#
Browser Credential Dumper
This repo contains a modified version of the LaZagne project. LaZagne contains functionality for dumping credentials from a variety of sources on various operating systems. However, the code contained here is a shrunken down version that is limited to only dumping credentials from browsers on Windows machines.
#
Usage
This directory contains lazagne.exe
, which is a portable executable that has been tested on Windows 10 machines. To use this executable, simply drop it on the target system and execute from a command prompt.
#
Build Instructions
If you would like to build the executable yourself, there are several tools that compile Python code into Windows Executables. The Evals team used PyInstaller
to generate a portable single file executable.
Compile the code using PyInstaller
on Windows:
Install PyInstaller:
python -m install PyInstaller
Navigate to the Windows directory within this repo:
cd Windows
Compile using the following command:
pyinstaller --onefile --hidden-import=lazagne.softwares.browsers.chromium_based --hidden-import=lazagne.softwares.browsers.chromium_browsers --hidden-import=lazagne.softwares.browsers.mozilla --hidden-import=lazagne.softwares.browsers.firefox_browsers --hidden-import=lazagne.softwares.browsers.ie --hidden-import=lazagne.softwares.browsers.ucbrowser --hidden-import=lazagne.softwares.windows.windows --hidden-import=lazagne.softwares.windows.credman --hidden-import=lazagne.config.constant --hidden-import=lazagne.config.module_info --hidden-import=lazagne.config.soft_import_module --hidden-import=lazagne.config.crypto.pyDes --hidden-import=lazagne.config.crypto.pyaes --hidden-import=lazagne.config.dico --hidden-import=lazagne.config.winstructure lazagne.py
The executable will be found in
Windows\dist\
aslazagne.exe
.
Note: PyInstaller needs to compile all dependencies into the single executable, and does so by examining imports. However, LaZagne dynamically loads many of its modules at runtime, and so PyInstaller is unaware of those dependencies. The compilation command explicitly informs PyInstaller to compile those dependencies as well with the --hidden-import
option.
#
CTI Evidence
https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/