Storing credentials securely is not an easy thing these days. Bad guys always find a way to get into these. The maximum probability of getting useful credentials comes from browsers. That’s why if bad guys get into a system, first they target the browsers.
The common mistake of ours, we don’t protect our stored passwords on the system. We can use 2-factor authentication for online credentials so that the bad guys can’t use the credentials without our help. Storing passwords on browsers is not a bad habit. It’s human nature. We can’t remember important things always. But we must protect them.
The other stored passwords depend on how you manipulate them. The first step is securing your system. Always update your system and browsers. Do care and review the auto executable scripts, malicious codes present in your systems. The 2nd step is, never download software from unknown sources.
Here in this tutorial, we’re going to demonstrate how a bad guy can extract the saved passwords from an exploited system. The tool we are using here is a python script called lazagne. The credit goes to Alessandro, the creator of the tool. Lazagne can be useful for both hackers and pen-testers. The tool is available for all popular platforms i.e Windows, Linux, Mac.
Lazagne doesn’t have the ability to crack hashes perfectly but you can use hash cracker tools. Let’s go ahead and see how we can use lazagne on both Windows and Linux systems.
Get lazagne on a Linux Machine:
Here you will see the laZagne.py python script we can use to run the tool. Before running the tool, we must install the required packages for the tool. if we don’t do that, we might get errors. To install the requirements, run the requirement.txt script by the command-
pip install -r requirement.txt
This command will install all the required packages automatically to run the tool. Now we can run the tool. To run the tool use the command-
And this command will open up the help section. Using this tool you can recover the passwords of Chats, E-mail, WiFi, Memory, Database, etc. Any passwords stored in your system can be recovered.
Now, let’s see how to take it into use. If you want to extract the browser passwords, type the command- ./laZagne.py browsers
Or, if you want to extract the WiFi passwords, type the command- ./laZagne.py wifi and you will get the passwords, SSIDs of the saved WiFi in your system. To extract the passwords saved in your memory, simply type ./laZagne.py memory and hit enter. You will get all the saved passwords of the memory.
You can also save the details. To do that put ‘-oN’ after the command line you used to extract a category of passwords. For example-
./laZagne.py memory -oN
A normal text file will be created in the extracted laZagne folder. Inside the Linux folder, you will get the text file with the name credentials.txt.
For Mac OS you have to run the same python script we used in Linux. For more details on how to use it on Mac, check the Github page of the tool.
Get lazagne on a Windows Machine:
(N.B.The screenshot added above showing 0 passwords found. Because this OS is not containing any saved passwords. The OS was freshly installed on a Virtual machine just for the demonstration. Don’t worry, lazagne will work for you.)
If you want to store the collected credentials silently and don’t want to show the output, you can take the ‘quiet’ option in use. Just type it after the command lines you used and the file format you want to save. For example-
lazagne.exe browsers -quiet -oN
All passwords will be saved in a text file. You will get the file inside the extracted lazagne folder.
If one of those passwords comes encrypted, you can decrypt them. To do that create a password list and put it to lazagne by the command-
laZagne.exe browsers -path wordlist.txt
Lazagne will match the password list with the encrypted hashes and if it matches, the decrypted password will be shown. But this process is very slow and also doesn’t work perfectly. It is recommended to use other hash crackers.