(Note: If you'd like more on LaZagne then take a look at my Pluralsight course on Credential Access with LaZagne)
I’ve been using LaZagne a little lately. It’s an open source tool that lets you harvest lots of credentials from a machine, which is useful for red team work.
Running LaZagne on Windows gives you two options. First, you can install Python, then run the Python code that you can get from the GitHub repository. All the latest updates to help you harvest credentials. Second, you can use the Windows executable, which is much easier, you don’t need to install anything, you can just run it directly from the command line.
So great, let’s use the .exe file, all good.
Not so fast.
The .exe file you get from the GitHub repository is old, it doesn’t get updated when the repository does. It’s missing a lot of important changes.
Never fear, we can build the .exe file ourselves, there’s even a guide on the GitHub wiki for the repository telling us how to do it. Great, let’s build it! (https://github.com/AlessandroZ/LaZagne/wiki/How-to-compile#for-windows-only)
Not so fast.
We’re building it on Windows 10, x64 and there are a lot of reasons why it might just not work. Here’s a checklist of things you’ll need to do to get that up to date executable (Note that this works at the time of writing, things might change over time!):
- Get the latest version of Python, I’m using 3.9.1. Make sure you get it from https://www.python.org/downloads and not the Microsoft Store.
- Get the latest copy of the Python code from https://github.com/AlessandroZ/LaZagne
- In your copy of the repository you’ll see a file called requirements.txt. Use the following command to install the dependencies from that file:
pip install -r requirements.txt
- Next, install pyinstaller. This is the program we’ll use to create the executable:
pip install pyinstaller
- Now we want pywin32:
pip install pywin32
- Change directory to the “Windows” directory in your copy of the repository
- Create a file in there called lazagne.spec and add the following contents (note that this differs from the wiki, lines referencing windows DLLs have been removed):
# -*- mode: python -*- import sys a = Analysis( ['laZagne.py'], pathex=[''], hiddenimports=, hookspath=None, runtime_hooks=None ) for d in a.datas: if 'pyconfig' in d: a.datas.remove(d) break pyz = PYZ(a.pure) exe = EXE( pyz, a.scripts, a.binaries, a.zipfiles, a.datas, name='lazagne.exe', debug=False, strip=None, upx=True, console=True )
Lastly, actually create the executable:
pyinstaller --onefile -w lazagne.spec
That’ll create a directory called 'dist' and in there you’ll find your brand new, all up to date lazagne.exe file.
At this point, if you’ve got antivirus running, there’s a good bet it’s picked it up as a threat. Once you’ve got that sorted out (hopefully you can tell it that it’s all ok and there are no threats here), give it a quick run to make sure it’s working.
…and behold the plethora of credentials you receive.
Got a comment or correction (I’m not perfect) for this post? Please leave a comment below.
Subscribe to Gavin Johnson-Lynn
Get the latest posts delivered right to your inbox