@AlessandroZ AlessandroZ released this Mar 22, 2018 · 371 commits to master since this release

Assets 3
  • Windows
    • Big code review
    • Lots of minor bug fixed
    • If windows user found => domain passwords retrieved from credentials files
    • If windows user not found => DPAPI hash printed to bruteforce with john or hashcat (no admin privilege required)
    • New modules added postgresql and psi-im (thanks to @m41nt41n3r)
    • XP managed
    • Adding support for newest firefox version. Awesome work from lclevy: https://github.com/lclevy/firepwd
    • Adding Wdigest passwords (using mimikatz signature)
    • Note: right now, LaZagne x86 cannot read memory from a x64 process (so some modules cannot work using this build such as wdigest passwords)
      • That's why, two lazagne binaries have been built (x86 and x64).
  • Linux

@AlessandroZ AlessandroZ released this Oct 5, 2017 · 371 commits to master since this release

Assets 3
  • Only Windows
    • Bug "UnicodeDecodeError" resolved (#134)
      • Support many alphabets (for chinese, russian, ... passwords)
        • Well managed when password are written to files (Lazagne.exe all -oA), not always correct when printed on the console (depend on the system encoding)
    • New module added
      • CocCoc browser supported (#141)
    • Quiet mode added to not print anything on the console (#140) => lazagne.exe all -quiet
    • Retrieve passwords from another drive (#142) => lazagne all -drive D
    • lsa secrets are well written on files (when -oA, -oJ or -oN options are used)

@AlessandroZ AlessandroZ released this May 17, 2017 · 371 commits to master since this release

Assets 3

Fix bug created on the previous release (cf #118)

@AlessandroZ AlessandroZ released this Apr 28, 2017 · 371 commits to master since this release

Assets 3

LaZagne 2.1 (28/04/2017)

  • Only Windows

    • removing many dependencies (win32api, win32crypt, win32xxx, colorama, etc.) using ctypes
    • adding little modules
      • retrieve passwords when autologon is enabled
      • retrieve passwords stored in unattended files
    • using creddump to retrieve system hashes + LSA secrets
    • little bugs fixed + some code review
  • Linux

@AlessandroZ AlessandroZ released this Dec 20, 2016 · 371 commits to master since this release

Assets 3
  • only one process is launched (impersonnation is done using "ImpersonateLoggedOnUser" and no more "CreateProcessAsUser")
    • no more temporary file written on the disk
      • uses of powerdump from empire (thanks to adaptivethreat) to avoid writing hives on the disk (avoid "reg save ...")
  • better way to catch errors
  • json fixes (output to be more "human readable" + error encoding)
  • cleaning code
  • New category added called "memory": used to retrieve password on memory
  • New category added called "php":