基于USB的密码窃取器在b谷歌Chrome和Mozilla Firefox中使用PowerShell实现与分析

Abdul Azies Muslim, Avon Budiono, A. Almaarif
{"title":"基于USB的密码窃取器在b谷歌Chrome和Mozilla Firefox中使用PowerShell实现与分析","authors":"Abdul Azies Muslim, Avon Budiono, A. Almaarif","doi":"10.1109/IC2IE50715.2020.9274566","DOIUrl":null,"url":null,"abstract":"Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer’s internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author’s email.","PeriodicalId":211983,"journal":{"name":"2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Implementation and Analysis of USB based Password Stealer using PowerShell in Google Chrome and Mozilla Firefox\",\"authors\":\"Abdul Azies Muslim, Avon Budiono, A. Almaarif\",\"doi\":\"10.1109/IC2IE50715.2020.9274566\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer’s internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author’s email.\",\"PeriodicalId\":211983,\"journal\":{\"name\":\"2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IC2IE50715.2020.9274566\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC2IE50715.2020.9274566","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

摘要

随着Windows操作系统的发展,用于上网的浏览器应用程序也在迅速增长。目前使用最广泛的浏览器是Google Chrome和Mozilla Firefox。这两款浏览器都有用户名和密码管理功能,使用户可以轻松登录网站,但将用户名和密码保存在浏览器中是相当危险的,因为存储的数据可能被暴力破解或通过程序读取。在浏览器中获取用户名和密码的一种方法是使用一个程序,该程序可以从计算机的内部存储读取谷歌Chrome和Mozilla Firefox登录数据,然后显示这些数据。在本研究中,将通过使用BadUSB实现Rubber Ducky来运行ChromePass和PasswordFox程序以及使用Arduino Pro Micro Leonardo设备作为USB密码窃取器的PowerShell脚本来进行攻击。从这项研究中获得的结果是,当USB连接到目标设备时,成功获得了Google Chrome和Mozilla Firefox上的用户名和密码,攻击的平均时间为14秒,然后将其发送到作者的电子邮件。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Implementation and Analysis of USB based Password Stealer using PowerShell in Google Chrome and Mozilla Firefox
Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer’s internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author’s email.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Agile-Based Requirement Challenges of Government Outsourcing Project: A Case Study Investigation of Job Satisfaction and Worker Performance on Digital Business Company IC2IE 2020 Index Wind Speed Forecasting toward El Nino Factors Using Recurrent Neural Networks Thyroid Nodules Stratification Based on Orientation Characteristics Using Machine Learning Approach
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1