Closed Papotito123 closed 4 years ago
byehack
commented
4 years ago AttributeError: 'dict' object has no attribute 'to_dict'
it think you should delete to_dict() from these lines:
https://github.com/AlessandroZ/LaZagne/blob/adc1b19d4f3608b66ba8748c4d060e16dc316a01/Windows/lazagne/softwares/windows/ppypykatz.py#L33
https://github.com/AlessandroZ/LaZagne/blob/adc1b19d4f3608b66ba8748c4d060e16dc316a01/Windows/lazagne/softwares/windows/ppypykatz.py#L37
Papotito123
commented
4 years ago Hello: ByeHack,I did your mod but still fail;
------------------- Pypykatz passwords -----------------
Buildnumber: 17763 Using template for Windows 10 x64 [!] No passwords found
------------------- Mscache passwords -----------------
I ran a compiled exe with lazagne (30DECEMBER2019 - that scrach from start) and did a mod gived by MyLoginOnGitHub(creddump7 > addrspace.py file) that makes lazagne.py run good. This compiled exe output is good as this; ------------------- Pypykatz passwords -----------------
None [+] Password found !!! Domain: DESKTOP-2GHHNFK Password: xxxxxxxxxxxx Shahash: 1a64c263388a957f3c40b29dcfea3bd994563c99 Nthash: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz Login: TESTACCOUNT
------------------- Mscache passwords -----------------
I think is something straight to pypykatz . I let lazagne requirements.txt install pypykatz by default and gives this; Buildnumber: 17763 Using template for Windows 10 x64 [!] No passwords found
If I do pip install --upgrade pypykatz, then result is; None 272482 ===> what are these 272416 997 81545 81499 996 57801 57688 54561 999 [!] Traceback (most recent call last): File "C:\lazy\Windows\lazagne\config\run.py", line 45, in run_module pwd_found = module.run() # run the module File "C:\lazy\Windows\lazagne\softwares\windows\ppypykatz.py", line 37, in run user = logon_sessions[logon_session].to_dict() AttributeError: 'dict' object has no attribute 'to_dict'
Should I let lazagne requirements.txt install pypykatz or should I download pypykatz.zip and then pip install "path-to-pypykatz.zip" ?
Thanks for your help.
byehack
commented
4 years ago as i remember pypykatz was working well! yes or no? i think the problem is from this commit: https://github.com/AlessandroZ/LaZagne/commit/b0c72ac158bc2dcd9ee67ff5a4f6faa0f12b5621 try download this tree: https://github.com/AlessandroZ/LaZagne/tree/b2c7ff328d855a6e273949d62684b5926d153827 and give me the feedback
Papotito123
commented
4 years ago Hello; pypykatz was good in releases in 29-30 december 2019.I compiled it and saved(for in case of trouble,have a good one) and pypykatz fetch user password well.
This last one lazagne is the one I have been using for the last 2 days. But still failed; C:\Python37>"C:\lozo\Windows\laZagne.py" -version Version 2.4.3
C:\Python37>"C:\lozo\Windows\laZagne.py" all -vvv
| ==================================================================== |
|---|
| The LaZagne Project |
| ! BANG BANG ! |
| ==================================================================== |
[!] Python 3.7.6 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
[+] System masterkey decrypted for 08be8fec-13ca-4ae0-8341-36b907e33d19 [+] System masterkey decrypted for 15e43b11-4cee-437f-928e-082807c02474 [+] System masterkey decrypted for 1e8bc276-41f3-493f-8fb4-32496443bb79 [+] System masterkey decrypted for 4e79d188-0323-4c0b-9796-0d9ffc89f045 [+] System masterkey decrypted for 55aa46c8-2bc6-496a-8888-482c24891036
########## User: SYSTEM ##########
------------------- Ftpnavigator passwords -----------------
[!] No passwords found
------------------- Unattended passwords -----------------
[!] No passwords found
------------------- Pypykatz passwords -----------------
Buildnumber: 17763 Using template for Windows 10 x64 [!] No passwords found
------------------- Mscache passwords -----------------
I did Microsoft Visual C++ 14.0 repair and it reinstalled C++ 2015 Redistributable (x86) ,(x64) Windows - 14.0.24210 because them were updated.I did Disc Check and find all well.
Thanks for supporting.
byehack
commented
4 years ago did you try this tree? https://github.com/AlessandroZ/LaZagne/tree/b2c7ff328d855a6e273949d62684b5926d153827
download this zipfile: https://github.com/AlessandroZ/LaZagne/archive/b2c7ff328d855a6e273949d62684b5926d153827.zip
and give me the feedback
Papotito123
commented
4 years ago Hello: Yes. That's the one I run. Anyway I downloaded your zip and run.
Output; C:\Python37>pip3.7.exe install -r "C:\lozo\requirements.txt" Ignoring enum34: markers 'python_version < "3.4" and sys_platform == "win32"' don't match your environment Ignoring psutil: markers 'sys_platform == "linux" or sys_platform == "linux2"' don't match your environment Ignoring secretstorage: markers 'sys_platform == "linux" or sys_platform == "linux2"' don't match your environment Collecting https://github.com/AlessandroZ/pypykatz/archive/master.zip (from -r C:\lozo\requirements.txt (line 6)) Downloading https://github.com/AlessandroZ/pypykatz/archive/master.zip / 901kB 1.7MB/s Requirement already satisfied (use --upgrade to upgrade): pypykatz==0.0.3 from https://github.com/AlessandroZ/pypykatz/archive/master.zip in c:\python37\lib\site-packages (from -r C:\lozo\requirements.txt (line 6)) Requirement already satisfied: pyasn1 in c:\python37\lib\site-packages (from -r C:\lozo\requirements.txt (line 3)) (0.4.8) Requirement already satisfied: rsa in c:\python37\lib\site-packages (from -r C:\lozo\requirements.txt (line 4)) (4.0)
C:\Python37>python "C:\lozo\Windows\laZagne.py" usage: laZagne.py [-h] [-version] {all,browsers,chats,databases,games,git,mails,maven,memory,multimedia,php,svn,sysadmin,windows,wifi} ...
| ==================================================================== |
|---|
| The LaZagne Project |
| ! BANG BANG ! |
| ==================================================================== |
positional arguments: {all,browsers,chats,databases,games,git,mails,maven,memory,multimedia,php,svn,sysadmin,windows,wifi} Choose a main command all Run all modules browsers Run browsers module chats Run chats module databases Run databases module games Run games module git Run git module mails Run mails module maven Run maven module memory Run memory module multimedia Run multimedia module php Run php module svn Run svn module sysadmin Run sysadmin module windows Run windows module wifi Run wifi module
optional arguments: -h, --help show this help message and exit -version laZagne version
C:\Python37>"C:\lozo\Windows\laZagne.py" -version Version 2.4.3
C:\Python37>"C:\lozo\Windows\laZagne.py" all -vvv
| ==================================================================== |
|---|
| The LaZagne Project |
| ! BANG BANG ! |
| ==================================================================== |
[!] Python 3.7.6 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
[+] System masterkey decrypted for 08be8fec-13ca-4ae0-8341-36b907e33d19 [+] System masterkey decrypted for 15e43b11-4cee-437f-928e-082807c02474 [+] System masterkey decrypted for 1e8bc276-41f3-493f-8fb4-32496443bb79 [+] System masterkey decrypted for 4e79d188-0323-4c0b-9796-0d9ffc89f045 [+] System masterkey decrypted for 55aa46c8-2bc6-496a-8888-482c24891036
########## User: SYSTEM ##########
------------------- Ftpnavigator passwords -----------------
[!] No passwords found
------------------- Unattended passwords -----------------
[!] No passwords found
------------------- Pypykatz passwords -----------------
Buildnumber: 17763 Using template for Windows 10 x64 [!] No passwords found
------------------- Mscache passwords -----------------
[!] No passwords found
There's no problem with mimikatz fetching the password. Thanks.
AlessandroZ
commented
4 years ago I don't recommend using another version of the one specify from the requirements file which is my fork that I have changed to work with lazagne. I will update it, because last signature from Windows 10 has not been added yet.
I will do some more tests to update it soon.
byehack
commented
4 years ago I will do some more tests to update it soon.
ok, thanks!
Papotito123
commented
4 years ago Hello: I'm still facing pypykatz not grabbing widigest.
I have this lazagne compiled that still grab user password.Is lazagne 2.4.3 compiled with python 3.7 x64 in Win 10 1809 x64. Can be decompiled ? lazagne.zip
I really suspect is not really pypykatz problem.If pypykatz doesn't has latest Windows signatures but I run a not up-to-date lazagne compiled, Should pypykatz can still grab user passsword without being updated? That's what I questioning.
MrByeHach,MyLoginOnGitHub, AlessandroZ and any other can test this lazagne.exe in latest Windows 10 to see how works and to test for wdigest user password?
Any thoughts much appreciated.
So much Thanks.
AlessandroZ
commented
4 years ago Try removing pypykatz and install this one: https://github.com/alxchk/pypykatz Last Windows build are supported: https://github.com/alxchk/pypykatz/blob/f80445439d47d68430c81018bd406d7e50f1f428/pypykatz/commons/common.py#L184:L190
Give a feedback please.
Papotito123
commented
4 years ago Hello: This is the output; https://github.com/alxchk/pypykatz
C:\python37>"C:\lezy\Windows\laZagne.py" -version Version 2.4.3
C:\python37>"C:\lezy\Windows\laZagne.py" all -vvv
| ==================================================================== |
|---|
| The LaZagne Project |
| ! BANG BANG ! |
| ==================================================================== |
[!] Python 3.7.6 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
[+] System masterkey decrypted for 08be8fec-13ca-4ae0-8341-36b907e33d19 [+] System masterkey decrypted for 15e43b11-4cee-437f-928e-082807c02474 [+] System masterkey decrypted for 1e8bc276-41f3-493f-8fb4-32496443bb79 [+] System masterkey decrypted for 4e79d188-0323-4c0b-9796-0d9ffc89f045 [+] System masterkey decrypted for 55aa46c8-2bc6-496a-8888-482c24891036
########## User: SYSTEM ##########
------------------- Ftpnavigator passwords -----------------
[!] No passwords found
------------------- Unattended passwords -----------------
[!] No passwords found
------------------- Pypykatz passwords -----------------
None [!] Traceback (most recent call last): File "C:\lezy\Windows\lazagne\config\run.py", line 45, in run_module pwd_found = module.run() # run the module File "C:\lezy\Windows\lazagne\softwares\windows\ppypykatz.py", line 37, in run user = logon_sessions[logon_session].to_dict() AttributeError: 'dict' object has no attribute 'to_dict'
------------------- Mscache passwords -----------------
I also tried this ; https://github.com/skelsec/pypykatz . But same result.
Also, tried ByeHack suggestion; Byehach ; it think you should delete to_dict() from these lines: LaZagne/Windows/lazagne/softwares/windows/ppypykatz.py
Line 33 in adc1b19
logon_sessions = mimi.to_dict().get('logon_sessions', [])
LaZagne/Windows/lazagne/softwares/windows/ppypykatz.py
Line 37 in adc1b19
user = logon_sessions[logon_session].to_dict()
But throws error; ------------------- Pypykatz passwords -----------------
None [!] Traceback (most recent call last): File "C:\lezy\Windows\lazagne\config\run.py", line 45, in run_module pwd_found = module.run() # run the module File "C:\lezy\Windows\lazagne\softwares\windows\ppypykatz.py", line 33, in run logon_sessions = mimi('logon_sessions', []) TypeError: 'pypykatz' object is not callable
Thanks for your support.
byehack
commented
4 years ago @Papotito123 Hello! can you test with my repo and give me the results? Thanks for your testing and reporting!!!
Papotito123
commented
4 years ago Hello: ByyHach, this is the output; https://github.com/byehack/LaZagne C:\python37>"C:\loco\Windows\laZagne.py" -version Version 2.4.3
C:\python37>"C:\loco\Windows\laZagne.py" all -vvv
| ==================================================================== |
|---|
| The LaZagne Project |
| ! BANG BANG ! |
| ==================================================================== |
[!] Python 3.7.6 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
[+] System masterkey decrypted for 08be8fec-13ca-4ae0-8341-36b907e33d19 [+] System masterkey decrypted for 15e43b11-4cee-437f-928e-082807c02474 [+] System masterkey decrypted for 1e8bc276-41f3-493f-8fb4-32496443bb79 [+] System masterkey decrypted for 4e79d188-0323-4c0b-9796-0d9ffc89f045 [+] System masterkey decrypted for 55aa46c8-2bc6-496a-8888-482c24891036
########## User: SYSTEM ##########
------------------- Ftpnavigator passwords -----------------
[!] No passwords found
------------------- Unattended passwords -----------------
[!] No passwords found
------------------- Pypykatz passwords -----------------
Buildnumber: 17763 Using template for Windows 10 x64 [!] No passwords found
------------------- Mscache passwords -----------------
[!] No passwords found
Same behave.
But I did try pypykatz by itselt and yes retrieved password; Using, pip install pypykatz , will install pypykatz-0.3.4. Then I ran , C:\python37>cd "C:\python37\Scripts"
C:\python37\Scripts>pypykatz live lsa --json { "live": { "logon_sessions": {
```````` , and so on , ` ````````"username": "TESTACCOUNT", "wdigest_creds": [ { "credtype": "wdigest", "domainname": "DESKTOP-2GHHNFK", "luid": 420259, "password": "`xxxxxxxxxxxxz", "username": "TESTACCOUNT" } ] } }, "orphaned_creds": [] } }
Then I uninstalled this pypykatz-0.4.3. Then I did again alessandro lazagne's requirements to install pypykatz as default. Ran lazagne.py and still no passwords.
But , then I ran directly pypykatz.py, and got this;
C:\python37\Scripts> C:\python37\Scripts>cd C:\python37\Lib\site-packages\pypykatz
C:\python37\Lib\site-packages\pypykatz>pypykatz live lsa Exception while dumping LSA credentials from memory. Traceback (most recent call last): File "c:\python37\lib\site-packages\pypykatz__main__.py", line 71, in main mimi = pypykatz.go_live() File "c:\python37\lib\site-packages\pypykatz\pypykatz.py", line 35, in go_live mimi.start() File "c:\python37\lib\site-packages\pypykatz\pypykatz.py", line 136, in start self.lsa_decryptor = self.get_lsa() File "c:\python37\lib\site-packages\pypykatz\pypykatz.py", line 61, in get_lsa lsa_dec = LsaDecryptor(self.reader, lsa_dec_template, self.sysinfo) File "c:\python37\lib\site-packages\pypykatz\lsadecryptor\lsa_decryptor.py", line 22, in init self.acquire_crypto_material() File "c:\python37\lib\site-packages\pypykatz\lsadecryptor\lsa_decryptor.py", line 31, in acquire_crypto_material self.des_key = self.get_des_key(sigpos) File "c:\python37\lib\site-packages\pypykatz\lsadecryptor\lsa_decryptor.py", line 36, in get_des_key return self.get_key(pos, self.decryptor_template.key_pattern.offset_to_DES_key_ptr) File "c:\python37\lib\site-packages\pypykatz\lsadecryptor\lsa_decryptor.py", line 67, in get_key ptr_key = self.reader.get_ptr(ptr_key) File "c:\python37\lib\site-packages\pypykatz\commons\readers\local\live_reader.py", line 284, in get_ptr return self.read_uint() File "c:\python37\lib\site-packages\pypykatz\commons\readers\local\live_reader.py", line 237, in read_uint return struct.unpack("<Q", self.read(8))[0] struct.error: unpack requires a buffer of 8 bytes
==== Parsing errors: live
C:\python37\Lib\site-packages\pypykatz>
What this really means?
Thanks in advanced.
Papotito123
commented
4 years ago Hello: Sorry Alessandro. You direct me to download https://github.com/alxchk/pypykatz , and install.
This is the real output; C:\python37>pip3.7 install "C:\python37\pypykatz-master.zip" Processing c:\python37\pypykatz-master.zip Installing collected packages: pypykatz Running setup.py install for pypykatz ... done Successfully installed pypykatz-0.2.2
C:\python37>python "C:\lazo\Windows\laZagne.py" usage: laZagne.py [-h] [-version] {all,browsers,chats,databases,games,git,mails,maven,memory,multimedia,php,svn,sysadmin,windows,wifi} ...
| ==================================================================== |
|---|
| The LaZagne Project |
| ! BANG BANG ! |
| ==================================================================== |
positional arguments: {all,browsers,chats,databases,games,git,mails,maven,memory,multimedia,php,svn,sysadmin,windows,wifi} Choose a main command all Run all modules browsers Run browsers module chats Run chats module databases Run databases module games Run games module git Run git module mails Run mails module maven Run maven module memory Run memory module multimedia Run multimedia module php Run php module svn Run svn module sysadmin Run sysadmin module windows Run windows module wifi Run wifi module
optional arguments: -h, --help show this help message and exit -version laZagne version
C:\python37>"C:\lazo\Windows\laZagne.py" all -vvv
| ==================================================================== |
|---|
| The LaZagne Project |
| ! BANG BANG ! |
| ==================================================================== |
[!] Python 3.7.6 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
[+] System masterkey decrypted for 08be8fec-13ca-4ae0-8341-36b907e33d19 [+] System masterkey decrypted for 15e43b11-4cee-437f-928e-082807c02474 [+] System masterkey decrypted for 1e8bc276-41f3-493f-8fb4-32496443bb79 [+] System masterkey decrypted for 4e79d188-0323-4c0b-9796-0d9ffc89f045 [+] System masterkey decrypted for 55aa46c8-2bc6-496a-8888-482c24891036
########## User: SYSTEM ##########
------------------- Ftpnavigator passwords -----------------
[!] No passwords found
------------------- Unattended passwords -----------------
[!] No passwords found
------------------- Pypykatz passwords -----------------
===== BASIC INFO. SUBMIT THIS IF THERE IS AN ISSUE ===== CPU arch: X64 OS: None BuildNumber: 17763 MajorVersion: 6 MSV timestamp: 1574384976 ===== BASIC INFO END ===== [!] No passwords found
------------------- Mscache passwords -----------------
Sorry .
Thanks.
byehack
commented
4 years ago Thank @Papotito123 for test with my repository! i will fix it.
Papotito123
commented
4 years ago Hello: @ByeHack.Sorry for the mixed-up.
This is the real output with your repo.
First,I uninstall any previous pypykatz.Then I installed the requirements and so on. Sorry for the mistake.
As you can see ,the error given is ; AttributeError: 'dict' object has no attribute 'to_dict' Some weeks before , byehack commented on Jan 5 ,you instruct me to delete to_dict(). I tried but no change.
Can you give me the exact changes and where to do ?
As I am experimenting with skelsec pypykatz module ,this to_dict error is given when using with lazagne.py. But when I use only skelsec pypykatz module and run ; pip install pypykatz ,this will install pypykatz-0.3.4.. So then I run ; pypykatz live lsa --json ,and grab my user password well as this;
"live": { "logon_sessions": {
, and so on , `
"username": "TESTACCOUNT",
"wdigest_creds": [
{
"credtype": "wdigest",
"domainname": "DESKTOP-2GHHNFK",
"luid": 420259,
"password": "`xxxxxxxxxxxxz",
"username": "TESTACCOUNT"
}
]
}
},
"orphaned_creds": []
}
}
Sorry . And Thanks.
byehack
commented
4 years ago Hello again and thanks for re-reporting!
as we know, this is problem lazagne project, not from pypykatz.
i will fix it when my system back. just wait...
Papotito123
commented
4 years ago Hello: @Byehack ,That's my impression from time but But at last I learned how to use and run pypykatz by itself showing that this error can be in the side of lazagne and not in pypykatz itself.I can suspect that maybe the password is in some way being fetched but not translated in a feasible way for lazagne.
Thanks to everyone that takes time to work in a solution. And also to the developer.
Papotito123
commented
4 years ago Hello: @AlessandroZ , @byehack ; Maybe I found a fix to this pypykatz issues.
@byehack ,when running your repo and thinking about your recommendation about delete to_dict() ,I just try a few mods in pypykatz.py but running with pypykatz 0.4.3 instead lazagne's pypykatz default.
And seems to work, at least for me.
@ByeHack,Using your repo(that download and install pypykatz 0.4.3) , and using a copy of pypykatz.py from latest alessandro's lazagne with making this changes to pypykatz.py ,then login was recovered;
Procedure related info: I used your repo from the link you provided . Your requierements.txt downloaded and install pypykatz 0.4.3 . Using a copy of pypykatz.py from latest alessandro's lazagne .zip, I did a few modifications.
pypykatz.py modifcations : (I made this mod and pypykatz retrieved widigest)
def run(self):
mimi = None
try:
mimi = pypykatz.go_live()
except Exception:
pass
if mimi:
results = {}
logon_sessions = (mimi.to_dict().get('logon_sessions', [])) <=== This New line
for logon_session in logon_sessions:
# Right now kerberos_creds, dpapi_creds and credman_creds results are not used
user = (logon_sessions[logon_session]) <=== This New lineAS you can see, I enclosed the whole right-side of each instruction after " = " with a ( ). But I don't know if is really neaded. I don't know the effect over other options as 'ssp_creds', 'livessp_creds', 'tspkg_creds'.
Then I removed .to_dict() only from user = logon_sessions[logon_session].to_dict()
This is the relevant part of the output; ------------------- Pypykatz passwords -----------------
None [+] Password found !!! Domain: DESKTOP-2GHHNFK Password: xxxxxxxxx Shahash: 1a64c263388a957f3c40b29dcfea3bd994563c99 Nthash: ooooooooooooooooooooooooooo Login: TESTACCOUNT
------------------- Mscache passwords -----------------
------------------- Vault passwords -----------------
[-] Password not found !!! URL: Domain:target=DESKTOP-WINVIRT Login: testuser
[-] Password not found !!! ===> Your repo still can't grab Vault passwords URL: https://login.live.com/ Login: zzzzzzzzz@hotmail.com Name: Internet Explorer
------------------- Windows passwords -----------------
[!] User has already be found: xxxxxxxxx [!] No passwords found
------------------- Wifi passwords -----------------
@AlessandroZ ,the fix that works for me is fully explained with a full running in this .txt
Papotito123_ByeHack repo+my pypykatz fix.txt
I really hope this can be helpfull.
So much thanks to @ByeHack.So much thanks to @AlessandroZ.
Papotito123
commented
4 years ago Hello: Regarding my last post. I compiled the lazagne.py with the pypykatz.py modifications. It works well in my TESTACCOUNT account(my usual account). I tested In a MicrosoftAccount user account and works well.Even pypykatz recovered the Microsoft login password(should it be?). But in my 3rd user local account didn't recover user password/WIFI password/Chrome login.All these were recovered well with mimikatz.
All 3 accounts are part of the same OS.
So, maybe this "fix" works for some.
I hope you can test it.
Thanks in advanced.
byehack
commented
4 years ago can u send results of 3rd account?
Papotito123
commented
4 years ago HellO; @byehack,This is the output for my 3rd user account.
Papotito123_lazagne_pypykatz fix_3rd account.txt
Thanks .
byehack
commented
4 years ago i didn't understand whats happened! did u use my repo or @AlessandroZ last github update?
this issue is about pypykatz, i will fix it and give you the result.
Papotito123
commented
4 years ago Hello:. @Byehack,@AlessandroZ: ,I used @Alessandro latest git code and installing pypykatz 0.3.4(instead of requirements.txt default) and making a modification to lazagne's pypykatz.py(ppypykatz.py) file as this; def run(self): mimi = None try: mimi = pypykatz.go_live() except Exception: pass
if mimi:
results = {}
logon_sessions = (mimi.to_dict().get('logon_sessions', [])) <=== This New line
for logon_session in logon_sessions:
# Right now kerberos_creds, dpapi_creds and credman_creds results are not used
user = (logon_sessions[logon_session]) <=== This New lineThen I run laZagne.py as usual. After this "fixes" ,lasagne.py runs well and grab user password.
I also compiled lazagne to .exe. The new issue I'm having is that the compiled exe worked good in 1 local and 1 MicrosoftAccount.But in my other local account didn't grab user password/Chrome logins.
Thanks for your support.
byehack
commented
4 years ago Thanks! you can now close this issue!
as i first said we should modified line 33 & 37 of ppypykatz.py, but i was wrong, just modifying of line 37 is enough! i also added this edit in my repo with https://github.com/byehack/LaZagne/commit/30ed2bd4d35d634d185d4e8aca7d7c6aa5a5cb48. this modifying is for pypykatz py3 support. i think the pypykatz module in lazagne now is incompatible for py2. sorry):
I also compiled lazagne to .exe. The new issue I'm having is that the compiled exe worked good in 1 local and 1 MicrosoftAccount.But in my other local account didn't grab user password/Chrome logins.
which lazagne?
@byehack lazagne? @AlessandroZ lazagne? @byehack lazagne + after you fixed pypykatz issue? @AlessandroZ lazagne + after you fixed pypykatz issue?
Papotito123
commented
4 years ago Hello;
@Alessandro , @ByeHack:
I am seeking and testing between Alessandro sources codes I had archived.
I know why pypykatz worked at some time and then not.
This is Alessandro code from December 27, 2019, 3:09:54 AM; LaZagne-master_ DEC27, 2019, 30954 AM.zip.
If you look in requirements.txt ,it changes pypykatz source to skelsec. So it downloads not-default pypyaktz. Then I issuing to recover user wdigest password and @Byehach suggest to eliminate .to_dict() from 2 lines .I saw this doesn't still worked and start a trial-and-error and found that just taking .to_dict() from the second line you suggested,it gives pypykatz functionality and user password are grabbed.
So that's why after this pypykatz doesn't recover user wdigest -because developer changed back to @Alessandro default pypykatz in requirements.txt
I'm sure because I did tested( I have been close to 2 hours until found where is/was the issue). I ran this lazagne 27dec2019 > ran requirements.txt(it downs skelsec pypykatz 0.4.3.) > but still no wdigest password > so, then I modiied alessandro ppypykatz.py Line 37 user = logon_sessions[logon_session] ====> new line Well. I run laZagne.py and user wdigest was recovered.
So in later December 2019,pypkatz worked good just while I ran as explained before. But I'm still learning/experiencing ,so I didn't catch the meaning of this scenario. And is the whole story.
As now, for me to get pypykatz to works, I have to skelsec pypykatz and modify ppypykatz.py until this get a tested/proved fix.
I hope this can be fixed with no side-effects or unexpecteds.
For @ByeHack last question; I used @Alessandro latest git code > via ( pip3.7 install pypykatz ) , I installed pypykatz 0.3.4(instead of lazagne's requirements.txt default) > then made modification to lazagne's ppypykatz.py file as this; Line 37 in user = logon_sessions[logon_session] ===> New line
So,laZagne.py ran well. Then, I compiled it to .exe. This my-compiled lazagne.exe , is the one that give me issues in my third user account(local account) ,as I mentioned and I posted the output( Papotito123_lazagne_pypykatz fix_3rd account.txt ). It can't grab user wdigest, also gives WindowsError: exception: access violation reading 0x00000416391E426A for Chrome (this was a huge issue that take some time @Alessandro to replicate but should be resolved - that's intrigue ).
Side note: I have a my-complie .exe made with @Alessandro lazagne 2.4.3 version(DECEMBER 30-2019). This code crash from start. So,MyLoginOnGitHub suggest a fix in
Windows/lazagne/softwares/windows/creddump7 > addrspace.py file,that worked and let lazagne run(this fixed is implemented from lazagne's after DEC312019) Then,I used lazagne requirements.txt(point to skelsec pypykatz) from lazagne code 27DEC2019 and made ppypykatz.py modification in line 37. This compiled has issue with hashdump(at that time was still issue). But recover user wdigest/Chrome login/Credentials/Vault .
lazagne 2.4.3 version(DEC30-2019).zip
Check it.
So much thanks
Papotito123
commented
4 years ago Hello; @AlessandroZ ,@byehack: I made a new lazagne.exe with Alessandro latest git code but using requirements.txt from Alessandro code(December 27, 2019, 3:09:54 AM) that points to skelsec pypykatz, and with ppypykatz.py modification. I ran it again to my 3rd user local account(that gave issues before) and this time recovered wdigest/Chrome passwords well.
Thanks.
byehack
commented
4 years ago Great! now i think this issue can be close!
Papotito123
commented
4 years ago Hello: Thanks to @AlessandroZ ,@Byehack.
AlessandroZ
commented
4 years ago Just to inform you than now pypykatz has been embed to the project and can be found here: https://github.com/AlessandroZ/LaZagne/tree/master/Windows/lazagne/config/lib/pypykatz
There was a mix between the pypykatz project and my code. .to_dict() has been changed on the original project that why you had so much problems. I have cleaned it as well to only load the necessary code.
BTW thanks for your help.
Hello: Win 10 1809 x64,python 3.7.6 x64. Sorry to interrupt. But in latests laZagne.py, pypykatz is not working as days before where can grab my user password(wdigest enabled).
I reinstalled python 3.7.16 x64,reinstalled VS 2015. I didn't --upgrade pypykatz leaving as in lazagne's requirements.
This is traceback; C:\Python37>"C:\lozo\Windows\laZagne.py" -version Version 2.4.3
C:\Python37>"C:\lozo\Windows\laZagne.py" all -vvv
[!] Python 3.7.6 on Windows AMD64: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
[+] System masterkey decrypted for 08be8fec-13ca-4ae0-8341-36b907e33d19 [+] System masterkey decrypted for 15e43b11-4cee-437f-928e-082807c02474 [+] System masterkey decrypted for 1e8bc276-41f3-493f-8fb4-32496443bb79 [+] System masterkey decrypted for 4e79d188-0323-4c0b-9796-0d9ffc89f045 [+] System masterkey decrypted for 55aa46c8-2bc6-496a-8888-482c24891036
########## User: SYSTEM ##########
------------------- Ftpnavigator passwords -----------------
[!] No passwords found
------------------- Unattended passwords -----------------
[!] No passwords found
------------------- Pypykatz passwords -----------------
Buildnumber: 17763 Using template for Windows 10 x64 [!] No passwords found
------------------- Mscache passwords ----------------- If I do --upgrade pypykatz, then error is;
------------------- Pypykatz passwords -----------------
None 272482 ===> what are these 272416 997 81545 81499 996 57801 57688 54561 999 [!] Traceback (most recent call last): File "C:\lazy\Windows\lazagne\config\run.py", line 45, in run_module pwd_found = module.run() # run the module File "C:\lazy\Windows\lazagne\softwares\windows\ppypykatz.py", line 37, in run user = logon_sessions[logon_session].to_dict() AttributeError: 'dict' object has no attribute 'to_dict'
------------------- Mscache passwords -----------------
Also Windows Credentials(from my VBOX VM) are not recovered. My user password and Credentials are grabbed with mimikatz.
Any hint will be appreciated.