cur.execute(f"SELECT * FROM computers WHERE LOWER(ip)=LOWER('{pillaged_from_computer_ip}')")
1185
+
results = cur.fetchall()
1186
+
if len(results)>0:
1187
+
result=results[0]
1188
+
pillaged_from_computerid=result[0]
1189
+
self.logging.debug(f"[+] Resolved {pillaged_from_computer_ip} to id : {pillaged_from_computerid}")
1190
+
except Exception as ex:
1191
+
self.logging.error(f"Exception in add_cookie 1")
1192
+
self.logging.debug(ex)
1193
+
1194
+
try:
1195
+
if pillaged_from_username != None:
1196
+
with self.conn:
1197
+
cur = self.conn.cursor()
1198
+
cur.execute(f"SELECT * FROM users WHERE LOWER(username)=LOWER('{pillaged_from_username}') AND pillaged_from_computerid={pillaged_from_computerid}")
1199
+
results = cur.fetchall()
1200
+
if len(results) > 0:
1201
+
result = results[0]
1202
+
pillaged_from_userid = result[0]
1203
+
self.logging.debug(f"[+] Resolved {pillaged_from_username} on machine {pillaged_from_computerid} to id : {pillaged_from_userid}")
1204
+
except Exception as ex:
1205
+
self.logging.error(f"Exception in add_cookies 2")
1206
+
self.logging.debug(ex)
1207
+
pass
1208
+
if pillaged_from_computerid == None or pillaged_from_userid == None :
1209
+
self.logging.debug(f"[-] Missing computerId or UserId to register Cookie {credz_name} {credz_value} - {credz_target}")
1210
+
#return None
1211
+
try:
1212
+
if pillaged_from_userid == None :
1213
+
query = "SELECT * FROM cookies WHERE LOWER(name)=LOWER(:credz_name) AND LOWER(value)=LOWER(:credz_value) AND expires_utc=:credz_expires_utc AND LOWER(type)=LOWER(:credz_type) AND LOWER(target)=LOWER(:credz_target) AND pillaged_from_computerid=:pillaged_from_computerid"
query = "SELECT * FROM cookies WHERE LOWER(name)=LOWER(:credz_name) AND LOWER(value)=LOWER(:credz_value) AND expires_utc=:credz_expires_utc AND LOWER(type)=LOWER(:credz_type) AND LOWER(target)=LOWER(:credz_target) AND pillaged_from_computerid=:pillaged_from_computerid AND pillaged_from_userid=:pillaged_from_userid"
self.logging.debug(f"[{self.options.target_ip}] [+] Decrypting Chrome cookie in {self.cookie_path}")
157
+
155
158
if os.path.isfile(self.cookie_path):
156
159
connection = sqlite3.connect(self.cookie_path)
157
160
with connection:
skipped 2 lines
160
163
'select host_key, "TRUE", path, "FALSE", expires_utc, name, encrypted_value from cookies')
161
164
values = v.fetchall()
162
165
166
+
self.logging.debug(f"[{self.options.target_ip}] [+] Found {len(values)} Chrome cookies")
163
167
for host_key, _, path, _, expires_utc, name, encrypted_value in values:
164
-
#self.logging.debug(f"[{self.options.target_ip}] [+] Found Chrome cookie for {host_key}, {path}, {name},{value},{len(value)}")
168
+
self.logging.debug(f"[{self.options.target_ip}] [+] Found Chrome cookie for {host_key}, cookiename:{name}, expireatutc:{(datetime(1601,1,1)+timedelta(microseconds=expires_utc)).strftime('%b%d%Y%H:%M:%S')}")