https://github.com/redteampentesting/bitwarden-windows-hello
Tools to Exploit Bitwarden v2023.3.0 with Windows Hello
https://github.com/redteampentesting/bitwarden-windows-hello
Last synced: about 1 year ago
JSON representation
Tools to Exploit Bitwarden v2023.3.0 with Windows Hello
- Host: GitHub
- URL: https://github.com/redteampentesting/bitwarden-windows-hello
- Owner: RedTeamPentesting
- License: mit
- Created: 2024-01-03T08:44:20.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-03T10:27:39.000Z (over 2 years ago)
- Last Synced: 2025-01-24T17:38:03.191Z (over 1 year ago)
- Language: Python
- Size: 4.88 KB
- Stars: 29
- Watchers: 1
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Tools to Exploit Bitwarden v2023.3.0 with Windows Hello
This repository contains the tools to exploit Bitwarden v2023.3.0 when the
Windows Hello feature is enabled as described in our [blog
post](https://blog.redteam-pentesting.de/2024/bitwarden-heist/).
### Dump Keys from DPAPI
The tool `dpapidump` dumps credentials from DPAPI, including the biometric key
of Bitwarden v2023.3.0
([CVE-2023-27706](https://nvd.nist.gov/vuln/detail/CVE-2023-27706)). It can be
used as follows:
```sh
cd dpapidump
GOOS=windows go build
./dpapidump.exe
```
### Decrypt Bitwarden Vault
The Python script `hello-bitwarden.py` can be used to decrypt a Bitwarden
password vault using the biometric key obtained from DPAPI or a password. The
script can be used as follows:
```sh
./hello-bitwarden.py --biometric
./hello-bitwarden.py --password
```
The file `data.json` is created by Bitwarden and can usually be found at the
following path:
```
%AppData%\Bitwarden\data.json
```