Google chrome Profile 1 passwords

[Papotito123]

Hello; Hope all of you are well.

Running latest lazagne . Avast is Disabled. I had this issue in a Lenovo UEFI laptop with Win 1803 x64 and user is a MicrosoftAccount.

Is regarding recovering Chrome passwords when there's a Profile . I tested latest mimikatz and recovered Chrome passwords well.

------------------- Google chrome passwords -----------------

[!] Database found: C:\Users\username\AppData\Local\Google\Chrome\User Data\Profile 1\Login Data [!] Temporary db copied: C:\Users\ABNER\AppData\Local\Temp\vgshyhjrk [-] ABNER not ok for masterkey 0bf0a4c7-34b3-488e-9092-4962367d1c35

  , and so on , (getting into an infinite loop doesn't letting lazagne to finish  > I interrupted with CTRL+C)

[-] xxxxxxxxxxxxxx not ok for masterkey 76f9ed48-08c3-499a-9671-fbf85e6f15e5 Traceback (most recent call last): File "laZagne.py", line 233, in File "laZagne.py", line 87, in runLaZagne File "lazagne\config\run.py", line 197, in run_lazagne File "lazagne\config\run.py", line 114, in run_category File "lazagne\config\run.py", line 45, in run_module File "lazagne\softwares\browsers\chromium_based.py", line 214, in run File "lazagne\softwares\browsers\chromium_based.py", line 148, in _export_credentials File "lazagne\config\winstructure.py", line 622, in Win32CryptUnprotectData File "lazagne\config\dpapi_structure.py", line 33, in are_masterkeys_retrieved File "lazagne\config\dpapi_structure.py", line 92, in check_credentials File "lazagne\config\DPAPI\masterkey.py", line 372, in try_credential File "lazagne\config\DPAPI\masterkey.py", line 70, in decrypt_with_password File "lazagne\config\DPAPI\masterkey.py", line 57, in decrypt_with_hash File "lazagne\config\DPAPI\masterkey.py", line 85, in decrypt_with_key File "lazagne\config\DPAPI\crypto.py", line 342, in dataDecrypt File "lazagne\config\DPAPI\crypto.py", line 322, in pbkdf2 KeyboardInterrupt [14772] Failed to execute script laZagne

Any info will be good.

Thanks.

[byehack]

the infinite loop or huge processing is coming from Win32CryptUnprotectData function...

[Papotito123]

Hello: Glad to see you.

So,is an issue with the Windows itself? This user account has a profile set in Chrome. And I used nirsoft tools and retrieved Chrome logins.

Thanks for answer.

[byehack]

test this: https://github.com/byehack/LaZagne

[Papotito123]

Hello: I doesn't have the computer with me.Its from a relative that lives in other country. I will manage to make him to test it.

Thanks.

[ghost]

works great. thanks, byehack.

[Papotito123]

Hello: Glad to hear.

I'm in a country that with are dealing with some issues and didn't have resources to test it

Good for @byehack .

[byehack]

I'm in a country that with are dealing with some issues and didn't have resources to test it

:/ where?

[Papotito123]

Hello: Puerto Rico This is hurricane season and just starts pretty. We had what it should be a low damage system but it causes u expected damage. I spent 32 hrs without electricity.And damages to part of house.Damages to roads. Because of damages caused by hurricane Maria in Sept 2017 the power system is still fragile. Electricity is going down to some parts of the island every day

[AlessandroZ]

Thanks @Papotito123 for reporting this issue and @byehack for the fix. Have a nice day both of you.

Y que viva Puerto Rico !!