in memory as plaintext starting out; "on the fly memory encryption" would probably be the best way...try to encrypt it as I type the password into the neat edit box...but even then it would have to be decrypted in order to send the password data to gmail... :/ If the rumors are right: Trust your OS protection when it comes to memory grabbers... Better hope it keeps process memory readers out... So was Target using SP3? Off topic:Where's Peter Ferrie at?Can a running process without UAC privs in win7 or Vista use readprocessmemory on itself or equal access level processes?Or can I start a process in my thread then read my threads info which -> opened process (ill try to find out myself on a vista guest account)... The reason for the ? is; if the system lets guest accounts use these browsers in limited security environments would a guest process of equal privs be able to read the other browser process' memory? Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now