Memory Forensics for Pentesters: Firefox

7,671 views

Published on

This is part one in a series of presentations I will be giving at the NoVAHackers meetings on forensics of all kinds as it can be leveraged in a penetration test.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
7,671
On SlideShare
0
From Embeds
0
Number of Embeds
1,724
Actions
Shares
0
Downloads
153
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
















  • Memory Forensics for Pentesters: Firefox

    1. 1. Memory Forensics for Penetration Testers
    2. 2. Memory Sizes • 1 GB (Netbook standard) • 2 GB (Old standard) • 4 GB (Laptop standard now) • Forensics don’t care, they deal with HDDs • Sneaky Sneaky!
    3. 3. Memory Sizes • 1 GB (Netbook standard) • 2 GB (Old standard) • 4 GB (Laptop standard now) • Forensics don’t care, they deal with HDDs • Sneaky Sneaky!
    4. 4. 32 bit vs 64 bit • Annoying
    5. 5. Per-process Memory Dumping • PMD • (P)rocess (M)emory (D)umper SURPRISE! • EvilFingers (https://www.evilfingers.com/) • Since v1.2 it’s gone gooey. • Still awesome but useless at a prompt.
    6. 6. PWD
    7. 7. PMDump • http://ntsecurity.nu/toolbox/pmdump/
    8. 8. Firefox • You know..
    9. 9. Firefox • You know..
    10. 10. Firepassword • http://securityxploded.com/ firepassword.php • or you could do it the easy way: • http://carnal0wnage.blogspot.com/ 2010/06/firefox-saved-passwords.html
    11. 11. Master Password :-(
    12. 12. FireMaster • http://securityxploded.com/firemaster.php
    13. 13. dump firefox memory definitely smaller but be careful
    14. 14. strings FTW! strings firefox.mem | sed ‘/^.{30}/d’ | sort -u | sed ‘/$’”/ `echo r` /” > firefoxdictionary.txt
    15. 15. win!
    16. 16. Questions?

    ×