Friday, December 7, 2018

LaZagne- Retrieve All Saved Passwords from Browsers, WiFi, Memory

Storing credentials securely is not an easy thing these days. Bad guys always find a way to get into these. The maximum probability of getting useful credentials comes from the browsers. That's why if bad guys get into a system, first they target the browsers.

The common mistake of ours, we don't protect our stored passwords on the system. We can use 2-factor authentication for online credentials so that the bad guys can't use the credentials without our help. Storing passwords on browsers is not a bad habit. It's human nature. We can't remember important things always. But we must protect them.

The other stored passwords depend on how you manipulate them. The first step is securing your system. Always update your system and browsers. Do care and review the auto executable scripts, malicious codes present in your systems. The 2nd step is, never download softwares from unknown sources.

Here in this tutorial, we're going to demonstrate how a bad guy can extract the saved passwords from an exploited system. The tool we are using here is a python script called lazagne. The credit goes to Alessandro, the creator of the tool. Lazagne can be useful for both hackers and pen-testers. The tool is available for all popular platforms i.e Windows, Linux, Mac.

Lazagne doesn't have the ability to crack hashes perfectly but you can use hash cracker tools. Let's go ahead and see how we can use lazagne on both Windows and Linux systems.

Get lazagne on a Linux Machine:

Fire up your Linux machine and open the terminal and clone lazagne from GitHub by running the command-


Or you can download the zip file from here and extract it on the desktop. Now go to the directory of the folder by the commands-

cd Desktop/
cd LaZagne
ls
cd Linux


LaZagne- Retrieve All Saved Passwords from Browsers, WiFi, Memory

Here you will see the laZagne.py python script we can use to run the tool. Before running the tool, we must install the required packages for the tool. if we don't do that, we might get errors. To install the requirements, run the requirement.txt script by the command-

pip install -r requirement.txt

This command will install all the required packages automatically to run the tool. Now we can run the tool. To run the tool use the command-

./laZagne.py


LaZagne- Retrieve All Saved Passwords from Browsers, WiFi, Memory

And this command will open up the help section. Using this tool you can recover the passwords of Chats, E-mail, WiFi, Memory, Database etc. Any passwords stored in your system can be recovered.

Now, let's see how to take it in use. If you want to extract the browser passwords, type the command-  ./laZagne.py browsers


LaZagne- Retrieve All Saved Passwords from Browsers, WiFi, Memory

Or, if you want to extract the WiFi passwords, type the command- ./laZagne.py wifi and you will get the passwords, SSIDs of the saved WiFi in your system. To extract the passwords saved in your memory, simply type ./laZagne.py memory and hit enter. You will get all the saved passwords of the memory.

You can also save the details. To do that put '-oN' after the command line you used to extract a category of passwords. For example-

./laZagne.py memory -oN


LaZagne- Retrieve All Saved Passwords from Browsers, WiFi, Memory

A normal text file will be created in the extracted laZagne folder. Inside the Linux folder, you will get the text file with the name credentials.txt.

For Mac OS you have to run the same python script we used in Linux. For more details on how to use it on Mac, check the Github page of the tool.

Get lazagne on a Windows Machine:

Download lazagne from here and extract it. Now we can take it in use. Open up the command prompt inside the folder where you have downloaded laZagne by typing 'cmd' on the address bar and type the command- laZagne.exe -h

LaZagne- Retrieve All Saved Passwords from Browsers, WiFi, Memory

This command will open up the help to know how can you use it. The tool provides extra options for windows. In the screenshot added above, you can see there, we can recover many types of passwords. We can use it in the same way we used in Linux.

To extract the passwords stored in browsers, type 'laZagne.exe browsers' and hit enter. Or if you want to extract all passwords at once use the command- laZagne.exe all


LaZagne- Retrieve All Saved Passwords from Browsers, WiFi, Memory

(N.B.The screenshot added above showing 0 passwords found. Because this OS is not containing any saved passwords. The OS was freshly installed on a Virtual machine just for the demonstration. Don't worry, lazagne will work for you.)

If you want to store the collected credentials silently and don't want to show the output, you can take the 'quiet' option in use. Just type it after the command lines you used and the file format you want to save. For example-

lazagne.exe browsers  -quiet -oN


LaZagne- Retrieve All Saved Passwords from Browsers, WiFi, Memory

All passwords will be saved in a text file. You will get the file inside the extracted lazagne folder.

If one of those passwords comes encrypted, you can decrypt them. To do that create a password list and put it to lazagne by the command-

laZagne.exe browsers -path wordlist.txt

Lazagne will match the password list with the encrypted hashes and if it matches, the decrypted password will be shown. But this process is very slow and also doesn't work perfectly. It is recommended to use other hash crackers.


conclusion:

These tools can be used for hacking. If someone exploits your system, they can use these types of tools to extract credentials. These steps can be easily run after exploiting a system. Preprogrammed softwares like USB rubber duckies can be taken in use to hack saved passwords from a system.

If you liked the tutorial don't forget to let us know. Also, if you are getting any error or problem regarding installation or use of the tool, feel free to let us know in the comment box. Stay safe and don't get caught.

Disclaimer:

We do not promote any illegal activity on our site. These tutorials are only for educational purpose. Do practice on your own property. If you think to apply it on others property, take written permission from the owner. Use it to retrieve passwords you forgot.


We are not responsible for any kind of damage caused by you. Stay safe.

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon

Submit Your Email Address to get Our Latest EASY TO READ Articles directly in Your Inbox