Monday, June 28, 2010

Firefox Saved Passwords


Nothing earth shattering, but since this is a place for my notes...

Sometimes while you are on a box and pilfering through all the documents doesn't yield anything useful for you to move laterally you can sometimes grab the Firefox saved passwords. Lots of times someone will save their password to the corporate OWA, wiki, helpdesk page, or whatever. Even if doesn't give you a *great* lead you'll at least get an idea if they are a password re-user or not.

So how to do it?

Actually its simple. Inside of the mozilla\firefox directory will be somethingrandom.default. Inside that folder you'll find:

key3.db
signons.sqlite

If there is no master password set, all you have to do is replace the files on your test VM with the two files you downloaded, open firefox, go to preferences, security, and do a view saved passwords.

I think there are some fancy Firefox plug-ins that can pull this info out and I'm sure there are some binaries you can push up that will dump this for you as well. But this is quick and easy and you're probably already downloading files (at least you probably *should* be) anyway...

-thanks to Mubix for telling me about this.
CG

4 comments:

Anonymous said...

Instead of "replace those two files with the ones on your test VM, " I think you meant "replace the ones on your test VM, with those two files."
For a moment I thought you were saying to upload the files and I had a FAIL moment.

Grecs said...

Guess the big warning here for most users ... Be sure to set the master password if you use this feature!

CG said...

yup got it mixed up, fixed the post. thank anonymous

Bugbear said...

Great Minds Think Alike? Was working on this post when I saw you tweet this.

http://securitybraindump.blogspot.com/2010/06/firefox-addon-ons-ftw.html