gpo.zugaina.org

Search Portage & Overlays:

app-admin/lazagne

Credentials recovery project.

Screenshots

  • lazagne-9999
    python_targets_python2_7

    View      Download      Browse     License: LGPL-3   
    Overlay: linxon (layman)
  • lazagne-2.4.2
    ~amd64 ~x86
    python_targets_python2_7

    View      Download      Browse     License: LGPL-3   
    Overlay: linxon (layman)

ChangeLog

LaZagne 2.3.1 (18/10/2017)
- Only Windows
* Fix unicode issue (#154)
* Print less local output when a specific drive has been choosed (#156)

LaZagne 2.3 (31/08/2017)
- Only Windows
* Bug "UnicodeDecodeError" resolved (#134)
* Support many alphabets (for chinese, russian, ... passwords)
* Well managed when password are written to files (Lazagne.exe all -oA), not always correct when printed on the console (depend on the system encoding)
* New module added
* CocCoc browser supported (#141)
* Quiet mode added to not print anything on the console (#140) => lazagne.exe all -quiet
* Retrieve passwords from another drive (#142) => lazagne all -drive D
* lsa secrets are well written on files (when -oA, -oJ or -oN options are used)

LaZagne 2.2 (17/05/2017)
- Only Windows
* Bug correction: #118

LaZagne 2.1 (28/04/2017)
- Only Windows
* Removing many dependencies (win32api, win32crypt, win32xxx, colorama, etc.) using ctypes
* Adding little modules
* Retrieve passwords when autologon is enabled
* Retrieve passwords stored in unattended files
* Using creddump to retrieve system hashes + LSA secrets
* Retrieve chrome passwords from multiple profiles
* Little bugs fixed + some code review

- Linux
* Adding mimipy module from n1nj4sec (https://github.com/n1nj4sec/mimipy) to retrieve the system password from memory (need root privileges)

LaZagne 2.0 (20/12/2016)
- Only Windows:
* Only one process is launched (impersonnation is done using "ImpersonateLoggedOnUser" and no more "CreateProcessAsUser")
* No more temporary files written on the disk
* Uses of powerdump from empire (thanks to adaptivethreat) to avoid writing hives on the disk (avoid "reg save ...")
* Better way to catch errors
* Json fixes (output to be more "human readable" + error encoding)
* Code cleaned
* New category added called "memory": used to retrieve password in memory
* KeeThief added (thanks to adaptivethreat) - retrieve keepass (version 2.x) password from memory
* Powershell code used from https://github.com/adaptivethreat/KeeThief/
* Browser passwords present in memory could be retrieved
* Thanks to n1nj4sec for his awesome project "memorpy"
* https://github.com/n1nj4sec/memorpy
* New category added called "php":
* New module "PHP Composer" (thanks to righettod => https://github.com/righettod)

LaZagne 1.8 (15/11/2016)
- Only Windows:
* Lots of minor bugs fixed
* Firefox
* when many profiles used (thanks to Aorimn) or when profiles.ini is corrupted
* IE: retrieving historic list or windows vault
* Writing json file
* etc...

LaZagne 1.7 (11/09/2016)
- Only Windows:
* New modules (thanks to righettod => https://github.com/righettod):
* Robomongo - MongoDB client
* Internet Explorer bug fix (for windows 7)

LaZagne 1.6 (05/09/2016)
- Only Windows:
* Internet Explorer history retrieved using powershell - no more dll written on the disk (all in memory)
* Internet Explorer passwords stored in the credential manager retrieved (for Win8 and higher)
* Wifi bug fixed

LaZagne 1.5 (01/08/2016)
- Only Windows:
* New modules (thanks to righettod => https://github.com/righettod):
* Maven java build tool
* Apache Directory Studio
* "OpenSSH" application

LaZagne 1.4 (21/07/2016)
- Only Windows:
* New module: Git for Windows (thanks to righettod => https://github.com/righettod)

LaZagne 1.3 (02/07/2016)
- Only Windows
See "User impersonnation" in README for more information
* User impersonation (high privileges needed)
* Stealing user process token (when other user processes are running on the system)
* All credentials can be retrieved (Chrome, Firefox, etc.)
* Browsing file system (ex: C:\Users\<user>\...)
* Only software's passwords which do not use Windows API to encrypt it, can be retrieved (Firefox, Jitsi, Pidgin, etc.).
* Json output has been implemented (txt output is still present with the options -oN)
* Lazagne all -oJ => Json output
* Standalone lighter (from 18 Mo to 6 Mo) => Thanks to the new version of Pyinstaller
* Fix some bugs

LaZagne 1.1 (22/10/2015)
- Only Windows
* New category: games (Thanks to David Lodge)
* Galcon Fusion
* Kalypso Media Launcher
* Rogue's Tale
* Turba

LaZagne 1.0 (04/10/2015)
- Only Windows
* Fix chrome database locked
* Fix windows secrets bug
* Fix opera bug

- For Linux
* Fix opera bug

LaZagne 0.9.1 (09/07/2015)
- Only Windows
* Fix mastepassword check error - mozilla
* Fix database error - mozilla

- For Linux
* Fix encoding error

LaZagne 0.9 (01/07/2015)
- Only Windows
* Fix Opera bug (thanks to rolandstarke)
* Fix encoding error for generic network passwords

- For Windows / Linux
* Version number available from the main menu (before: Lazagne all --version => now: Lazagne --version)
* spelling mistake corrected

LaZagne 0.8 (11/06/2015)
- Only Linux
* /etc/shadow modules (dictionary attack on hash)

- For Windows / Linux
* Management of the following options "-path" (for dictionary attack) and "-b" (for bruteforce attack) in a different way. Used as general options and not implemented by module. Using the same option, the file will be used by different modules; example: to find the mozilla masterpassword, the unix system password (from the hash), used by skype (for windows), etc.

LaZagne 0.71 (04/06/2015)
- Only Linux
* Wifi password module from WPA Supplicant implemented (by rpesche)

LaZagne 0.7 (29/05/2015)
- For Windows / Linux
* Fix mozilla bug (special characters were not printed)

LaZagne 0.6 (26/05/2015)
- For Windows / Linux
* Firefox / Thunderbird: No more dependency with nss library (many thanks to Laurent Clevy for its awesome technic: https://github.com/lclevy/firepwd)
* Fix opera bug

- Only Windows
* WinSCP false positive removed (when SSH key is used)

LaZagne 0.5 (21/05/2015)
- For Windows
* Fix chrome bug

LaZagne 0.5 (20/05/2015)
- For Windows / Linux
* 2 levels of verbosity added for debugs
* try / except more verbose depending on the verbosity levels
* dico file moved from browsers to config repository (used for dictionary attack)
* new Filezilla versions managed

- Only Windows
* check weak passwords (logins equal to password) for windows account when hashes (nthash) have been found
* function to write the output modified on windows module
* WConio replaced by colorama for the window color
* Skype: try a dictionary attack (500 famous password) when the hash has been retrieved

LaZagne 0.4 (12/05/2015)
- For Linux
* Kwallet module implemented (by quentin hardy)

LaZagne 0.4 (05/05/2015)
- For Windows
* Fix ie bugs
* Fix thunderbird bug

LaZagne 0.3 (30/04/2015)
- For Windows
* Flexibility on the code: much more easy to add modules
* Passwords found previously are used to test firefox masterpassword if set

- For Linux
* Flexibility on the code: much more easy to add modules
* Passwords found previously are used to test firefox masterpassword if set
* 2 different standalones (32 bits / 64 bits)

LaZagne 0.2 (27/04/2015)
- For Windows
* New modules: Windows hashes + LSA Secrets
* Passwords found previously are used to test windows hashes and firefox masterpassword
* 500 most famous passwords are used to retrieve the windows password (once we get the hashes)
* Wifi bug fixed: only one password was printed
* I.E bug fixed