lazagne.py and compiled don't recoverd WIFI

[Papotito123]

I installed Python x86.

I am using the latest laZagne.py from https://github.com/AlessandroZ/LaZagne.

Running this laZagne.py in Python27 x64 recovers well the WIFI password,also Chrome,hash are goods,recover Firefox.

But running this same laZagne.py in Python27 x86 and when running the compiled x86 with -vvv ,it throws this error(first time I see this error);

------------------- Wifi passwords -----------------

[!] Trying using netsh method [-] Traceback (most recent call last): File "lazagne\softwares\wifi\wifi.py", line 84, in run File "lazagne\softwares\wifi\wifi.py", line 40, in decrypt_using_netsh File "lazagne\softwares\wifi\wifi.py", line 40, in UnicodeDecodeError: 'ascii' codec can't decode byte 0xd1 in position 0: ordinal not in range(128)

[-] Password not found !!! INFO: [!] Password not found. Authentication: WPA2PSK Protected: true SSID: CLAROXXXXXX

------------------- Memory_dump passwords -----------------

Then,WIFI password is not recovered. Not in lazagne.py and not in the compiled .exe.

Do I need something more in the python x86 installation ? I read that maybe is some function of decode in the python script that can't some UTF8 to ASCII.

Thanks in advanced.

[Papotito123]

Hello I uninstall and clean registries for any Python x64 and Python x86 installations. Then I install Python 2.7 x86 with packages.

I downloaded and run latest laZagne code.

And still WIFI not recovered.

C:\Python27>"C:\laza\Windows\laZagne.py" -version Version 2.4.3 C:\Python27>"C:\laza\Windows\laZagne.py" wifi -vvv

====================================================================
The LaZagne Project
! BANG BANG !
====================================================================

[!] Python 2.7.16 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel

########## User: SYSTEM ##########

[!] Temp security removed: c:\users\testac~1\appdata\local\temp\wzvbtfmc [!] Temp system removed: c:\users\testac~1\appdata\local\temp\majvgcwyk [!] Temp sam removed: c:\users\testac~1\appdata\local\temp\yqktwaqg

########## User: TESTACCOUNT ##########

------------------- Wifi passwords -----------------

[!] Trying using netsh method [-] Traceback (most recent call last): File "C:\laza\Windows\lazagne\softwares\wifi\wifi.py", line 84, in run password = self.decrypt_using_netsh(ssid=values['SSID']) File "C:\laza\Windows\lazagne\softwares\wifi\wifi.py", line 40, in decrypt_using_netsh if any(i in st.lower() for i in language_keys): File "C:\laza\Windows\lazagne\softwares\wifi\wifi.py", line 40, in if any(i in st.lower() for i in language_keys): UnicodeDecodeError: 'ascii' codec can't decode byte 0xd1 in position 0: ordinal not in range(128)

[-] Password not found !!! INFO: [!] Password not found. Authentication: WPA2PSK Protected: true SSID: CLAROxxxxx

########## User: Administrator ##########

------------------- Wifi passwords -----------------

[!] No passwords found

########## User: djEl ##########

------------------- Wifi passwords -----------------

[!] No passwords found

########## User: PROBANDO ##########

------------------- Wifi passwords -----------------

[!] No passwords found

[+] 0 passwords have been found.

elapsed time = 1.375

Any advice much be appreciated.

[Papotito123]

Hello: I have been looking thru wifi.py codes and noticed something that may be due if you are using python 3 and others times using python 2. As I read .decode works well in python 3 but is not in implicit way in python 2.

In 2.4 you have this; def decrypt_using_netsh(self, ssid): """ Does not need admin priv but would work only with english and french systems """ language_keys = [ 'key content', 'contenu de la cl', 'содержимое ключа' ] self.debug(u'Trying using netsh method') process = Popen(['netsh.exe', 'wlan', 'show', 'profile', '{SSID}'.format(SSID=ssid), 'key=clear'], stdin=PIPE, stdout=PIPE, stderr=PIPE) stdout, stderr = process.communicate() for st in stdout.split('\n'): if any(i in st.lower() for i in language_keys): password = st.split(':')[1].strip() return password

And works well in python x64.

From 2.4.2 and later, you changed to this: self.debug(u'Trying using netsh method') process = Popen(['netsh.exe', 'wlan', 'show', 'profile', '{SSID}'.format(SSID=ssid), 'key=clear'], stdin=PIPE, stdout=PIPE, stderr=PIPE) stdout, stderr = process.communicate() for st in stdout.decode().split('\n'): if any(i in st.lower() for i in language_keys): password = st.split(':')[1].strip() return password

When running lazagne in python x86,as you suggest,is causing this:

[!] Trying using netsh method [-] Traceback (most recent call last): File "C:\laza\Windows\lazagne\softwares\wifi\wifi.py", line 84, in run password = self.decrypt_using_netsh(ssid=values['SSID']) File "C:\laza\Windows\lazagne\softwares\wifi\wifi.py", line 40, in decrypt_using_netsh if any(i in st.lower() for i in language_keys): File "C:\laza\Windows\lazagne\softwares\wifi\wifi.py", line 40, in if any(i in st.lower() for i in language_keys): UnicodeDecodeError: 'ascii' codec can't decode byte 0xd1 in position 0: ordinal not in range(128)

So for your information, the way I resolve this is changing this; for st in stdout.decode().split('\n'): ===> new one ,for this: for st in stdout.split('\n'): ===> old good one

Now WIFI password is recovered and display:

C:\Python27>"C:\laza\Windows\laZagne.py" -version Version 2.4.3

C:\Python27>"C:\laza\Windows\laZagne.py" wifi -vvv

====================================================================
The LaZagne Project
! BANG BANG !
====================================================================

[!] Python 2.7.16 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel

########## User: SYSTEM ##########

[!] Temp security removed: c:\users\testac~1\appdata\local\temp\wyoyildp [!] Temp system removed: c:\users\testac~1\appdata\local\temp\slhrftpwxhqt [!] Temp sam removed: c:\users\testac~1\appdata\local\temp\bucgrdm

########## User: TESTACCOUNT ##########

------------------- Wifi passwords -----------------

[!] Trying using netsh method [+] Password found !!! Authentication: WPA2PSK Protected: true SSID: CLAROxxxxxxxxxx Password: XXXXXXXXXXXX

Thanks.

[Papotito123]

Hello: I have to reopen due to recent facts When using python x86 to run lazagne.py and when running the compiled exe,wifi only recovers the same password in my 2 OS's that is my actual wifi(modem) connection.But doesn't recover all saved wifi passwords.Via teamviewer,I run the compiled exe in a relative's laptop and didn't recover any wifi password. I'm sure about the saved wifi passwords because in my computer and in my relatives laptop I used other tool and recover all wifi.In my relatives laptop recovered 18 saved wifi.

Is like failing recover wifi using netsh command but recover the actual cached wifi password.

Any advice.

[Papotito123]

Hello: I had to use my other OS that is Win 10 10240 x64 and installed Python 3.7/Visual C++ 2015. I had a hard time but at end seems to works. I can compiled to exe but using lazagne ByeHack version. It can recovered WIFI/Chrome well.Also I run the compiled in my Win 10 1809 x64 and recovered WIFI/Chrome good.

This is not related to WIFI: I have UseLogonCredential enabled so password can be grab from wdigest and I can recover my user password with mimikatz. So should I expected to have same with lazagne in Windows 10?

Errors/issues: ------------------- Pypykatz passwords -----------------

Buildnumber: 17763 Using template for Windows 10 x64 [!] No passwords found

------------------- Mscache passwords -----------------

[!] No passwords found

------------------- Hashdump passwords -----------------

[!] Traceback (most recent call last): File "lazagne\config\run.py", line 45, in run_module File "lazagne\softwares\windows\hashdump.py", line 12, in run File "lazagne\softwares\windows\creddump7\win32\hashdump.py", line 298, in dump_file_hashes File "lazagne\softwares\windows\creddump7\win32\hashdump.py", line 281, in dump_hashes File "lazagne\softwares\windows\creddump7\win32\hashdump.py", line 162, in get_hbootkey TypeError: ord() expected string of length 1, but int found

------------------- Lsa_secrets passwords -----------------

Thanks.

[byehack]

So for your information, the way I resolve this is changing this; for st in stdout.decode().split('\n'): ===> new one ,for this: for st in stdout.split('\n'): ===> old good one

the Py2 is retire in few days more. and we have not any supporter python2 in 2020 and later. it just be better use python3.

[byehack]

This is not related to WIFI: I have UseLogonCredential enabled so password can be grab from wdigest and I can recover my user password with mimikatz. So should I expected to have same with lazagne in Windows 10?

Hello! for python 3 just edit this line:

https://github.com/MrByehack/LaZagne/blob/541075676a2228f29d266915494dafb4a6f09626/Windows/lazagne/softwares/windows/creddump7/win32/hashdump.py#L162

from: revision = ord(F[0x00]) to: revision = ord(F[0x00:0x01])

i added this change in https://github.com/MrByehack/LaZagne/commit/6614c37dd3ba521aa886897785dc62ff5468ff87 and i think this is now working well. i will happy for your feedback!

[Papotito123]

Hello: MrByehack,I installed python 3.7 x64 in the last days. I used your lazagne.And recovered wifi and chrome which I had issue for not recovering.

I will try your hashdump.py mod later. I am worry about compiling your lazagne version because takes too high for SysMain process.

So much thanks.

[Papotito123]

Hello; MrByeHack. I just finished installing Python 3.7 x64 in Windows 10 1809 x64.And run some pip. I ran your latest lazagne with the changed hashdump.py line. There's I uploaded the raw cmd output from.

I verify with mimikatz and wdigest also get TBAL{68EDDCF5-0AEB-4C28-A770-AF5302ECA3C9} as password.So I can interpret that yes recover wdigest plaintext when enabled. Is something that I issued to Benjamin Delpy.And sometimes works good but other get back to TBAL{68EDDCF5-0AEB-4C28-A770-AF5302ECA3C9} .

I see 1 error is related to Microsoft Visual C++ 14.0 is required.I'm installing it. In my other Win 10 10240,even after installing Microsoft Visual C++ 14.0,the same error still appears. But still can compile your lazagne and run it. But with the side effect of takes too high for SysMain process and computer gets really slow.

Any advice much be appreciated. I'm not in domain environment.Just a regular physical computer with Window 10 1809 x64.

I'll keep in touch. Thanks. Papotito123_lazByeHack latest_raw cmd.txt

[Papotito123]

Hello: MrByyhack, I installed Microsoft Visual C++ 14.0 and did well without error/warning. So,I compiled your lazagne and runs well without peaking high SysMain -process ,in my Win 10 1809 x64.TBAL{68EDDCF5-0AEB-4C28-A770-AF5302ECA3C9} as password still showed. Also I ran this compile in Win 10 10240 x64 and also runs well without peaking high SysMain -process. In both instances ,WIFI and Chrome passwords were recovered well.

Any advice about the errors and little issues showing in the Papotito123_lazByeHack latest_raw cmd.txt,much be appreciated.

Thanks.

[byehack]

Any advice about the errors and little issues showing in the Papotito123_lazByeHack latest_raw cmd.txt,much be appreciated.

Thanks for your feedback dear! for Hashdump passwords Error: the creddump7 project wrote for python2. and we should convert it to python 3 and the best way is we want this from its owner or https://github.com/AlessandroZ. so we should send a new issue to the this project for Support Creddump7 for Python3. i found the python 3 version in https://github.com/DeKe42/creddump7 the main is https://github.com/Neohapsis/creddump7 but i'm not sure to add it to the laZagne project. because their value names have some differences.

for Firefox passwords Error: i updated the code at https://github.com/MrByehack/LaZagne/commit/b5261c8bd321adac7fad27f5ec4c33ba600cff12 . i hope this works well.

for Memory_dump passwords Error: this is like Creddump7 doesnt't support python3 but anymore i updated the code for this issue in https://github.com/MrByehack/LaZagne/commit/608d8d0d42c7c81a95756990b6a02aedaaf785b5

[byehack]

I installed Microsoft Visual C++ 14.0 and did well without error/warning.

you could use binaries of Crypto module like pycryptodome or user wheel file from https://www.lfd.uci.edu/~gohlke/pythonlibs to solve the Microsoft Visual C++ 14.0 error.

[Papotito123]

Hello: Sorry. I don't know how this happens that is closed.

MrByeHack,also notices in output from your lazagne,that all accounts hashes are not printed as in developers lazagne.

Thanks.

[Papotito123]

Hello: I'm editing your last lazagne.py cmd output.

[byehack]

Hello: I'm editing your last lazagne.py cmd output.

so?

[Papotito123]

Hello: MrByeHack, today I recovered my user password with mimikatz. And to confirm that after running the yesterday compiled exe,MrByeHack lazagne also recovered my user password as can see;

C:\Users\TESTACCOUNT\Desktop\Python37>lazagne.exe all -vvv

====================================================================
The LaZagne Project
! BANG BANG !
====================================================================

[!] Python 3.7.6 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel

[+] System masterkey decrypted for 08be8fec-13ca-4ae0-8341-36b907e33d19 [+] System masterkey decrypted for 15e43b11-4cee-437f-928e-082807c02474 [+] System masterkey decrypted for 1e8bc276-41f3-493f-8fb4-32496443bb79 [+] System masterkey decrypted for 4e79d188-0323-4c0b-9796-0d9ffc89f045 [+] System masterkey decrypted for 55aa46c8-2bc6-496a-8888-482c24891036

########## User: SYSTEM ##########

------------------- Ftpnavigator passwords -----------------

[!] No passwords found

------------------- Unattended passwords -----------------

[!] No passwords found

------------------- Pypykatz passwords -----------------

None [+] Password found !!! Domain: DESKTOP-2GHHNFK Password: xxxxxxxxxxxxxxx Shahash: 1a64c263388a957f3c40b29dcfea3bd994563c99 Nthash: 77d608ef029fb11a2079f4322355bf62 Login: TESTACCOUNT

------------------- Mscache passwords -----------------

[!] No passwords found

------------------- Hashdump passwords -----------------

[!] Traceback (most recent call last): File "lazagne\config\run.py", line 45, in run_module File "lazagne\softwares\windows\hashdump.py", line 12, in run File "lazagne\softwares\windows\creddump7\win32\hashdump.py", line 298, in dump_file_hashes File "lazagne\softwares\windows\creddump7\win32\hashdump.py", line 284, in dump_hashes TypeError: cannot unpack non-iterable NoneType object

I found the https://www.lfd.uci.edu/~gohlke/pythonlibs already but doesn't know what to download/install.That's why I asked.

I downloaded and used it from here;https://pypi.org/project/pycryptodome/#files I hope this is OK.

Then,I downloaded your latest version and run it.

I noticed that my user account password/LSA secrets appears below, User: SYSTEM ########## But also,under my account name(and all account names) display like this with my user account password; ------------------- Windows passwords -----------------

[!] User has already be found: xxxxxxxxxxxxxxxxxx ===> my passw is display here - ? [!] No passwords found ==> ?

I don't know if this is the way should be.

MrByeHack,also notices in output from your lazagne,that all accounts hashes are not printed as in developers lazagne.

I'm in phone and I don't see attachment option.But I have a new log.

So much thanks.

[Papotito123]

Hello: Papotito123_lazByeHack.latest-latest_raw.cmd.txt

Sorry.I found it.

Thanks.

[Papotito123]

Hello: This is the latest raw cmd from your latest lazagne.

------------------- Hashdump passwords -----------------

[!] Traceback (most recent call last): File "C:\lazo\Windows\lazagne\config\run.py", line 45, in run_module pwd_found = module.run() # run the module File "C:\lazo\Windows\lazagne\softwares\windows\hashdump.py", line 12, in run hashdump = dump_file_hashes(constant.hives['system'], constant.hives['sam']) File "C:\lazo\Windows\lazagne\softwares\windows\creddump7\win32\hashdump.py", line 298, in dump_file_hashes return dump_hashes(sysaddr, samaddr) File "C:\lazo\Windows\lazagne\softwares\windows\creddump7\win32\hashdump.py", line 284, in dump_hashes lmhash, nthash = get_user_hashes(user, hbootkey) TypeError: cannot unpack non-iterable NoneType object

------------------- Memory_dump passwords -----------------

[!] Traceback (most recent call last): File "C:\lazo\Windows\lazagne\config\run.py", line 45, in run_module pwd_found = module.run() # run the module File "C:\lazo\Windows\lazagne\softwares\memory\memorydump.py", line 103, in run if keepass_process in process.get('name', b'').lower(): TypeError: 'in ' requires string as left operand, not bytes

------------------- Firefox passwords -----------------

[!] Profile path found: C:\Users\TESTACCOUNT\AppData\Roaming\Mozilla\Firefox\Profiles\ylho7ovy.default [!] Database empty [!] Profile path found: C:\Users\TESTACCOUNT\AppData\Roaming\Mozilla\Firefox\Profiles\azatv8ct.default-release [!] key: b'\x01\x8c\xf8%\xd6h\x087\x07@\xe98\x802|C/\x8f\xcb\x8a\xef\x08\xa4\x07\x08\x08\x08\x08\x08\x08\x08\x08' [!] Traceback (most recent call last): File "C:\lazo\Windows\lazagne\softwares\browsers\mozilla.py", line 158, in get_key key_data = self.read_bsddb(os.path.join(profile, 'key3.db')) File "C:\lazo\Windows\lazagne\softwares\browsers\mozilla.py", line 216, in read_bsddb with open(name, 'rb') as f: FileNotFoundError: [Errno 2] No such file or directory: 'C:\Users\TESTACCOUNT\AppData\Roaming\Mozilla\Firefox\Profiles\azatv8ct.default-release\key3.db'

[+] Password found !!! URL: https://login.live.com Login: xxxxxxxxxx.com Password: zzzzzzzzzzzz

It recovers passwords well. And run very fast.

Also,noticed that in output from your lazagne,that all accounts hashes are not printed as in developers lazagne,like this; ########## User: SYSTEM ##########

------------------- Ftpnavigator passwords -----------------

[!] No passwords found

------------------- Unattended passwords -----------------

[!] No passwords found

------------------- Mscache passwords -----------------

[!] No passwords found

------------------- Hashdump passwords -----------------

Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:8a55595be989882a0c3636404e158620::: djEl:1001:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx::: TESTACCOUNT:1002:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx::: PROBANDO:1003:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:::

------------------- Lsa_secrets passwords -----------------

Another Q.I tested first lazagne dev version and didn't even run. Then I run your lazagne version running well but didn't grab user password. Then I delete lazagne folder and run new.This time fetch user account password.

lazagne 2.4.3_ByeHack_29DEC2019.txt

So much thanks.

[byehack]

this project must completely convert to python 3. but now it doesn't support python 3. so wait for the lazagne owner to support this.

[Papotito123]

Hello: Thanks for the answer.

And thanks to lazagne dev.

[AlessandroZ]

Hashdump error should be fixed thanks to the @byehack fixes now.(Used from his commit: https://github.com/byehack/LaZagne/commit/5d1697a4bbcc5cf7631be7a5b1574ba194b53e1b)

[byehack]

@AlessandroZ you can close this issue, i don't think we have another problem on wifi module