How To Retrieve All Saved Passwords from Browsers, WiFi, Memory in Windows and Linux with LaZagne

Greetings everyone, I hope you all are fine and shine. In this tutorial I will show you how to extract saved passwords from an exploited system. This tool is actually a python script called LaZagne. The guy who created this script is Alessandro, and all the credit goes to him. This tool really helps hackers and pen-testers in getting the sensitive information.

This tool is available for all popular platforms like Windows, Linux, Mac.

NOTE: This tool doesn’t have the ability to crack all the hashes perfectly.

Now let’s see how it works.

1.First thing is to download this script and it’s very simple. Download this from the following link.
git clone GitHub - AlessandroZ/LaZagne: Credentials recovery project

2.Next navigate to the directory where you have cloned or download the zip (extract if zipped).

3.Before running this tool we must install the required packages for this tool so we didn’t face any problem. Probably you’ll get error if you don’t do it.
pip install -r requirement.txt

4. Now simply just run the tool by typing the following
   ./laZagne.py

This will show you the help menu

here’s how to take in use.

Now if you want to extract the browsers passwords, then type the follwing.
./laZagne.py browsers

Now this will show the URL, Login, Password

Now if you want to extract the wifi passwords, simply type the following.
./laZagne.py wifi
With this you will get the passwords, SSIDs of the saved wifi in your system.
if you want to extract the passwords saved in your memory, then do the following.
./laZagne.py memory

You can also save the credntials by putting ‘-oN’ (./laZagne.py memory -oN)

with this you will see the normal text fine in the laZagne folder(Probably be named credentials.txt).

same idea for Mac OS, if you have problem check out the Github page of the tool.

Now if you want to do that with windows, simply follow the link

Now once you extract the zip file simply navigate to that specific directory with the help of cmd where you have downloaded the laZagne.

Now it’s simple just like we did it on linux
laZagne.exe -h

NOTE: if you want to save all the sensitive information silently (without being displed on screen), you can simply put the -quiet.

lazagne.exe browsers -quiet -oN

Excellent guide, I’ll definitely be taking a look at the script.

Is it possible to do same with un-rooted android.

I didn’t try, but I guess it will work

I have guessed many things about android, but in vain.
I think that someone should make full fledged course on hacking android.

root@hacker101:/home/comdroid/LaZagne# pip install -r requirement.txt
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
ERROR: Could not open requirements file: [Errno 2] No such file or directory: ‘requirement.txt’

how can resolve this on executing pip install -r requirement.txt

Please describe your environment, are you using Ubuntu, Debian, Arch or Fedora? Secondly, you will need to install pip2 manually.

I’ve tried other Windows apps that do the same think but under a reverse shell or meterpreter seems not to output the creds correctly. Will try this for sure and report back.

Lazagne is detected by AV’s.

so much for Lazangna. Anyone got any Tortellini that will work?
I have yet to see one video where AV is running like Avast and see Eternalblue or reverse shells work. I guess no real hackers will show you their tricks and were left with mediocre ppl on youtube with crappy music in background who show hacking but anyone can do it.

Nope and maybe. I tried many tools like Veil, TheFatRat, Empire, Shellter and so on but never had success bypassing AV’s. Only one time I was able to bypass most AV’s with a reverse backdoor written with Python and bind it to another exe using smart install maker. But it worked only for 2 weeks. Even manipulating the code with bat to exe or hex editor didn’t do the job. I think, because AV’s nowadays use AI and register 1000 signatures each day it’s very hard to create a backdoor that will bypass AV’s. I’m going to try out now Revoke-Obfuscation which sounds very good and hope I have some success. If I do, I will let you’ll know on this forum. GitHub - danielbohannon/Revoke-Obfuscation: PowerShell Obfuscation Detection Framework