• We just launched and are currently in beta. Join us as we build and grow the community.

Chalumeau – A GUI Based Credential Dumping

JCLexicon

AI Ethics Advisor
J
J Rep
0
0
0
Rep
0
J Vouches
0
0
0
Vouches
0
Posts
150
Likes
52
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 400 XP
Orange-and-Navy-Blue-Modern-Burrito-Product-Presentation.png


Hey Folks, in this tutorial we are going to talk about an interesting tool called “Chalumeau“. This may be necessary for those who are not familiar with the command line as it provides us (GUI) interface to dump credentials from the victim machine. From the owner we found out it is based on powershell and python. It provides us with a command which is executed on powershell or cmd and as soon as we execute the command, it dumps all the credentials such as : chrome, firefox, saved password, administrator etc from the victim machine. Lets talk about the main features of this tool.

  • Extract Password List
  • Dashboard Reporting & Web Interface
  • Parsing Mimikatz
  • Write your own Payloads
  • In-Memory execution
  • Dumping Tickets

Lets take a look 🙂 !!

Installation

The installation is quite simple and for the installation first we need to download this tool from the github and after complete the downloading we will go to the directory and give executable permission of the “install.sh” and execute the file.

git clone https://github.com/cyberstruggle/chalumeau.git
cd chalumeau/
chmod +x install.sh
sudo ./install.sh1234git clone
https://github.com/cyberstruggle/chalumeau.gitcd chalumeau/chmod+xinstall.shsudo./install.sh

1-15.png


As you can see that it gives us the username and password of the login page as soon as we complete the installation.

2-16.png


By executing this file we can host this tool on our localhost machine as given below. If the installation is successful, it will give us the host file location, which we need to open on the browser and enter the credentials initially provided by this tool.

bash start.sh1bash start.sh

3-17.png


After doing all this the interface of this tool will appear on the browser as shown below image.

4-16-1024x455.png

Start Dumping

Now we are ready to dump the credentials from the victim machine just we need to click on “start dumping” button.

5-14.png


After clicking on the button it gives us two options, first is powsershell and second is cmd, both will do the same thing but we have to choose one of the two so we will copy the cmd command.

6-14.png


After copying the command we will execute it at the cmd prompt and return to the kali machine.

7-13.png


Wooo 🙂 Here you can see that we successfully obtained 22 credentials from the target machine by executing only one command.

8-10-1024x373.png


We can see the window logon credentials with the help of which we can control the target system.

9-10-1024x483.png


To get all the credentials we will go to the machine section and click on View option.

10-10-1024x289.png


Combine everything like Google, Firefox, Edge, it gives us 22 credentials in total which are really amazing.

11-9.png


There is no need if you want to share or save those credentials as it gives us the download option from where we can download all the credentials in TXT file format.

12-9.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

428,096

310,989

310,998

F Fadwa
Top