This a is a video walk-through of TryHackMe's Chrome. If you prefer a written walk-through, you can find it here: https://readysetexploit.gitlab.io/home/forensics/chrome/
Buy Me A Coffee :)
https://www.buymeacoffee.com/hadrian3689
0:00 Intro
1:00 Reviewing file and PCAP file
2:05 Extracting files from the PCAP
3:15 Examining files
4:45 Using Windows VM to reverse binary
6:30 Reviewing the binary code
8:40 Decrypting the files and finding the AppData folder
11:25 Using Ghidra to reverse binary in Linux
13:05 Finding the hard coded strings again
16:00 Doing some research on Chrome password decrypting
20:00 Extracting the user's password with John The Ripper
22:50 Gathering the files we need for decryption
23:45 Using my modified script to extract the secret key
26:45 Back on Windows and transferring the files
29:20 Extracting the masterkey using Mimikatz
31:10 Decrypting the secret key using Mimikatz
33:00 Setting up modified script and extracting passwords
35:55 Using Pypykatz to decrypt passwords in Linux
39:55 Using Docker along with Pypykatz to extract passwords
