forked from AlessandroZ/LaZagne
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
executable file
·164 lines (135 loc) · 5.81 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
LaZagne 2.0 (20/12/2016)
- Only Windows:
* only one process is launched (impersonnation is done using "ImpersonateLoggedOnUser" and no more "CreateProcessAsUser")
* no more temporary files written on the disk
* uses of powerdump from empire (thanks to adaptivethreat) to avoid writing hives on the disk (avoid "reg save ...")
* better way to catch errors
* json fixes (output to be more "human readable" + error encoding)
* code cleaned
* New category added called "memory": used to retrieve password in memory
* KeeThief added (thanks to adaptivethreat) - retrieve keepass (version 2.x) password from memory
* Powershell code used from https://github.com/adaptivethreat/KeeThief/
* Browser passwords present in memory could be retrieved
* Thanks to n1nj4sec for his awesome project "memorpy"
* https://github.com/n1nj4sec/memorpy
* New category added called "php":
* New module "PHP Composer" (thanks to righettod => https://github.com/righettod)
LaZagne 1.8 (15/11/2016)
- Only Windows:
* Lots of minor bugs fixed
* Firefox
* when many profiles used (thanks to Aorimn) or when profiles.ini is corrupted
* IE: retrieving historic list or windows vault
* Writing json file
* etc...
LaZagne 1.7 (11/09/2016)
- Only Windows:
* New modules (thanks to righettod => https://github.com/righettod):
* Robomongo - MongoDB client
* Internet Explorer bug fix (for windows 7)
LaZagne 1.6 (05/09/2016)
- Only Windows:
* Internet Explorer history retrieved using powershell - no more dll written on the disk (all in memory)
* Internet Explorer passwords stored in the credential manager retrieved (for Win8 and higher)
* Wifi bug fixed
LaZagne 1.5 (01/08/2016)
- Only Windows:
* New modules (thanks to righettod => https://github.com/righettod):
* Maven java build tool
* Apache Directory Studio
* "OpenSSH" application
LaZagne 1.4 (21/07/2016)
- Only Windows:
* New module: Git for Windows (thanks to righettod => https://github.com/righettod)
LaZagne 1.3 (02/07/2016)
- Only Windows
See "User impersonnation" in README for more information
* User impersonation (high privileges needed)
* Stealing user process token (when other user processes are running on the system)
* All credentials can be retrieved (Chrome, Firefox, etc.)
* Browsing file system (ex: C:\Users\<user>\...)
* Only software's passwords which do not use Windows API to encrypt it, can be retrieved (Firefox, Jitsi, Pidgin, etc.).
* Json output has been implemented (txt output is still present with the options -oN)
* Lazagne all -oJ => Json output
* Standalone lighter (from 18 Mo to 6 Mo) => Thanks to the new version of Pyinstaller
* Fix some bugs
LaZagne 1.1 (22/10/2015)
- Only Windows
* New category: games (Thanks to David Lodge)
* Galcon Fusion
* Kalypso Media Launcher
* Rogue's Tale
* Turba
LaZagne 1.0 (04/10/2015)
- Only Windows
* Fix chrome database locked
* Fix windows secrets bug
* Fix opera bug
- For Linux
* Fix opera bug
LaZagne 0.9.1 (09/07/2015)
- Only Windows
* Fix mastepassword check error - mozilla
* Fix database error - mozilla
- For Linux
* Fix encoding error
LaZagne 0.9 (01/07/2015)
- Only Windows
* Fix Opera bug (thanks to rolandstarke)
* Fix encoding error for generic network passwords
- For Windows / Linux
* Version number available from the main menu (before: Lazagne all --version => now: Lazagne --version)
* spelling mistake corrected
LaZagne 0.8 (11/06/2015)
- Only Linux
* /etc/shadow modules (dictionary attack on hash)
- For Windows / Linux
* Management of the following options "-path" (for dictionary attack) and "-b" (for bruteforce attack) in a different way. Used as general options and not implemented by module. Using the same option, the file will be used by different modules; example: to find the mozilla masterpassword, the unix system password (from the hash), used by skype (for windows), etc.
LaZagne 0.71 (04/06/2015)
- Only Linux
* Wifi password module from WPA Supplicant implemented (by rpesche)
LaZagne 0.7 (29/05/2015)
- For Windows / Linux
* Fix mozilla bug (special characters were not printed)
LaZagne 0.6 (26/05/2015)
- For Windows / Linux
* Firefox / Thunderbird: No more dependency with nss library (many thanks to Laurent Clevy for its awesome technic: https://github.com/lclevy/firepwd)
* Fix opera bug
- Only Windows
* WinSCP false positive removed (when SSH key is used)
LaZagne 0.5 (21/05/2015)
- For Windows
* Fix chrome bug
LaZagne 0.5 (20/05/2015)
- For Windows / Linux
* 2 levels of verbosity added for debugs
* try / except more verbose depending on the verbosity levels
* dico file moved from browsers to config repository (used for dictionary attack)
* new Filezilla versions managed
- Only Windows
* check weak passwords (logins equal to password) for windows account when hashes (nthash) have been found
* function to write the output modified on windows module
* WConio replaced by colorama for the window color
* Skype: try a dictionary attack (500 famous password) when the hash has been retrieved
LaZagne 0.4 (12/05/2015)
- For Linux
* Kwallet module implemented (by quentin hardy)
LaZagne 0.4 (05/05/2015)
- For Windows
* Fix ie bugs
* Fix thunderbird bug
LaZagne 0.3 (30/04/2015)
- For Windows
* Flexibility on the code: much more easy to add modules
* Passwords found previously are used to test firefox masterpassword if set
- For Linux
* Flexibility on the code: much more easy to add modules
* Passwords found previously are used to test firefox masterpassword if set
* 2 different standalones (32 bits / 64 bits)
LaZagne 0.2 (27/04/2015)
- For Windows
* New modules: Windows hashes + LSA Secrets
* Passwords found previously are used to test windows hashes and firefox masterpassword
* 500 most famous passwords are used to retrieve the windows password (once we get the hashes)
* Wifi bug fixed: only one password was printed
* I.E bug fixed