Merge pull request AlessandroZ#125 from alxchk/master

Try to extract passwords from all user contexts (Linux)
ezesoler · May 23, 2017 · c4ef71d · c4ef71d
2 parents 785dd7a + 1fcaa76
commit c4ef71d
Show file tree

Hide file tree

Showing 20 changed files with 1,118 additions and 543 deletions.
diff --git a/Linux/laZagne.py b/Linux/laZagne.py
@@ -40,7 +40,7 @@
 def output():
 	if args['write_normal']:
 		constant.output = 'txt'
-	
+
 	if args['write_json']:
 		constant.output = 'json'
 
@@ -51,7 +51,7 @@ def output():
 		if not os.path.exists(constant.folder_name):
 			os.makedirs(constant.folder_name)
 			# constant.file_name_results = 'credentials' # let the choice of the name to the user
-		
+
 		if constant.output != 'json':
 			write_header()
 
@@ -65,7 +65,7 @@ def verbosity():
 	if args['verbose']==0: level=logging.CRITICAL
 	elif args['verbose'] == 1: level=logging.INFO
 	elif args['verbose']>=2: level=logging.DEBUG
-	
+
 	FORMAT = "%(message)s"
 	formatter = logging.Formatter(fmt=FORMAT)
 	stream = logging.StreamHandler()
@@ -83,24 +83,24 @@ def manage_advanced_options():
 	# File used for dictionary attacks
 	if 'path' in args:
 		constant.path = args['path']
-	if 'bruteforce' in args: 
+	if 'bruteforce' in args:
 		constant.bruteforce = args['bruteforce']
 
 	# Mozilla advanced options
 	if 'manually' in args:
 		constant.manually = args['manually']
 	if 'specific_path' in args:
 		constant.specific_path = args['specific_path']
-	
+
 	if 'mails' in args['auditType']:
 		constant.mozilla_software = 'Thunderbird'
 	elif 'browsers' in args['auditType']:
 		constant.mozilla_software = 'Firefox'
-	
+
 	# Jitsi advanced options
 	if 'master_pwd' in args:
 		constant.jitsi_masterpass = args['master_pwd']
-	
+
 	# i.e advanced options
 	if 'historic' in args:
 		constant.ie_historic = args['historic']
@@ -109,7 +109,7 @@ def manage_advanced_options():
 def write_in_file(result):
 	try:
 		if constant.output == 'json' or constant.output == 'all':
-			# Human readable Json format 
+			# Human readable Json format
 			prettyJson = json.dumps(result, sort_keys=True, indent=4, separators=(',', ': '))
 			with open(constant.folder_name + os.sep + constant.file_name_results + '.json', 'w+') as f:
 				f.write(prettyJson.encode('utf-8', errors='replace'))
@@ -146,7 +146,7 @@ def launch_module(module):
 			pwdFound = module[i].run(i.capitalize())	# run the module
 			print_output(i.capitalize(), pwdFound) 		# print the results
 
-			# return value - not used but needed 
+			# return value - not used but needed
 			yield True, i.capitalize(), pwdFound
 		except:
 			traceback.print_exc()
@@ -176,9 +176,6 @@ def runLaZagne(category_choosed='all'):
 	user = getpass.getuser()
 	constant.finalResults = {}
 	constant.finalResults['User'] = user
-
-	print '\n\n########## User: %s ##########\n' % user.encode('utf-8', errors='ignore')
-	yield 'User', user
 
 	for r in runModule(category_choosed):
 		yield r
@@ -194,14 +191,14 @@ def runLaZagne(category_choosed='all'):
 	parser.add_argument('--version', action='version', version='Version ' + str(constant.CURRENT_VERSION), help='laZagne version')
 
 	# ------------------------------------------- Permanent options -------------------------------------------
-	# Version and verbosity 
+	# Version and verbosity
 	PPoptional = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=constant.MAX_HELP_POSITION))
 	PPoptional._optionals.title = 'optional arguments'
 	PPoptional.add_argument('-v', dest='verbose', action='count', default=0, help='increase verbosity level')
 	PPoptional.add_argument('-path', dest='path',  action= 'store', help = 'path of a file used for dictionary file')
 	PPoptional.add_argument('-b', dest='bruteforce',  action= 'store', help = 'number of character to brute force')
 
-	# Output 
+	# Output
 	PWrite = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=constant.MAX_HELP_POSITION))
 	PWrite._optionals.title = 'Output'
 	PWrite.add_argument('-oN', dest='write_normal',  action='store_true', help = 'output file in a readable format')
@@ -213,13 +210,13 @@ def runLaZagne(category_choosed='all'):
 	for c in category:
 		category[c]['parser'] = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=constant.MAX_HELP_POSITION))
 		category[c]['parser']._optionals.title = category[c]['help']
-		
+
 		# Manage options
 		category[c]['subparser'] = []
 		for module in modules[c]:
 			m = modules[c][module]
 			category[c]['parser'].add_argument(m.options['command'], action=m.options['action'], dest=m.options['dest'], help=m.options['help'])
-			
+
 			# Manage all suboptions by modules
 			if m.suboptions and m.name != 'thunderbird':
 				tmp = []
@@ -255,7 +252,7 @@ def runLaZagne(category_choosed='all'):
 	args = dict(parser.parse_args()._get_kwargs())
 	arguments = parser.parse_args()
 	category_choosed = args['auditType']
-	
+
 	# Define constant variables
 	output()
 	verbosity()
@@ -267,7 +264,7 @@ def runLaZagne(category_choosed='all'):
 		pass
 
 	# if constant.output == 'json' or constant.output == 'all':
-	# 	# Human readable Json format 
+	# 	# Human readable Json format
 	# 	prettyJson = json.dumps(constant.finalResults, sort_keys=True, indent=4, separators=(',', ': '))
 	# 	with open(constant.folder_name + os.sep + constant.file_name_results + '.json', 'w+') as f:
 	# 		json.dump(prettyJson, f)

diff --git a/Linux/lazagne/config/homes.py b/Linux/lazagne/config/homes.py
@@ -0,0 +1,142 @@
+import pwd
+import os
+import psutil
+
+def directories():
+    visited = set()
+
+    for pw in pwd.getpwall():
+        if not pw.pw_dir in visited:
+            yield pw.pw_dir
+            visited.add(pw.pw_dir)
+
+    if 'HOME' in os.environ:
+        home = os.environ['HOME']
+        if not home in visited:
+            yield home
+            visited.add(home)
+
+
+def get(file=[], dir=[]):
+
+    files = file if (type(file) in (tuple, list)) else [file]
+    dirs = dir if (type(dir) in (tuple, list)) else [dir]
+
+    for p in directories():
+        if files:
+            for file in files:
+                if os.path.isfile(os.path.join(p, file)):
+                    yield os.path.join(p, file)
+
+        if dirs:
+            for dir in dirs:
+                if os.path.isdir(os.path.join(p, dir)):
+                    yield os.path.join(p, dir)
+
+        if not files and not dirs and os.path.isdir(p):
+            yield p
+
+def users(file=[], dir=[]):
+    files = file if (type(file) in (tuple, list)) else [file]
+    dirs = dir if (type(dir) in (tuple, list)) else [dir]
+
+    for pw in pwd.getpwall():
+        if files:
+            for file in files:
+                if os.path.isfile(os.path.join(pw.pw_dir, file)):
+                    yield pw.pw_name, os.path.join(pw.pw_dir, file)
+
+        if dirs:
+            for dir in dirs:
+                if os.path.isdir(os.path.join(pw.pw_dir, dir)):
+                    yield pw.pw_name, os.path.join(pw.pw_dir, dir)
+
+        if not files and not dirs and os.path.isdir(pw.pw_dir):
+            yield pw.pw_name, pw.pw_dir
+
+def sessions(setenv=True):
+    visited = set()
+
+    for process in psutil.process_iter():
+        try:
+            environ = process.environ()
+        except:
+            continue
+
+        if 'DBUS_SESSION_BUS_ADDRESS' in environ:
+            address = environ['DBUS_SESSION_BUS_ADDRESS']
+            if not address in visited:
+                uid = process.uids().effective
+
+                if setenv:
+                    previous_uid = os.geteuid()
+                    if not uid == previous_uid:
+                        try:
+                            os.seteuid(uid)
+                        except:
+                            continue
+
+                    previous = os.environ['DBUS_SESSION_BUS_ADDRESS']
+                    os.environ['DBUS_SESSION_BUS_ADDRESS'] = address
+
+                try:
+                    yield (uid, address)
+                finally:
+                    if setenv:
+                        os.environ['DBUS_SESSION_BUS_ADDRESS'] = previous
+
+                        if previous_uid != uid:
+                            try:
+                                os.seteuid(previous_uid)
+                            except:
+                                pass
+
+                visited.add(address)
+
+    for session_bus_dir in get(dir='.dbus/session-bus'):
+        for envs in os.listdir(session_bus_dir):
+            try:
+                env_file = os.path.join(session_bus_dir, envs)
+                uid = os.stat(env_file).st_uid
+                with open(env_file) as env:
+                    for line in env.readlines():
+                        if not line.startswith('DBUS_SESSION_BUS_ADDRESS'):
+                            continue
+
+                        if line.startswith('#'):
+                            continue
+
+                        _, v = line.split('=', 1)
+
+                        if v.startswith("'") or v.startswith('"'):
+                            v = v[1:-1]
+
+                        if v in visited:
+                            continue
+
+                        if setenv:
+                            previous_uid = os.geteuid()
+                            if not previous_uid == uid:
+                                try:
+                                    os.seteuid(uid)
+                                except:
+                                    continue
+
+                            previous = os.environ['DBUS_SESSION_BUS_ADDRESS']
+                            os.environ['DBUS_SESSION_BUS_ADDRESS'] = address
+
+                        try:
+                            yield (uid, v)
+
+                        finally:
+
+                            if setenv:
+                                os.environ['DBUS_SESSION_BUS_ADDRESS'] = previous
+                                if previous_uid != uid:
+                                    try:
+                                        os.seteuid(previous_uid)
+                                    except:
+                                        pass
+
+            except Exception, e:
+                pass
diff --git a/Linux/lazagne/config/manageModules.py b/Linux/lazagne/config/manageModules.py
@@ -5,10 +5,15 @@
 # browsers
 from lazagne.softwares.browsers.mozilla import Mozilla
 from lazagne.softwares.browsers.opera import Opera
+from lazagne.softwares.browsers.chrome import Chrome
 # sysadmin
 from lazagne.softwares.sysadmin.filezilla import Filezilla
 from lazagne.softwares.sysadmin.env_variable import Env_variable
 from lazagne.softwares.sysadmin.shadow import Shadow
+from lazagne.softwares.sysadmin.aws import Aws
+from lazagne.softwares.sysadmin.ssh import Ssh
+from lazagne.softwares.sysadmin.docker import Docker
+from lazagne.softwares.sysadmin.cli import Cli
 # chats
 from lazagne.softwares.chats.pidgin import Pidgin
 from lazagne.softwares.chats.jitsi import Jitsi
@@ -22,8 +27,15 @@
 from lazagne.softwares.databases.dbvis import DbVisualizer
 from lazagne.softwares.databases.sqldeveloper import SQLDeveloper
 # memory
-from lazagne.softwares.memory.mimipy import Mimipy
-from lazagne.softwares.memory.memorydump import MemoryDump
+try:
+	from lazagne.softwares.memory.mimipy import Mimipy
+except:
+	pass
+
+try:
+	from lazagne.softwares.memory.memorydump import MemoryDump
+except:
+	pass
 
 def get_categories():
 	category = {
@@ -42,21 +54,36 @@ def get_modules():
 	moduleNames = [
 		ClawsMail(),
 		DbVisualizer(),
-		Env_variable(),
-		Filezilla(),
+		# Env_variable(),
+		# Filezilla(),
 		Gnome(),
 		Jitsi(),
 		Mozilla(),
-		# MemoryDump(),	 # very long to execute
-		Mimipy(),
 		Opera(),
+		Chrome(),
 		Pidgin(),
 		Shadow(),
+        Aws(),
+        Docker(),
+		Ssh(),
+		Cli(),
 		SQLDeveloper(),
 		Squirrel(),
 		Wifi(),
 		Wpa_supplicant(),
 		kde(),
 		libsecret()
 	]
+
+	try:
+		moduleNames.append(Mimipy())
+	except:
+		pass
+
+	# very long to execute
+	# try:
+	# 	moduleNames.append(MemoryDump())
+	# except:
+	# 	pass
+
 	return moduleNames