Archive for the ‘Windows Tricks’ Category


The LaZagne project (A password recovery tool) is an open-source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.

Note: For WiFi passwords \ Windows Secrets, launch it with administrator privileges (UAC Authentication / sudo)

Download Windows Version – https://github.com/AlessandroZ/LaZagne/releases/download/1.1/Windows.zip

After completion of the download, extract the above file and run it with CMD with Administrative permissions and type: “laZagne.exe

Positional arguments: {chats,svn,all,wifi,mails,windows,database,sysadmin,browsers,games}

  • chats – Run chats module
  • svn – Run svn module
  • all – Run all modules
  • wifi – Run wifi module
  • mails – Run mails module
  • windows – Run windows module
  • database – Run database module
  • sysadmin – Run sysadmin module
  • browsers – Run browsers module
  • games – Run games module

To retrieve all passwords, type “laZagne.exe all

The above command will show you a welcome screen with all the options which you can easily use

  1. For fetching only Browsers password, type “laZagne.exe browsers
  2. For Specific Browser like Firefox, type “laZagne.exe browsers -f
  3. To write all passwords in a file, use (-w) attribute, like “laZagne.exe all -w
  4. For Bruteforce attack, you can even use your own dictionary file, type “laZagne.exe all -path file.txt
  5. For any kind of help, you can type “laZagne.exe -h

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Posted by Shubham ;)


download

Spoiler Alert: I suggest you to try to hack your way into the site, before actually reading anything below. If you fail after considerable tries or you want to know a method which may be different than yours, you can follow along below.

What is Hack The Box :

It is basically an online platform to test and advance your skills in penetration testing and cybersecurity. It contains several challenges that are constantly updated. Some of them simulating real-world scenarios and some of them leaning more towards a CTF style of challenge. You should try this site out if you have an interest in network security or information security.

Now, let’s hack our way in! Shall we?

  1. First, visit the Hack the Box site and read along its FAQs and other useful stuff written there.
  2. You will be told to go to https://www.hackthebox.eu/invite to join HTB.
  3. When you go to that page, you will see a text box asking you for an invite code.
  4. Right-click on the page, and open inspect element. Alternatively, press Ctrl+Shift+I to open the Chrome Developers Tools.
  5. Go through the elements tab and you will find a script with source as: /js/inviteapi.min.js
See the script src: /js/inviteapi.min.js

6. So now, go to https://www.hackthebox.eu/js/inviteapi.min.js . You will see a JS file like this.

See the makeInviteCode which is highlighted

7. makeInviteCode looks interesting. So let’s go back to https://www.hackthebox.eu/invite and try to find its contents.

8. Goto console tab in Chrome Developer Tools, and type ” makeInviteCode() “and press ENTER. You will get a 200 Success status and data as shown below.

9. When you click the small arrow alongside data, you will see the encoding type to be Base64.

Base64 enc type

10. Let’s decode that message! Copy the contents of the data. And search online for a Base64 Decryptor. I used Google search’s first result: https://www.base64decode.org/

11. Paste the copied data onto the text box and click DECODE. You will get something like below.

** Some time encoding type may differ like there will ROT13 insted of base64..etc for that just google rot13 open the first link and Paste the copied data onto the text box and click DECODE.

12. So, in order to generate an invite code, we need to make a POST request to https://www.hackthebox.eu/api/invite/generate.

13. Fire up your terminal. And make a POST request by typing:

curl -XPOST https://www.hackthebox.eu/api/invite/generate

14. You will get a success message as:

{“success”:1,”data”:{“code”:”somerandomcharacters12345=”,”format”:”encoded”},”0″:200}

15. As you saw, we code a code. But this is not our invite code as it says format:encoded.

16. Lets’s try decoding it, by again using https://www.base64decode.org/.

17. Paste the code you got as the response of the POST request into the textbox. Voila! You get your invite code.

You get your invite code (Don’t try using this invite code as it won’t work for you)

18. Now, finally, go to https://www.hackthebox.eu/invite and paste the Invite Code you got in the textbox asking for the same.

19. You’re in! You can sign up on the site now and become a member.

Happy Hacking !!

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Posted by Shubham ;)