Skip to content

Commit

Permalink
Wifi - System privileges not require anymore
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlessandroZ
AlessandroZ committed Feb 20, 2015
1 parent 2990642 commit 71ae178
Show file tree
Hide file tree
Showing 5 changed files with 199 additions and 83 deletions.
50 changes: 25 additions & 25 deletions Windows/src/LaZagne/config/constant.py
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@

class constant():
folder_name = 'results'
MAX_HELP_POSITION = 27
CURRENT_VERSION = 0.1
output = None
file_logger = None

# jitsi options
jitsi_masterpass = None

# mozilla options
isInteractive = False
manually = None
path = None
bruteforce = None
defaultpass = None
specific_path = None
mozilla_software = ''

# ie options
ie_historic = None

# total password found
nbPasswordFound = 0

class constant():
folder_name = 'results'
MAX_HELP_POSITION = 27
CURRENT_VERSION = 0.2
output = None
file_logger = None

# jitsi options
jitsi_masterpass = None

# mozilla options
isInteractive = False
manually = None
path = None
bruteforce = None
defaultpass = None
specific_path = None
mozilla_software = ''

# ie options
ie_historic = None

# total password found
nbPasswordFound = 0
120 changes: 119 additions & 1 deletion Windows/src/LaZagne/config/write_output.py
View file
Original file line number Diff line number Diff line change
@@ -1 +1,119 @@
from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingimport WConiofrom config.header import Header# --------------------------- Functions used to write ---------------------------def write_header(): time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) header = '''|====================================================================|\r\n| |\r\n| Credentsials discovery |\r\n| |\r\n| ! BANG BANG ! |\r\n| |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n''' open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(header)def write_footer(): footer = '\n[+] %s passwords have been found.\nFor more information launch it again with the -v option\n\n' % str(constant.nbPasswordFound) open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(footer) def write_credentials(pwdFound, category): tmp = "############ %s passwords ############\r\n\r\n" % category for pwd in pwdFound: for p in pwd.keys(): tmp = str(tmp) + str(p) + ": " + str(pwd[p]) + "\r\n" tmp = str(tmp) + "\r\n" open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(tmp) def checks_write(values, category): if values: if constant.output == 'txt': try: write_credentials(values, category) logging.info('[+] Credentials stored successfully on the file: %s\\credentials.txt\n' % constant.folder_name) except: logging.info('Couldn\'t write the results file\n')# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer(): footer = '\n[+] %s passwords have been found.\nFor more information launch it again with the -v option\n' % str(constant.nbPasswordFound) logging.info(footer)# print output if passwords have been founddef print_output(software_name, pwdFound): if pwdFound: # if the debug logging level is not apply => print the title if logging.getLogger().isEnabledFor(logging.DEBUG) == False: Header().title_info(software_name) toWrite = [] for pwd in pwdFound: lower_list = [s.lower() for s in pwd.keys()] password = [s for s in lower_list if "password" in s] key = [s for s in lower_list if "key" in s] # for the wifi # No password found if not password and not key: print_debug("FAILED", "Password not found !!!") else: print_debug("OK", "Password found !!!") toWrite.append(pwd) constant.nbPasswordFound += 1 for p in pwd.keys(): logging.info("%s: %s" % (p, pwd[p])) print # write credentials into a text file checks_write(toWrite, software_name) else: logging.debug("[!] No passwords found\n")def print_error(message): WConio.textcolor(WConio.LIGHTRED) logging.debug('[!] %s\n' % message) WConio.textcolor(WConio.LIGHTGREY)# def print_debug(message): # logging.debug('[!] %s\n' % message) def print_debug(error_level, message): if error_level == 'ERROR': WConio.textcolor(WConio.LIGHTRED) logging.debug('[ERROR] %s\n' % message) WConio.textcolor(WConio.LIGHTGREY) elif error_level == 'INFO': logging.debug('[INFO] %s\n' % message) # print when password is not found elif error_level == 'FAILED': WConio.textcolor(WConio.LIGHTRED) logging.info(message) WConio.textcolor(WConio.LIGHTGREY) # print when password is found elif error_level == 'OK': WConio.textcolor(WConio.GREEN) logging.info(message) WConio.textcolor(WConio.LIGHTGREY) elif error_level == 'DEBUG': logging.debug('%s\n' % message) else: logging.debug('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------
from constant import constant
from time import gmtime, strftime
import os, getpass, socket
import logging
import WConio
from config.header import Header

# --------------------------- Functions used to write ---------------------------

def write_header():
time = strftime("%Y-%m-%d %H:%M:%S", gmtime())
header = '''|====================================================================|\r\n
| |\r\n
| Credentsials discovery |\r\n
| |\r\n
| ! BANG BANG ! |\r\n
| |\r\n
|====================================================================|\r\n\r\n
- Date: ''' + time + '''\n\r
- Username: ''' + getpass.getuser() + ''' \r\n
- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n
------------------------------ Results ------------------------------\r\n\r\n'''

open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(header)

def write_footer():
footer = '\n[+] %s passwords have been found.\r\nFor more information launch it again with the -v option\r\n\r\n' % str(constant.nbPasswordFound)
open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(footer)

def write_credentials(pwdFound, category):
tmp = "############ %s passwords ############\r\n\r\n" % category
for pwd in pwdFound:
for p in pwd.keys():
tmp = str(tmp) + str(p) + ": " + str(pwd[p]) + "\r\n"
tmp = str(tmp) + "\r\n"
open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(tmp)

def checks_write(values, category):
if values:
if constant.output == 'txt':
try:
write_credentials(values, category)
logging.info('[+] Credentials stored successfully on the file: %s\\credentials.txt\n' % constant.folder_name)
except:
logging.info('Couldn\'t write the results file\n')

# --------------------------- End of functions used to write ---------------------------

# --------------------------- Output functions ---------------------------
def print_footer():
footer = '\n[+] %s passwords have been found.\nFor more information launch it again with the -v option\n' % str(constant.nbPasswordFound)
logging.info(footer)

# print output if passwords have been found
def print_output(software_name, pwdFound):
if pwdFound:
# if the debug logging level is not apply => print the title
if logging.getLogger().isEnabledFor(logging.DEBUG) == False:
Header().title_info(software_name)

toWrite = []
for pwd in pwdFound:
lower_list = [s.lower() for s in pwd.keys()]
password = [s for s in lower_list if "password" in s]
key = [s for s in lower_list if "key" in s] # for the wifi

# No password found
if not password and not key:
print_debug("FAILED", "Password not found !!!")
else:
print_debug("OK", "Password found !!!")
toWrite.append(pwd)
constant.nbPasswordFound += 1

for p in pwd.keys():
logging.info("%s: %s" % (p, pwd[p]))
print

# write credentials into a text file
checks_write(toWrite, software_name)
else:
logging.debug("[!] No passwords found\n")

def print_error(message):
WConio.textcolor(WConio.LIGHTRED)
logging.debug('[!] %s\n' % message)
WConio.textcolor(WConio.LIGHTGREY)

# def print_debug(message):
# logging.debug('[!] %s\n' % message)

def print_debug(error_level, message):
if error_level == 'ERROR':
WConio.textcolor(WConio.LIGHTRED)
logging.debug('[ERROR] %s\n' % message)
WConio.textcolor(WConio.LIGHTGREY)

elif error_level == 'INFO':
logging.debug('[INFO] %s\n' % message)

# print when password is not found
elif error_level == 'FAILED':
WConio.textcolor(WConio.LIGHTRED)
logging.info(message)
WConio.textcolor(WConio.LIGHTGREY)

# print when password is found
elif error_level == 'OK':
WConio.textcolor(WConio.GREEN)
logging.info(message)
WConio.textcolor(WConio.LIGHTGREY)

elif error_level == 'DEBUG':
logging.debug('%s\n' % message)

else:
logging.debug('[%s] %s' % (error_level, message))

# --------------------------- End of output functions ---------------------------
10 changes: 8 additions & 2 deletions Windows/src/LaZagne/laZagne.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
from softwares.chats.jitsi import Jitsi
# wifi
from softwares.wifi.wifi import Wifi
from softwares.wifi.wifipass import WifiPass
# mails
from softwares.mails.outlook import Outlook
# databases
Expand All @@ -58,6 +59,7 @@
# Wifi
modules['wifi'] = {}
modules['wifi']['wifi'] = Wifi()
modules['wifi']['wifipass'] = WifiPass()
# SVN
modules['svn'] = {}
modules['svn']['tortoise'] = Tortoise()
Expand Down Expand Up @@ -116,11 +118,14 @@ def verbosity():

def launch_module(b):
ok = False
# launch only a specific module
for i in args.keys():
if args[i]:
if i in b.keys():
b[i].retrieve_password()
ok = True

# launch all modules
if not ok:
for i in b.keys():
b[i].retrieve_password()
Expand Down Expand Up @@ -296,7 +301,9 @@ def error(self, message):
#1.6- Parent parser: wifi
PWifi = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=constant.MAX_HELP_POSITION))
PWifi._optionals.title = 'Wifi'
PWifi.add_argument('-wi', action='store_true', dest='wifi', help='Vista and higher - Need System Privileges')
PWifi.add_argument('-wi', action='store_true', dest='wifi', help='Vista and higher - Need Admin Privileges (UAC Bypassed)')
# Manage wifi (when executed with a system account)
PWifi.add_argument('--HiddenWifiArgs', action='store_true', dest='wifipass', help=argparse.SUPPRESS)

#1.6- Parent parser: windows
PWindows = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=constant.MAX_HELP_POSITION))
Expand Down Expand Up @@ -359,4 +366,3 @@ def error(self, message):

elapsed_time = time.time() - start_time
print 'elapsed time = ' + str(elapsed_time)

102 changes: 47 additions & 55 deletions Windows/src/LaZagne/softwares/wifi/wifi.py
View file
Original file line number Diff line number Diff line change
@@ -1,66 +1,58 @@
import xml.etree.cElementTree as ET
import os, win32crypt
import binascii
from config.write_output import print_output, print_debug
from config.constant import *
from config.header import Header
from config.get_system_priv import get_system_priv
from ctypes import *
import time, tempfile
from ConfigParser import RawConfigParser
import os

class Wifi():

def retrieve_password(self):

# print title
Header().title_debug('Wifi')

if 'ALLUSERSPROFILE' in os.environ:
directory = os.environ['ALLUSERSPROFILE'] + os.sep + 'Microsoft\Wlansvc\Profiles\Interfaces'
else:
print_debug('ERROR', 'Environment variable (ALLUSERSPROFILE) has not been found.')
if not windll.Shell32.IsUserAnAdmin():
print_debug('ERROR', '[!] This script should be run as admin!')
return

# for windows Vista or higher
if os.path.exists(directory):
rep = []
pwdFound = []
for repository in os.listdir(directory):
if os.path.isdir(directory + os.sep + repository):

rep = directory + os.sep + repository
for file in os.listdir(rep):
values = {}
if os.path.isfile(rep + os.sep + file):
f = rep + os.sep + file
tree = ET.ElementTree(file=f)
root = tree.getroot()
xmlns = root.tag.split("}")[0] + '}'

iterate = False
for elem in tree.iter():
if elem.tag.endswith('SSID'):
for w in elem:
if w.tag == xmlns + 'name':
values['SSID'] = w.text

if elem.tag.endswith('authentication'):
values['Authentication'] = elem.text

if elem.tag.endswith('protected'):
values['Protected'] = elem.text

if elem.tag.endswith('keyMaterial'):
key = elem.text
try:
binary_string = binascii.unhexlify(key)
password = win32crypt.CryptUnprotectData(binary_string, None, None, None, 0)[1]
values['Password'] = password
except:
values['INFO'] = '[!] Password not found. Try with System privileges'

# store credentials
if len(values) != 0:
pwdFound.append(values)

# print the results
print_output("Wifi", pwdFound)
else:
print_debug('INFO', 'No credentials found.\nFile containing passwords not found:\n%s' % directory)


if 'ALLUSERSPROFILE' in os.environ:
directory = os.environ['ALLUSERSPROFILE'] + os.sep + 'Microsoft\Wlansvc\Profiles\Interfaces'
else:
print_debug('ERROR', 'Environment variable (ALLUSERSPROFILE) has not been found.')
return

if not os.path.exists(directory):
print_debug('INFO', 'No credentials found.\nFile containing passwords not found:\n%s' % directory)
return

try:
print_debug('INFO', '[!] Trying to elevate our privilege')
get_system_priv()
print_debug('INFO', '[!] Elevation ok - Passwords decryption is in progress')
except:
print_debug('ERROR', '[!] An error occurs during the privilege elevation process. Wifi passwords have not been decrypted')

time.sleep(5)

# read temp file containing all passwords found
pwdFound = []
filepath = tempfile.gettempdir() + os.sep + 'TEMP123A.txt'
if os.path.exists(filepath):
cp = RawConfigParser()
cp.read(filepath)
for section in cp.sections():
values = {}
for c in cp.items(section):
values[str(c[0])] = str(c[1])
pwdFound.append(values)

# remove file on the temporary directory
os.remove(filepath)

# print the results
print_output("Wifi", pwdFound)
else:
print_debug('INFO', 'No passwords found')
Binary file modified Windows/standalone/laZagne.exe
View file
Binary file not shown.

0 comments on commit 71ae178

Please sign in to comment.