powershell subprocess fix + removing lxml import + json bug fix

1sn0m4d · Dec 20, 2016 · 49e9ae1 · 49e9ae1
1 parent ba891f6
commit 49e9ae1
Show file tree

Hide file tree

Showing 8 changed files with 593 additions and 559 deletions.
diff --git a/Windows/laZagne.py b/Windows/laZagne.py
@@ -163,7 +163,7 @@ def write_in_file(result):
 			# Human readable Json format 
 			prettyJson = json.dumps(result, sort_keys=True, indent=4, separators=(',', ': '))
 			with open(constant.folder_name + os.sep + constant.file_name_results + '.json', 'w+') as f:
-				f.write(prettyJson)
+				f.write(prettyJson.encode('utf-8', errors='replace'))
 			print '[+] File written: ' + constant.folder_name + os.sep + constant.file_name_results + '.json'
 
 		if constant.output == 'txt' or constant.output == 'all':
@@ -212,22 +212,22 @@ def error(self, message):
 		self.print_help()
 		sys.exit(2)
 
-def runLaZagne():
+def runLaZagne(category_choosed='all'):
 
 	# ------ Part used for user impersonation ------ 
 
 	current_user = getpass.getuser().encode('utf-8', errors='ignore')
 	if not current_user.endswith('$'):
 		constant.finalResults = {'User': current_user}
 		print '\n\n########## User: %s ##########\n' % current_user
+		yield 'User', current_user
 		set_env_variables()
 		for r in runModule(category_choosed):
 			yield r
 		stdoutRes.append(constant.finalResults)
 
 	# Check if admin to impersonate
 	if ctypes.windll.shell32.IsUserAnAdmin() != 0:
-
 		# --------- Impersonation using tokens ---------
 
 		sids = ListSids()
@@ -243,6 +243,8 @@ def runLaZagne():
 				continue
 
 			print '\n\n########## User: %s ##########\n' % user.encode('utf-8', errors='ignore')
+			yield 'User', user
+
 			constant.finalResults = {'User': user}
 			for sid in impersonateUsers[user]:
 				try:
@@ -262,7 +264,7 @@ def runLaZagne():
 
 					# Launch module wanted
 					for r in runModule(category_choosed, need_system_privileges=_need_system_privileges, cannot_be_impersonate_using_tokens=_cannot_be_impersonate_using_tokens):
-						pass
+						yield r
 
 					rev2self()
 					stdoutRes.append(constant.finalResults)

diff --git a/Windows/lazagne/config/changePrivileges.py b/Windows/lazagne/config/changePrivileges.py
@@ -246,6 +246,7 @@ def getSidToken(token_sid):
                     windll.advapi32.OpenProcessToken(hProcess, tokenprivs, byref(hToken))
                     if hToken:
                         if GetTokenSid( hToken ) == token_sid:
+                            print
                             print_debug('INFO', 'Using PID: ' + str(pid))
                             windll.kernel32.CloseHandle(hProcess)
                             return hToken

diff --git a/Windows/lazagne/config/powershell_execute.py b/Windows/lazagne/config/powershell_execute.py
@@ -4,37 +4,40 @@
 import re
 
 def powershell_execute(script, function):
+
+	output = ""
+	try:
+		script = re.sub("Write-Verbose ","Write-Output ", script, flags=re.I) 
+		script = re.sub("Write-Error ","Write-Output ", script, flags=re.I)
+		script = re.sub("Write-Warning ","Write-Output ", script, flags=re.I)
 
-	script = re.sub("Write-Verbose ","Write-Output ", script, flags=re.I) 
-	script = re.sub("Write-Error ","Write-Output ", script, flags=re.I)
-	script = re.sub("Write-Warning ","Write-Output ", script, flags=re.I)
-
-	fullargs = ["powershell.exe", "-C", "-"]
+		fullargs = ["powershell.exe", "-C", "-"]
 
-	info = subprocess.STARTUPINFO()
-	info.dwFlags = sub.STARTF_USESHOWWINDOW | sub.CREATE_NEW_PROCESS_GROUP
-	info.wShowWindow = sub.SW_HIDE
-	p = subprocess.Popen(fullargs, startupinfo=info, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, universal_newlines=True, shell=True)
+		info = subprocess.STARTUPINFO()
+		info.dwFlags = sub.STARTF_USESHOWWINDOW
+		info.wShowWindow = sub.SW_HIDE
+		p = subprocess.Popen(fullargs, startupinfo=info, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, universal_newlines=True, shell=True)
 
-	p.stdin.write("$base64=\"\""+"\n")
-	n = 25000
-	b64_script = base64.b64encode(script)
-	tab = [b64_script[i:i+n] for i in range(0, len(b64_script), n)]
-	for t in tab:
-		p.stdin.write("$base64+=\"%s\"\n" % t)
-		p.stdin.flush()
+		p.stdin.write("$base64=\"\""+"\n")
+		n = 25000
+		b64_script = base64.b64encode(script)
+		tab = [b64_script[i:i+n] for i in range(0, len(b64_script), n)]
+		for t in tab:
+			p.stdin.write("$base64+=\"%s\"\n" % t)
+			p.stdin.flush()
 
-	p.stdin.write("$d=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64))\n")
-	p.stdin.write("Invoke-Expression $d\n")
-
-	p.stdin.write("\n$a=Invoke-Expression \"%s\" | Out-String\n" % function)
-	p.stdin.write("$b=[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(\"$a\"))\n")
-	p.stdin.write("Write-Host $b\n")
+		p.stdin.write("$d=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64))\n")
+		p.stdin.write("Invoke-Expression $d\n")
+	 
+		p.stdin.write("\n$a=Invoke-Expression \"%s\" | Out-String\n" % function)
+		p.stdin.write("$b=[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(\"$a\"))\n")
+		p.stdin.write("Write-Host $b\n")
 
-	# Get the result in base64
-	output = ""
-	for i in p.stdout.readline():
-		output += i
-	output = base64.b64decode(output)
+		# Get the result in base64
+		for i in p.stdout.readline():
+			output += i
+		output = base64.b64decode(output)
+	except:
+		pass
 
 	return output
diff --git a/Windows/lazagne/softwares/browsers/ie.py b/Windows/lazagne/softwares/browsers/ie.py
@@ -110,7 +110,7 @@ def history_from_powershell(self):
 		command=['powershell.exe', '/c', cmdline]
 
 		info = subprocess.STARTUPINFO()
-		info.dwFlags = sub.STARTF_USESHOWWINDOW | sub.CREATE_NEW_PROCESS_GROUP
+		info.dwFlags = sub.STARTF_USESHOWWINDOW
 		info.wShowWindow = sub.SW_HIDE
 		p = subprocess.Popen(command, startupinfo=info, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, universal_newlines=True)
 		results, _ = p.communicate()
@@ -225,7 +225,7 @@ def windows_vault_ie(self):
 		command=['powershell.exe', '/c', cmdline]
 
 		info = subprocess.STARTUPINFO()
-		info.dwFlags = sub.STARTF_USESHOWWINDOW | sub.CREATE_NEW_PROCESS_GROUP
+		info.dwFlags = sub.STARTF_USESHOWWINDOW
 		info.wShowWindow = sub.SW_HIDE
 		p = subprocess.Popen(command, startupinfo=info, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, universal_newlines=True)
 		results, _ = p.communicate()

diff --git a/Windows/lazagne/softwares/memory/keepass.py b/Windows/lazagne/softwares/memory/keepass.py
@@ -120,10 +120,10 @@ def run(self, software_name = None):
 
 		if values:
 			pwdFound = [values]
-			try:
-				with libkeepass.open(values['Database'], password=values['Password'], keyfile=values['KeyFilePath']) as kdb:
-					pwdFound += kdb.to_dic()
-			except:
-				pass
+			# try:
+			with libkeepass.open(values['Database'], password=values['Password'], keyfile=values['KeyFilePath']) as kdb:
+				pwdFound += kdb.to_dic()
+			# except:
+				# pass
 
 		return pwdFound
diff --git a/Windows/lazagne/softwares/memory/libkeepass/common.py b/Windows/lazagne/softwares/memory/libkeepass/common.py
@@ -209,7 +209,7 @@ def tell(self):
 
 import base64
 import hashlib
-from lxml import etree
+from xml import etree
 
 def load_keyfile(filename):
     try: