| Name | Description |
|---|---|
| ChromiumKeyDump | BOF implementation of Chlonium tool to dump Chrome/Edge Masterkey and download Cookie/Login Data files |
| Sleeper | BOF to call the SetThreadExecutionState function to prevent host from Sleeping |
- Visual Studio:
x86:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars32.bat"
cl.exe /c /GS- /TP BOF.cpp /FoBOF.o
x64:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
cl.exe /c /GS- /TP BOF.cpp /FoBOF.x64.o
- MinGW:
x86: i686-w64-mingw32-gcc -c BOF.cpp -o BOF.o
x64: x86_64-w64-mingw32-gcc -c BOF.cpp -o BOF.x64.o
After compiling, place the object files (.o) into the bin folder and load the (.cna) files to Cobalt Strike.
chromiumkeydump [edge|chrome] [argument(required)] [ChromePath(optional)]
Arguments Description
--------- -----------
masterkey Dump Masterkey
cookies Download Chrome Cookies file
logindata Download Chrome Login Data file
all Dump Masterkey and download files
ChromePath Path to custom installation directory
!Set the path to where the [User Data] folder is located!
Example: D:\\Programs\\
C:\\Users\\USER\\AppData\\Local
https://github.com/rxwx/chlonium
sleeper [argument(required)]
Arguments
50DA
Description
--------- -----------
off Set the `ES_CONTINUOUS` flag and return to Default state
on Set the `ES_SYSTEM_REQUIRED` flag to prevent the Sleep
force Set the `ES_SYSTEM_REQUIRED|ES_AWAYMODE_REQUIRED` flags to prevent the Sleep,
even if the Sleep button is pressed
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setthreadexecutionstate