cf changelog v0.9.1

Former-commit-id: 94a1e26 [formerly 94a1e26 [formerly 94a1e26 [formerly bc3adb7]]]
Former-commit-id: 2786d4c47542934c13c863748ffce7dfedf52d2c
Former-commit-id: 76d674d
Former-commit-id: f67891c

CHANGELOG

@@ -1,3 +1,11 @@
+LaZagne 0.9.1 (09/07/2015)
+- Only Windows
+	* Fix mastepassword check error - mozilla
+	* Fix database error - mozilla
+
+- For Windows
+	* Fix encoding error
+
 LaZagne 0.9 (01/07/2015)
 - Only Windows
 	* Fix Opera bug (thanks to rolandstarke)

Linux/src/config/constant.py

@@ -2,7 +2,7 @@
 class constant():
 	folder_name = 'results'
 	MAX_HELP_POSITION = 27
-	CURRENT_VERSION = 0.9
+	CURRENT_VERSION = '0.9.1'
 	output = None
 	file_logger = None
 	verbose = False

Linux/src/softwares/browsers/mozilla.py

@@ -50,15 +50,16 @@ def __init__(self, profile):
 		super(JsonDatabase, self).__init__(db)
 
 	def __iter__(self):
-		with open(self.db) as fh:
-			data = json.load(fh)
-			try:
-				logins = data["logins"]
-			except:
-				raise Exception("Unrecognized format in {0}".format(self.db))
-
-			for i in logins:
-				yield (i["hostname"], i["encryptedUsername"],	i["encryptedPassword"])
+		if os.path.exists(self.db):
+			with open(self.db) as fh:
+				data = json.load(fh)
+				try:
+					logins = data["logins"]
+				except:
+					raise Exception("Unrecognized format in {0}".format(self.db))
+
+				for i in logins:
+					yield (i["hostname"], i["encryptedUsername"],	i["encryptedPassword"])
 
 class SqliteDatabase(Credentials):
 	def __init__(self, profile):
@@ -325,17 +326,20 @@ def save_db(self, userpath):
 	# ------------------------------ Master Password Functions ------------------------------
 
 	def is_masterpassword_correct(self, masterPassword=''):
-		#see http://www.drh-consultancy.demon.co.uk/key3.html
-		pwdCheck = self.key3['password-check']	
-		entrySaltLen = ord(pwdCheck[1])
-		entrySalt = pwdCheck[3: 3+entrySaltLen]
-		encryptedPasswd = pwdCheck[-16:]
-		globalSalt = self.key3['global-salt']
-		cleartextData = self.decrypt3DES( globalSalt, masterPassword, entrySalt, encryptedPasswd )
-		if cleartextData != 'password-check\x02\x02':
+		try:
+			#see http://www.drh-consultancy.demon.co.uk/key3.html
+			pwdCheck = self.key3['password-check']	
+			entrySaltLen = ord(pwdCheck[1])
+			entrySalt = pwdCheck[3: 3+entrySaltLen]
+			encryptedPasswd = pwdCheck[-16:]
+			globalSalt = self.key3['global-salt']
+			cleartextData = self.decrypt3DES( globalSalt, masterPassword, entrySalt, encryptedPasswd )
+			if cleartextData != 'password-check\x02\x02':
+				return ('', '', '')
+
+			return (globalSalt, masterPassword, entrySalt)
+		except:
 			return ('', '', '')
-
-		return (globalSalt, masterPassword, entrySalt)
 
 	# Retrieve masterpassword
 	def found_masterpassword(self):

Linux/standalone/32bits/LaZagne-32bits.REMOVED.git-id

@@ -1 +1 @@
-d4d0b8da741cf3d0b17f81558aab61207b199deb
+baf5213ed96edbfa3ccac160cda64c33a391bc1c

Linux/standalone/64bits/LaZagne-64bits.REMOVED.git-id

@@ -1 +1 @@
-2a274fdcb8f1abc7e73a6310461b4fcee0f4ac0e
+bf9a5a53cfe5440755e8c380b191cdeb958ca887

Windows/src/LaZagne/config/constant.py

@@ -2,7 +2,7 @@
 class constant():
 	folder_name = 'results'
 	MAX_HELP_POSITION = 27
-	CURRENT_VERSION = 0.9
+	CURRENT_VERSION = '0.9.1'
 	output = None 
 	file_logger = None 
 

Windows/src/LaZagne/config/write_output.py

@@ -1 +1 @@
-from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingfrom config.header import Headerfrom colorama import init, Fore, Back, Styleinit() # init the colorama function# --------------------------- Functions used to write ---------------------------def write_header():	time = strftime("%Y-%m-%d %H:%M:%S", gmtime())	header = '''|====================================================================|\r\n|                                                                    |\r\n|                       Credentsials discovery                       |\r\n|                                                                    |\r\n|                          ! BANG BANG !                             |\r\n|                                                                    |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n'''	open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(header)def write_footer():	footer = '\n[+] %s passwords have been found.\r\n\r\n' % str(constant.nbPasswordFound)	open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(footer)	def write_credentials(pwdFound, category):	tmp = "############ %s passwords ############\r\n\r\n" % category	for pwd in pwdFound:		for p in pwd.keys():			tmp = str(tmp) + str(p) + ": " + str(pwd[p]) + "\r\n"		tmp = str(tmp) + "\r\n"	open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(tmp)	def checks_write(values, category):	if values:		if constant.output == 'txt':			try:				write_credentials(values, category)				logging.info('[+] Credentials stored successfully on the file: %s\\credentials.txt\n' % constant.folder_name)			except:				logging.info('Couldn\'t write the results file\n')# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer():	footer = '\n[+] %s passwords have been found.\n' % str(constant.nbPasswordFound)	if logging.getLogger().isEnabledFor(logging.INFO) == False:		footer += 'For more information launch it again with the -v option\n'	print footer# print output if passwords have been founddef print_output(software_name, pwdFound, title1 = False):	if pwdFound:		# if the debug logging level is not apply => print the title		if logging.getLogger().isEnabledFor(logging.INFO) == False:			if not title1:				Header().title(software_name)				toWrite = []		password_category = False		for pwd in pwdFound:			# detect which kinds of password has been found			lower_list = [s.lower() for s in pwd.keys()]			password = [s for s in lower_list if "password" in s]			if password: 				password_category = password			else:				key = [s for s in lower_list if "key" in s] # for the wifi				if key: 					password_category = key				else:					hash = [s for s in lower_list if "hash" in s]					if hash:						password_category = hash						# No password found			if not password_category:				print_debug("FAILED", "Password not found !!!")			else:				print_debug("OK", '%s found !!!' % password_category[0].title())				toWrite.append(pwd)								# Store all passwords found on a table => for dictionary attack if master password set				constant.nbPasswordFound += 1				try:					constant.passwordFound.append(pwd[password_category[0]])				except:					pass						for p in pwd.keys():				print '%s: %s' % (p, pwd[p])			print				# write credentials into a text file		checks_write(toWrite, software_name)	else:		logging.info("[!] No passwords found\n")def print_debug(error_level, message):	# print when password is found	if error_level == 'OK':		print Fore.GREEN + message + Style.RESET_ALL	# print when password is not found	elif error_level == 'FAILED':		print Style.BRIGHT + Fore.RED + message + Style.RESET_ALL	# print messages depending of their criticism	elif error_level == 'CRITICAL':		logging.critical(Style.BRIGHT + Fore.RED + '[CRITICAL] %s\n' % message + Style.RESET_ALL)	elif error_level == 'ERROR':		logging.error(Style.BRIGHT + Fore.RED + '[ERROR] %s\n' % message + Style.RESET_ALL)	elif error_level == 'WARNING':		logging.warning(Fore.CYAN + '[WARNING] %s\n' % message + Style.RESET_ALL)	elif error_level == 'DEBUG':		logging.debug('[DEBUG] %s\n' % message)	elif error_level == 'INFO':		logging.info('%s\n' % message)		else:		logging.info('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------
+# -*- coding: utf-8 -*-from constant import constantfrom time import gmtime, strftimeimport os, getpass, socketimport loggingfrom config.header import Headerfrom colorama import init, Fore, Back, Styleinit() # init the colorama function# --------------------------- Functions used to write ---------------------------def write_header():	time = strftime("%Y-%m-%d %H:%M:%S", gmtime())	header = '''|====================================================================|\r\n|                                                                    |\r\n|                       Credentsials discovery                       |\r\n|                                                                    |\r\n|                          ! BANG BANG !                             |\r\n|                                                                    |\r\n|====================================================================|\r\n\r\n- Date: ''' + time + '''\n\r- Username: ''' + getpass.getuser() + ''' \r\n- Hostname: ''' + socket.gethostname() + ''' \r\n\r\n------------------------------ Results ------------------------------\r\n\r\n'''	open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(header)def write_footer():	footer = '\n[+] %s passwords have been found.\r\n\r\n' % str(constant.nbPasswordFound)	open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(footer)	def write_credentials(pwdFound, category):	tmp = "############ %s passwords ############\r\n\r\n" % category	for pwd in pwdFound:		for p in pwd.keys():			tmp = str(tmp) + str(p) + ": " + str(pwd[p].encode('utf-8')) + "\r\n"		tmp = str(tmp) + "\r\n"	open(constant.folder_name + os.sep + 'credentials.txt',"a+b").write(tmp)	def checks_write(values, category):	if values:		if constant.output == 'txt':			try:				write_credentials(values, category)				logging.info('[+] Credentials stored successfully on the file: %s\\credentials.txt\n' % constant.folder_name)			except:				logging.info('Couldn\'t write the results file\n')# --------------------------- End of functions used to write ---------------------------# --------------------------- Output functions ---------------------------def print_footer():	footer = '\n[+] %s passwords have been found.\n' % str(constant.nbPasswordFound)	if logging.getLogger().isEnabledFor(logging.INFO) == False:		footer += 'For more information launch it again with the -v option\n'	print footer# print output if passwords have been founddef print_output(software_name, pwdFound, title1 = False):	if pwdFound:		# if the debug logging level is not apply => print the title		if logging.getLogger().isEnabledFor(logging.INFO) == False:			if not title1:				Header().title(software_name)				toWrite = []		password_category = False		for pwd in pwdFound:			# detect which kinds of password has been found			lower_list = [s.lower() for s in pwd.keys()]			password = [s for s in lower_list if "password" in s]			if password: 				password_category = password			else:				key = [s for s in lower_list if "key" in s] # for the wifi				if key: 					password_category = key				else:					hash = [s for s in lower_list if "hash" in s]					if hash:						password_category = hash						# No password found			if not password_category:				print_debug("FAILED", "Password not found !!!")			else:				print_debug("OK", '%s found !!!' % password_category[0].title())				toWrite.append(pwd)								# Store all passwords found on a table => for dictionary attack if master password set				constant.nbPasswordFound += 1				try:					constant.passwordFound.append(pwd[password_category[0]])				except:					pass						for p in pwd.keys():				try:					print '%s: %s' % (p, pwd[p])				except Exception,e:					print_debug('DEBUG', '{0}'.format(e))					print '%s: %s' % (p.encode('utf-8'), pwd[p].encode('utf-8'))			print				# write credentials into a text file		checks_write(toWrite, software_name)	else:		logging.info("[!] No passwords found\n")def print_debug(error_level, message):	# print when password is found	if error_level == 'OK':		print Fore.GREEN + message + Style.RESET_ALL	# print when password is not found	elif error_level == 'FAILED':		print Style.BRIGHT + Fore.RED + message + Style.RESET_ALL	# print messages depending of their criticism	elif error_level == 'CRITICAL':		logging.critical(Style.BRIGHT + Fore.RED + '[CRITICAL] %s\n' % message + Style.RESET_ALL)	elif error_level == 'ERROR':		logging.error(Style.BRIGHT + Fore.RED + '[ERROR] %s\n' % message + Style.RESET_ALL)	elif error_level == 'WARNING':		logging.warning(Fore.CYAN + '[WARNING] %s\n' % message + Style.RESET_ALL)	elif error_level == 'DEBUG':		logging.debug('[DEBUG] %s\n' % message)	elif error_level == 'INFO':		logging.info('%s\n' % message)		else:		logging.info('[%s] %s' % (error_level, message))# --------------------------- End of output functions ---------------------------

Windows/src/LaZagne/softwares/windows/network.py

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 import struct, platform, win32cred
 from ctypes import *
 from ctypes.wintypes import DWORD
@@ -92,13 +91,13 @@ def run(self):
 							values['Username'] = i['UserName']
 
 						try:
-							values['Password'] = pwd.decode('utf16').encode('utf-8')
+							values['Password'] = pwd.decode('utf16')
 						except Exception,e:
 							print_debug('DEBUG', '{0}'.format(e)) 
 							values['INFO'] = 'Error decoding the password'
 
 						pwdFound.append(values)
-					
+
 			# print the results
 			print_output("Generic Network", pwdFound)
 

Windows/standalone/laZagne.exe.REMOVED.git-id

@@ -1 +1 @@
-453b848f98b0d8f8baf4eea0f84c4389ab24e6a8
+3133488b3c5b7c22058cd84ea74a2ac77aed51f5