Skip to content

Commit

Permalink
cf changelog v0.9.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlessandroZ
AlessandroZ committed Jul 9, 2015
1 parent 5655030 commit bc3adb7
Show file tree
Hide file tree
Showing 9 changed files with 36 additions and 25 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
LaZagne 0.9.1 (09/07/2015)
- Only Windows
* Fix mastepassword check error - mozilla
* Fix database error - mozilla

- For Windows
* Fix encoding error

LaZagne 0.9 (01/07/2015)
- Only Windows
* Fix Opera bug (thanks to rolandstarke)
Expand Down
2 changes: 1 addition & 1 deletion Linux/src/config/constant.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
class constant():
folder_name = 'results'
MAX_HELP_POSITION = 27
CURRENT_VERSION = 0.9
CURRENT_VERSION = '0.9.1'
output = None
file_logger = None
verbose = False
Expand Down
42 changes: 23 additions & 19 deletions Linux/src/softwares/browsers/mozilla.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,16 @@ def __init__(self, profile):
super(JsonDatabase, self).__init__(db)

def __iter__(self):
with open(self.db) as fh:
data = json.load(fh)
try:
logins = data["logins"]
except:
raise Exception("Unrecognized format in {0}".format(self.db))

for i in logins:
yield (i["hostname"], i["encryptedUsername"], i["encryptedPassword"])
if os.path.exists(self.db):
with open(self.db) as fh:
data = json.load(fh)
try:
logins = data["logins"]
except:
raise Exception("Unrecognized format in {0}".format(self.db))

for i in logins:
yield (i["hostname"], i["encryptedUsername"], i["encryptedPassword"])

class SqliteDatabase(Credentials):
def __init__(self, profile):
Expand Down Expand Up @@ -325,17 +326,20 @@ def save_db(self, userpath):
# ------------------------------ Master Password Functions ------------------------------

def is_masterpassword_correct(self, masterPassword=''):
#see http://www.drh-consultancy.demon.co.uk/key3.html
pwdCheck = self.key3['password-check']
entrySaltLen = ord(pwdCheck[1])
entrySalt = pwdCheck[3: 3+entrySaltLen]
encryptedPasswd = pwdCheck[-16:]
globalSalt = self.key3['global-salt']
cleartextData = self.decrypt3DES( globalSalt, masterPassword, entrySalt, encryptedPasswd )
if cleartextData != 'password-check\x02\x02':
try:
#see http://www.drh-consultancy.demon.co.uk/key3.html
pwdCheck = self.key3['password-check']
entrySaltLen = ord(pwdCheck[1])
entrySalt = pwdCheck[3: 3+entrySaltLen]
encryptedPasswd = pwdCheck[-16:]
globalSalt = self.key3['global-salt']
cleartextData = self.decrypt3DES( globalSalt, masterPassword, entrySalt, encryptedPasswd )
if cleartextData != 'password-check\x02\x02':
return ('', '', '')

return (globalSalt, masterPassword, entrySalt)
except:
return ('', '', '')

return (globalSalt, masterPassword, entrySalt)

# Retrieve masterpassword
def found_masterpassword(self):
Expand Down
Binary file modified Linux/standalone/32bits/LaZagne-32bits
View file
Binary file not shown.
Binary file modified Linux/standalone/64bits/LaZagne-64bits
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion Windows/src/LaZagne/config/constant.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
class constant():
folder_name = 'results'
MAX_HELP_POSITION = 27
CURRENT_VERSION = 0.9
CURRENT_VERSION = '0.9.1'
output = None
file_logger = None

Expand Down
2 changes: 1 addition & 1 deletion Windows/src/LaZagne/config/write_output.py
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingfrom config.header import Headerfrom colorama import init, Fore, Back, Styleinit() # init the colorama function# --------------------------- Functions used to write ---------------------------def write_header(): time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) header = '''|====================================================================|\r\n| |\r\n| Credentsials discovery |\r\n| |\r\n| ! BANG BANG ! |\r\n| |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n''' open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(header)def write_footer(): footer = '\n[+] %s passwords have been found.\r\n\r\n' % str(constant.nbPasswordFound) open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(footer) def write_credentials(pwdFound, category): tmp = "############ %s passwords ############\r\n\r\n" % category for pwd in pwdFound: for p in pwd.keys(): tmp = str(tmp) + str(p) + ": " + str(pwd[p]) + "\r\n" tmp = str(tmp) + "\r\n" open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(tmp) def checks_write(values, category): if values: if constant.output == 'txt': try: write_credentials(values, category) logging.info('[+] Credentials stored successfully on the file: %s\\credentials.txt\n' % constant.folder_name) except: logging.info('Couldn\'t write the results file\n')# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer(): footer = '\n[+] %s passwords have been found.\n' % str(constant.nbPasswordFound) if logging.getLogger().isEnabledFor(logging.INFO) == False: footer += 'For more information launch it again with the -v option\n' print footer# print output if passwords have been founddef print_output(software_name, pwdFound, title1 = False): if pwdFound: # if the debug logging level is not apply => print the title if logging.getLogger().isEnabledFor(logging.INFO) == False: if not title1: Header().title(software_name) toWrite = [] password_category = False for pwd in pwdFound: # detect which kinds of password has been found lower_list = [s.lower() for s in pwd.keys()] password = [s for s in lower_list if "password" in s] if password: password_category = password else: key = [s for s in lower_list if "key" in s] # for the wifi if key: password_category = key else: hash = [s for s in lower_list if "hash" in s] if hash: password_category = hash # No password found if not password_category: print_debug("FAILED", "Password not found !!!") else: print_debug("OK", '%s found !!!' % password_category[0].title()) toWrite.append(pwd) # Store all passwords found on a table => for dictionary attack if master password set constant.nbPasswordFound += 1 try: constant.passwordFound.append(pwd[password_category[0]]) except: pass for p in pwd.keys(): print '%s: %s' % (p, pwd[p]) print # write credentials into a text file checks_write(toWrite, software_name) else: logging.info("[!] No passwords found\n")def print_debug(error_level, message): # print when password is found if error_level == 'OK': print Fore.GREEN + message + Style.RESET_ALL # print when password is not found elif error_level == 'FAILED': print Style.BRIGHT + Fore.RED + message + Style.RESET_ALL # print messages depending of their criticism elif error_level == 'CRITICAL': logging.critical(Style.BRIGHT + Fore.RED + '[CRITICAL] %s\n' % message + Style.RESET_ALL) elif error_level == 'ERROR': logging.error(Style.BRIGHT + Fore.RED + '[ERROR] %s\n' % message + Style.RESET_ALL) elif error_level == 'WARNING': logging.warning(Fore.CYAN + '[WARNING] %s\n' % message + Style.RESET_ALL) elif error_level == 'DEBUG': logging.debug('[DEBUG] %s\n' % message) elif error_level == 'INFO': logging.info('%s\n' % message) else: logging.info('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------
# -*- coding: utf-8 -*-from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingfrom config.header import Headerfrom colorama import init, Fore, Back, Styleinit() # init the colorama function# --------------------------- Functions used to write ---------------------------def write_header(): time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) header = '''|====================================================================|\r\n| |\r\n| Credentsials discovery |\r\n| |\r\n| ! BANG BANG ! |\r\n| |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n''' open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(header)def write_footer(): footer = '\n[+] %s passwords have been found.\r\n\r\n' % str(constant.nbPasswordFound) open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(footer) def write_credentials(pwdFound, category): tmp = "############ %s passwords ############\r\n\r\n" % category for pwd in pwdFound: for p in pwd.keys(): tmp = str(tmp) + str(p) + ": " + str(pwd[p].encode('utf-8')) + "\r\n" tmp = str(tmp) + "\r\n" open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(tmp) def checks_write(values, category): if values: if constant.output == 'txt': try: write_credentials(values, category) logging.info('[+] Credentials stored successfully on the file: %s\\credentials.txt\n' % constant.folder_name) except: logging.info('Couldn\'t write the results file\n')# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer(): footer = '\n[+] %s passwords have been found.\n' % str(constant.nbPasswordFound) if logging.getLogger().isEnabledFor(logging.INFO) == False: footer += 'For more information launch it again with the -v option\n' print footer# print output if passwords have been founddef print_output(software_name, pwdFound, title1 = False): if pwdFound: # if the debug logging level is not apply => print the title if logging.getLogger().isEnabledFor(logging.INFO) == False: if not title1: Header().title(software_name) toWrite = [] password_category = False for pwd in pwdFound: # detect which kinds of password has been found lower_list = [s.lower() for s in pwd.keys()] password = [s for s in lower_list if "password" in s] if password: password_category = password else: key = [s for s in lower_list if "key" in s] # for the wifi if key: password_category = key else: hash = [s for s in lower_list if "hash" in s] if hash: password_category = hash # No password found if not password_category: print_debug("FAILED", "Password not found !!!") else: print_debug("OK", '%s found !!!' % password_category[0].title()) toWrite.append(pwd) # Store all passwords found on a table => for dictionary attack if master password set constant.nbPasswordFound += 1 try: constant.passwordFound.append(pwd[password_category[0]]) except: pass for p in pwd.keys(): try: print '%s: %s' % (p, pwd[p]) except Exception,e: print_debug('DEBUG', '{0}'.format(e)) print '%s: %s' % (p.encode('utf-8'), pwd[p].encode('utf-8')) print # write credentials into a text file checks_write(toWrite, software_name) else: logging.info("[!] No passwords found\n")def print_debug(error_level, message): # print when password is found if error_level == 'OK': print Fore.GREEN + message + Style.RESET_ALL # print when password is not found elif error_level == 'FAILED': print Style.BRIGHT + Fore.RED + message + Style.RESET_ALL # print messages depending of their criticism elif error_level == 'CRITICAL': logging.critical(Style.BRIGHT + Fore.RED + '[CRITICAL] %s\n' % message + Style.RESET_ALL) elif error_level == 'ERROR': logging.error(Style.BRIGHT + Fore.RED + '[ERROR] %s\n' % message + Style.RESET_ALL) elif error_level == 'WARNING': logging.warning(Fore.CYAN + '[WARNING] %s\n' % message + Style.RESET_ALL) elif error_level == 'DEBUG': logging.debug('[DEBUG] %s\n' % message) elif error_level == 'INFO': logging.info('%s\n' % message) else: logging.info('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------
Expand Down
5 changes: 2 additions & 3 deletions Windows/src/LaZagne/softwares/windows/network.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
# -*- coding: utf-8 -*-
import struct, platform, win32cred
from ctypes import *
from ctypes.wintypes import DWORD
Expand Down Expand Up @@ -92,13 +91,13 @@ def run(self):
values['Username'] = i['UserName']

try:
values['Password'] = pwd.decode('utf16').encode('utf-8')
values['Password'] = pwd.decode('utf16')
except Exception,e:
print_debug('DEBUG', '{0}'.format(e))
values['INFO'] = 'Error decoding the password'

pwdFound.append(values)

# print the results
print_output("Generic Network", pwdFound)

Expand Down
Binary file modified Windows/standalone/laZagne.exe
View file
Binary file not shown.

0 comments on commit bc3adb7

Please sign in to comment.