[5584] Failed to execute script browserscan

[Papotito123]

Hello:
Windows 1909 x64 local account with AVAST disabled.

Chrome is closed.I also have Edge (chromium) installed.

When run browserscan , gives this error:
Microsoft Windows [Version 10.0.18363.1440]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>cd "C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\dist"

C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\dist>browserscan.exe
browserscan Scans for browser data, decrypts, and prepares it for exfil.
Copyright (C) 2020 Alertra, Inc.

[+] User: C:\Users\TESTACCOUNT
[+] Processing Google\Chrome browser
[+] Data copied to staging.
Traceback (most recent call last):
File "src\browserscan.py", line 362, in
File "src\browserscan.py", line 92, in enum_browsers
File "src\browserscan.py", line 259, in _decrypt_passwords
File "src\browserscan.py", line 136, in decrypt_ciphertext
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xd2 in position 0: invalid continuation byte
[5584] Failed to execute script browserscan

C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\dist>

Any info much appreciated.

Thanks.

[Papotito123]

Hello:
Windows 1909 x64 local account with AVAST disabled.

Chrome is closed.I also have Edge (chromium) installed.

When running browserscan.py, gives this error:
C:\WINDOWS\system32>cd "C:\python37"

C:\python37>python "C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\src\browserscan.py"
File "C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\src\browserscan.py", line 145
plaintext = win32crypt.CryptUnprotectData(ciphertext[ChromiumScanner.DPAPI_PREFIX]:)[1].decode("UTF-8")
^
SyntaxError: invalid syntax

After removing the( : ) in line 145,now gives this error:

C:\python37>python "C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\src\browserscan.py"
browserscan Scans for browser data, decrypts, and prepares it for exfil.
Copyright (C) 2020 Alertra, Inc.

[+] User: C:\Users\TESTACCOUNT
[+] Processing Google\Chrome browser
[+] Data copied to staging.
Traceback (most recent call last):
File "C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\src\browserscan.py", line 362, in
browsers = b.enum_browsers()
File "C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\src\browserscan.py", line 92, in enum_browsers
self._decrypt_passwords(browser)
File "C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\src\browserscan.py", line 259, in _decrypt_passwords
plaintext = self.decrypt_ciphertext(browser, ciphertext)
File "C:\Users\TESTACCOUNT\Downloads\browserscan-master\browserscan-master\src\browserscan.py", line 136, in decrypt_ciphertext
plaintext = cipher.decrypt(ciphertext).decode("UTF-8")
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xd2 in position 0: invalid continuation byte

[kdirectorate]

I'll take a look at the problem. Is it possible for you to give me a copy of the file it is choking on?

[Papotito123]

Hello:
Thanks for taking time.
I can up the brwserscan.py file.
I downloaded the .zip from this site.And I used as is, without modifications.
From what I read about this error ,seems like an error interpreting the first python bytes of the chrome login password.
I already can run lazagne , mimikatz without problems.
This error occur with browserscan.exe and browserscan.py

Thanks in advanced.

[kdirectorate]

I've done some work trying to figure out how to deal with the Unicode problems. There seems to never be an easy answer when trying to handle unknown Unicode strings. So this may not be the end of it. It may not even be the end of the beginning. But I certainly think some Unicode happened. Let me know if it fixed your problem.