The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software. At this moment, it supports 22 Programs on Microsoft Windows and 12 on a Linux/Unix-Like OS.
-
Launch all modules
- cmd: laZagne.exe all
-
Launch only a specific module
- cmd: laZagne.exe <module_name>
- example: laZagne.exe browsers
- help: laZagne.exe -h
-
Launch only a specific software script
- cmd: laZagne.exe <module_name>
- example: laZagne.exe browsers -f
- help: laZagne.exe browsers -h
-
Write all passwords found into a file (-w options)
- cmd: laZagne.exe all -w
Note: For wifi passwords, launch it with administrator privileges (UAC Authentication / sudo)
-
Windows (tested on Windows XP, 7 and 8 - 32 and 64 bits)
-
Browsers
- Firefox
- Chrome
- Opera
- Explorer
-
chats
- Skype
- Pidgin
- Jitsi
-
mails
- Thunderbird
- Outlook
-
adminsys
- FileZilla
- PuttyCM
- WinSCP
- Cyberduck
- CoreFTP
- FTPNavigator
-
database
- SQLdeveloper
- Squirrel
- DBvisualizer
-
svn
- Tortoise
-
wifi
- Wireless Network Password (Windows Feature)
-
windows credentials
- Domain visible network (.NET Passport)
- Generic network credentials
-
-
Linux
-
browsers
- Firefox
- Opera
-
chats
- Pidgin
- Jitsi
-
mails
- Thunderbird
-
adminsys
- FileZilla
- Environment Variables
-
database
- SQLdeveloper
- Squirrel
- DBvisualizer
-
wifi
- Network Manager
-
wallet
- GNOME Keyring
-
Internet Explorer passwords (from IE7 and before Windows 8) can only be decrypted using the URL of the website. This one is used as an argument of the Win32CryptUnprotectData api. So to decrypt it, it is only necessary to retrieve the browsing history of ie. To do that, I used C code. So I used a dll (the code is in the "browser_history_dll" directory) and it is directly embedded to the Python code as a Base64 string (c.f. ie.py). Once launched, the dll is written to the disk, a wrapper is used to call dll functions and then the dll file is removed from the disk.
It's possible to write your own script for the software of your choice.
To do that, some code standards are to be met:
- Create a class using the name of the software
- This class has to have a function called "retrieve_password" (it will be the main function)
- The output containing all passwords has to be send to the "print_output" function - ex: print_output(<software_name>, password_list)
- password_list has to be an array of dictionnaries.
- Optional: you could use the function "print_debug" to print your output
- ex: print_debug("ERROR", "Failed to load ...")
- Use an existing script to understand what I have said :)
If you want to improve this tool, you can send me your script and it will be added to this project (authors will be, of course, credited on each script ;)).
To compile the source code, some external libraries are required.
-
For Windows
-
WConio (for the Console colors)
-
Python for Windows Extensions
-
-
For Linux
- None for Ubuntu 14.04
- Other distributions
- crypto
- dbus
| Alessandro ZANNI |
|---|
| alessandro.zanni@bt.com |
| zanni.alessandro@gmail.com |