Skip to content

Commit

Permalink
fix output when no passwords found
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlessandroZ
AlessandroZ committed Apr 27, 2017
1 parent 215d4ac commit a3bd451
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 10 deletions.
14 changes: 12 additions & 2 deletions Windows/laZagne.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,13 +214,22 @@ def error(self, message):
self.print_help()
sys.exit(2)

# print user when verbose mode is enabled (without verbose mode the user is printed on the write_output python file)
def print_user(user):
if logging.getLogger().isEnabledFor(logging.INFO) == True:
try:
print '\n\n########## User: %s ##########\n' % user
except:
print '\n\n########## User: %s ##########\n' % user.encode('utf-8', errors='replace')

def runLaZagne(category_choosed='all'):

# ------ Part used for user impersonation ------

current_user = getpass.getuser().encode('utf-8', errors='ignore')
if not current_user.endswith('$'):
constant.finalResults = {'User': current_user}
print_user(current_user)
yield 'User', current_user
set_env_variables()
for r in runModule(category_choosed):
Expand All @@ -242,7 +251,8 @@ def runLaZagne(category_choosed='all'):
for user in impersonateUsers:
if 'service ' in user.lower() or ' service' in user.lower():
continue


print_user(user)
yield 'User', user

constant.finalResults = {'User': user}
Expand Down Expand Up @@ -277,7 +287,7 @@ def runLaZagne(category_choosed='all'):
all_users = get_user_list_on_filesystem(impersonated_user)
for user in all_users:
set_env_variables(user, toImpersonate = True)
print_debug('INFO', '[!] Trying to impersonate user: %s' % user.encode('utf-8', errors='ignore'))
print_user(user)

# Fix value by default for user environnment (appdata and userprofile)
constant.finalResults = {'User': user}
Expand Down
1 change: 1 addition & 0 deletions Windows/lazagne/config/WinStructure.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@

# Regedit
HKEY_CURRENT_USER = -2147483647
HKEY_LOCAL_MACHINE = -2147483646
KEY_READ = 131097
KEY_ENUMERATE_SUB_KEYS = 8
KEY_QUERY_VALUE = 1
Expand Down
6 changes: 1 addition & 5 deletions Windows/lazagne/config/header.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,7 @@ def title(self, title):
setColor(color='white', intensity=True)
print '------------------- ' + title + ' passwords -----------------\n'
setColor()

# Subtitle
# def title1(self, title1):
# print self.BRIGHT + self.WHITE + '[*] ' + title1 + '\n' + self.RESET_COLOR


# debug option for the logging
def title_info(self, title):
setColor(color='white', intensity=True)
Expand Down
3 changes: 2 additions & 1 deletion Windows/lazagne/config/manageModules.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
from lazagne.softwares.browsers.opera import Opera
from lazagne.softwares.browsers.ie import IE
# windows
# from lazagne.softwares.windows.system import System
from lazagne.softwares.windows.autologon import Autologon
from lazagne.softwares.windows.credman import Credman
from lazagne.softwares.windows.vault import Vault
from lazagne.softwares.windows.cachedump import Cachedump
Expand Down Expand Up @@ -71,6 +71,7 @@ def get_categories():
def get_modules():
moduleNames = [
ApacheDirectoryStudio(),
Autologon(),
Dbvisualizer(),
Chrome(),
CoreFTP(),
Expand Down
2 changes: 1 addition & 1 deletion Windows/lazagne/config/write_output.py
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
# -*- coding: utf-8 -*-from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingimport jsonimport tempfilefrom lazagne.config.header import Header, setColor# --------------------------- Functions used to write ---------------------------def write_header(): time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) header = '''|====================================================================|\r\n| |\r\n| Credentials discovery |\r\n| |\r\n| ! BANG BANG ! |\r\n| |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n''' open(constant.folder_name + os.sep + constant.file_name_results + '.txt',"a+b").write(header)def write_footer(): footer = '\n[+] %s passwords have been found.\r\n\r\n' % str(constant.nbPasswordFound) open(constant.folder_name + os.sep + constant.file_name_results + '.txt',"a+b").write(footer) def write_credentials(pwdFound, category, filePath): tmp = "############ %s passwords ############\r\n\r\n" % category for pwd in pwdFound: for p in pwd.keys(): tmp = str(tmp) + str(p) + ": " + str(pwd[p].encode('utf-8')) + "\r\n" tmp = str(tmp) + "\r\n" open(filePath,"a+b").write(tmp) def checks_write(values, category): if values: if "Passwords" not in constant.finalResults: constant.finalResults["Passwords"] = [] constant.finalResults["Passwords"].append([{"Category": category}, values])# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer(): footer = '\n[+] %s passwords have been found.\n' % str(constant.nbPasswordFound) if logging.getLogger().isEnabledFor(logging.INFO) == False: footer += 'For more information launch it again with the -v option\n' print footer# print hex valueFILTER=''.join([(len(repr(chr(x)))==3) and chr(x) or '.' for x in range(256)])def dump(src, length=8): N=0; result='' while src: s,src = src[:length],src[length:] hexa = ' '.join(["%02X"%ord(x) for x in s]) s = s.translate(FILTER) result += "%04X %-*s %s\n" % (N, length*3, hexa, s) N+=length return resulttmp_user = None# print output if passwords have been founddef print_output(software_name, pwdFound, title1 = False): # print the username only if password have been found user = constant.finalResults.get('User', '') global tmp_user if user != tmp_user: tmp_user = user try: print '\n\n########## User: %s ##########\n' % user except: print '\n\n########## User: %s ##########\n' % user.encode('utf-8', errors='replace') # manage differently hashes / and hex value if pwdFound: category = None if '__LSASecrets__' in pwdFound: pwdFound.remove('__LSASecrets__') category = 'lsa' pwdFound = pwdFound[0] elif '__Hashdump__' in pwdFound: pwdFound.remove('__Hashdump__') category = 'hash' pwdFound = pwdFound[0] elif '__MSCache__' in pwdFound: pwdFound.remove('__MSCache__') category = 'mscache' pwdFound = pwdFound[0] if pwdFound: # if the debug logging level is not apply => print the title if logging.getLogger().isEnabledFor(logging.INFO) == False: if not title1: Header().title(software_name) toWrite = [] # LSA Secrets will not be written on the output file if category == 'lsa': for k in pwdFound: print k print dump(pwdFound[k], length=16) print # Windows Hashes elif category == 'hash': toWrite.append(pwdFound) for pwd in pwdFound: print pwd print # Windows MSCache elif category == 'mscache': for pwd in pwdFound: print pwd print # Other passwords else: for pwd in pwdFound: password_category = False # detect which kinds of password has been found lower_list = [s.lower() for s in pwd.keys()] password = [s for s in lower_list if "password" in s] if password: password_category = password else: key = [s for s in lower_list if "key" in s] # for the wifi if key: password_category = key else: hash = [s for s in lower_list if "hash" in s] if hash: password_category = hash # No password found if not password_category: print_debug("FAILED", "Password not found !!!") else: print_debug("OK", '%s found !!!' % password_category[0].title()) toWrite.append(pwd) # Store all passwords found on a table => for dictionary attack if master password set constant.nbPasswordFound += 1 try: constant.passwordFound.append(pwd[password_category[0]]) except: pass for p in pwd.keys(): try: print '%s: %s' % (p, pwd[p]) except Exception,e: print_debug('DEBUG', '{0}'.format(e)) print '%s: %s' % (p.encode('utf-8'), pwd[p].encode('utf-8')) print # write credentials into a text file checks_write(toWrite, software_name) else: logging.info("[!] No passwords found\n")def print_debug(error_level, message): GREEN = '\x1b[32m' RED = '\x1b[31m' RESET_COLOR = '\x1b[0m' BRIGHT = '\x1b[1m' CYAN = '\x1b[36m' # print when password is found if error_level == 'OK': setColor('green') print message setColor() # print when password is not found elif error_level == 'FAILED': setColor('red', True) print message setColor() # print messages depending of their criticism elif error_level == 'CRITICAL': setColor('red', True) logging.critical('[CRITICAL] %s\n' % message) setColor() elif error_level == 'ERROR': setColor('red', True) logging.error('[ERROR] %s\n' % message) setColor() elif error_level == 'WARNING': setColor('cyan') logging.warning('[WARNING] %s\n' % message) setColor() elif error_level == 'DEBUG': logging.debug('[DEBUG] %s\n' % message) elif error_level == 'INFO': logging.info('%s\n' % message) else: logging.info('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------def parseJsonResultToBuffer(jsonString, color=False): green = '' reset = '' title = '' # if color: # green = Fore.GREEN # title = BRIGHT + Fore.WHITE # reset = RESET_COLOR buffer = '' try: for json in jsonString: if json: buffer += '\r\n\r\n{title_color}########## User: {username} ##########{reset_color}\r\n\r\n'.format(title_color=title, username=json['User'], reset_color=reset) if 'Passwords' not in json: buffer += 'No passwords found for this user !' else: for all_passwords in json['Passwords']: buffer += '{title_color}------------------- {password_category} -----------------{reset_color}\r\n'.format(title_color=title, password_category=all_passwords[0]['Category'], reset_color=reset) for password_by_category in all_passwords[1]: buffer += '\r\n{green_color}Password found !!!{reset_color}\r\n'.format(green_color=green, reset_color=reset) constant.nbPasswordFound += 1 for dic in password_by_category.keys(): try: buffer += '%s: %s\r\n' % (dic, password_by_category[dic].encode('utf-8')) except: buffer += '%s: %s\r\n' % (dic, password_by_category[dic].encode(encoding='utf-8',errors='replace')) buffer += '\r\n' except Exception as e: print_debug('ERROR', 'Error parsing the json results: %s' % e) print_debug('ERROR', 'json content: %s' % jsonString) return buffer
# -*- coding: utf-8 -*-from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingimport jsonimport tempfilefrom lazagne.config.header import Header, setColor# --------------------------- Functions used to write ---------------------------def write_header(): time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) header = '''|====================================================================|\r\n| |\r\n| Credentials discovery |\r\n| |\r\n| ! BANG BANG ! |\r\n| |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n''' open(constant.folder_name + os.sep + constant.file_name_results + '.txt',"a+b").write(header)def write_footer(): footer = '\n[+] %s passwords have been found.\r\n\r\n' % str(constant.nbPasswordFound) open(constant.folder_name + os.sep + constant.file_name_results + '.txt',"a+b").write(footer) def write_credentials(pwdFound, category, filePath): tmp = "############ %s passwords ############\r\n\r\n" % category for pwd in pwdFound: for p in pwd.keys(): tmp = str(tmp) + str(p) + ": " + str(pwd[p].encode('utf-8')) + "\r\n" tmp = str(tmp) + "\r\n" open(filePath,"a+b").write(tmp) def checks_write(values, category): if values: if "Passwords" not in constant.finalResults: constant.finalResults["Passwords"] = [] constant.finalResults["Passwords"].append([{"Category": category}, values])# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer(): footer = '\n[+] %s passwords have been found.\n' % str(constant.nbPasswordFound) if logging.getLogger().isEnabledFor(logging.INFO) == False: footer += 'For more information launch it again with the -v option\n' print footer# print hex valueFILTER=''.join([(len(repr(chr(x)))==3) and chr(x) or '.' for x in range(256)])def dump(src, length=8): N=0; result='' while src: s,src = src[:length],src[length:] hexa = ' '.join(["%02X"%ord(x) for x in s]) s = s.translate(FILTER) result += "%04X %-*s %s\n" % (N, length*3, hexa, s) N+=length return resulttmp_user = None# print output if passwords have been founddef print_output(software_name, pwdFound, title1 = False): # manage differently hashes / and hex value if pwdFound: category = None if '__LSASecrets__' in pwdFound: pwdFound.remove('__LSASecrets__') category = 'lsa' pwdFound = pwdFound[0] elif '__Hashdump__' in pwdFound: pwdFound.remove('__Hashdump__') category = 'hash' pwdFound = pwdFound[0] elif '__MSCache__' in pwdFound: pwdFound.remove('__MSCache__') category = 'mscache' pwdFound = pwdFound[0] if pwdFound: # if the debug logging level is not apply => print the title if logging.getLogger().isEnabledFor(logging.INFO) == False: # print the username only if password have been found user = constant.finalResults.get('User', '') global tmp_user if user != tmp_user: tmp_user = user try: print '\n\n########## User: %s ##########\n' % user except: print '\n\n########## User: %s ##########\n' % user.encode('utf-8', errors='replace') # if not title1: Header().title(software_name) toWrite = [] # LSA Secrets will not be written on the output file if category == 'lsa': for k in pwdFound: print k print dump(pwdFound[k], length=16) print # Windows Hashes elif category == 'hash': toWrite.append(pwdFound) for pwd in pwdFound: print pwd print # Windows MSCache elif category == 'mscache': for pwd in pwdFound: print pwd print # Other passwords else: for pwd in pwdFound: password_category = False # detect which kinds of password has been found lower_list = [s.lower() for s in pwd.keys()] password = [s for s in lower_list if "password" in s] if password: password_category = password else: key = [s for s in lower_list if "key" in s] # for the wifi if key: password_category = key else: hash = [s for s in lower_list if "hash" in s] if hash: password_category = hash # No password found if not password_category: print_debug("FAILED", "Password not found !!!") else: print_debug("OK", '%s found !!!' % password_category[0].title()) toWrite.append(pwd) # Store all passwords found on a table => for dictionary attack if master password set constant.nbPasswordFound += 1 try: constant.passwordFound.append(pwd[password_category[0]]) except: pass for p in pwd.keys(): try: print '%s: %s' % (p, pwd[p]) except Exception,e: print_debug('DEBUG', '{0}'.format(e)) print '%s: %s' % (p.encode('utf-8'), pwd[p].encode('utf-8')) print # write credentials into a text file checks_write(toWrite, software_name) else: logging.info("[!] No passwords found\n")def print_debug(error_level, message): GREEN = '\x1b[32m' RED = '\x1b[31m' RESET_COLOR = '\x1b[0m' BRIGHT = '\x1b[1m' CYAN = '\x1b[36m' # print when password is found if error_level == 'OK': setColor('green') print message setColor() # print when password is not found elif error_level == 'FAILED': setColor('red', True) print message setColor() # print messages depending of their criticism elif error_level == 'CRITICAL': setColor('red', True) logging.critical('[CRITICAL] %s\n' % message) setColor() elif error_level == 'ERROR': setColor('red', True) logging.error('[ERROR] %s\n' % message) setColor() elif error_level == 'WARNING': setColor('cyan') logging.warning('[WARNING] %s\n' % message) setColor() elif error_level == 'DEBUG': logging.debug('[DEBUG] %s\n' % message) elif error_level == 'INFO': logging.info('%s\n' % message) else: logging.info('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------def parseJsonResultToBuffer(jsonString, color=False): green = '' reset = '' title = '' # if color: # green = Fore.GREEN # title = BRIGHT + Fore.WHITE # reset = RESET_COLOR buffer = '' try: for json in jsonString: if json: buffer += '\r\n\r\n{title_color}########## User: {username} ##########{reset_color}\r\n\r\n'.format(title_color=title, username=json['User'], reset_color=reset) if 'Passwords' not in json: buffer += 'No passwords found for this user !' else: for all_passwords in json['Passwords']: buffer += '{title_color}------------------- {password_category} -----------------{reset_color}\r\n'.format(title_color=title, password_category=all_passwords[0]['Category'], reset_color=reset) for password_by_category in all_passwords[1]: buffer += '\r\n{green_color}Password found !!!{reset_color}\r\n'.format(green_color=green, reset_color=reset) constant.nbPasswordFound += 1 for dic in password_by_category.keys(): try: buffer += '%s: %s\r\n' % (dic, password_by_category[dic].encode('utf-8')) except: buffer += '%s: %s\r\n' % (dic, password_by_category[dic].encode(encoding='utf-8',errors='replace')) buffer += '\r\n' except Exception as e: print_debug('ERROR', 'Error parsing the json results: %s' % e) print_debug('ERROR', 'json content: %s' % jsonString) return buffer
Expand Down
2 changes: 1 addition & 1 deletion Windows/lazagne/softwares/windows/vault.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

class Vault(ModuleInfo):
def __init__(self):
options = {'command': '-vault', 'action': 'store_true', 'dest': 'Vault', 'help': 'Vault manager (Win8 or higher)'}
options = {'command': '--vault', 'action': 'store_true', 'dest': 'Vault', 'help': 'Vault manager (Win8 or higher)'}
ModuleInfo.__init__(self, 'Vault passwords (Internet Explorer, etc.)', 'windows', options, cannot_be_impersonate_using_tokens=False)

def run(self, software_name = None):
Expand Down

0 comments on commit a3bd451

Please sign in to comment.