Closed MyLoginOnGitHub closed 4 years ago
byehack
commented
4 years ago are u sure now is working for decrypting vaults? it is my big problem and i send these issues: https://github.com/AlessandroZ/LaZagne/issues/438 https://github.com/AlessandroZ/LaZagne/issues/439 but i didn't get answer!
i also send this PR https://github.com/AlessandroZ/LaZagne/pull/441 it works for some just for GENERIC_PASSWORDs not DOMAIN_PASSWORDs!
byehack
commented
4 years ago are you AlessandroZ ??
MyLoginOnGitHub
commented
4 years ago No, I'm not AlessandroZ... Why should I be him? :)
I've try to run LaZagne for vault again and it works for me. BUT it found only passwords for internet (which was saved by IE). I have no any domain on my computer, so I could not to assert anything about domain passwords. Unfortunately, am not familiar with Windows Vault technology. As I understand, this technology is not documented by Microsoft (or even by someone). Please, give me a link to docs if I wrong... I didn't ever try to run LaZagne with password specified. So, I did not decrypt anything, I just used vault API.
AlessandroZ
commented
4 years ago Thanks for the PR !
Just to clarify, GENERIC_PASSWORDs could be retrieved from Vault using the Windows API, so no need the user windows password to do it. However, DOMAIN_PASSWORDs cannot be retrieved using this API. It could be done decrypting the vault file stored on the system. This is what I do here: https://github.com/AlessandroZ/LaZagne/blob/master/Windows/lazagne/softwares/windows/vaultfiles.py#L15
But to do it, the user windows password is needed. So either you have to pass it from command line or if your windows password is equal to another one already found (from firefox or other tool).
I need time to rebuild some VMs to check all problems and to work on python3 (but keeping a compatibility with python2 is mandatory for me) but right now, I don't have time.
Have a nice day.
MyLoginOnGitHub
commented
4 years ago Thanks! Is there any links to documentation of Vault API??
byehack
commented
4 years ago I have no any domain on my computer, so I could not to assert anything about domain passwords.
please please add some domain passwords then check. it is not work and is a big problem.
Unfortunately, am not familiar with Windows Vault technology. As I understand, this technology is not documented by Microsoft (or even by someone). Please, give me a link to docs if I wrong...
did you see my issues and PR ? https://github.com/AlessandroZ/LaZagne/issues/438 , https://github.com/AlessandroZ/LaZagne/issues/439 , https://github.com/AlessandroZ/LaZagne/pull/441
byehack
commented
4 years ago But to do it, the user windows password is needed. So either you have to pass it from command line or if your windows password is equal to another one already found (from firefox or other tool).
see: lazagne_output.txt
For Windows 7 collects logins only from Vault, not passwords. Behaviour for later versions of windows has not been changed (logins and passwords successfully collected). Password's collecting for Win 7 fails for some reason on function VaultGetItem (https://github.com/MyLoginOnGitHub/LaZagne/blob/7727bc3bab2d228e5257804088f7f56202d2828d/Windows/lazagne/softwares/windows/vault.py#L48) with status code 87 (ERROR_INVALID_PARAMETER, https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-).
I've done as in following, but it fails. https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Get-VaultCredential.ps1 https://github.com/byt3bl33d3r/SILENTTRINITY/blob/master/silenttrinity/core/teamserver/modules/boo/src/dumpVaultCredentials.boo https://github.com/danieljoos/winvault/blob/master/syscall.go
I hope later someone could fix this problem. I suggest now to collects only logins for Windows 7 and create issue to fix this later.