4 June 2015
The LaZagne Project by Alessandro Zanni is a little utility that displays passwords for 22 Windows and 12 Linux programs. For details please see post The LaZagne Project dumps 22 Different Program Passwords published by ‘cyber arms – computer security’ two weeks ago.
LaZagne is primarily intended for penetration testers to dump passwords once they got access to a system. I use it as a demonstrator to raise awareness for security issues, for example, when it comes to WiFi security.
LaZagne dumps WiFi passwords from all networks you used since the last fresh installation:
|====================================================================| | | | The LaZagne Project | | | | ! BANG BANG ! | | | |====================================================================| ------------------- Wifi passwords ----------------- Password found !!! password: XXXXXXXXXXXXXXXX authentication: WPA2PSK protected: true ssid: WLAN-0024FE4A9566 Password found !!! authentication: open ssid: NH-Hotel-Group Password found !!! password: XXXXXXXXXXXXXXXX authentication: WPA2PSK protected: true ssid: WLAN-DA5176 [+] 3 passwords have been found. For more information launch it again with the -v option
That’s not rocket science. The connection details are stored in files in directory C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces{E3004523-B55C-4A21-BE85-2FEC752E07EB}. Since decryption of the connection passwords is easy, we face a new? vulnerability which makes it easy for attackers to compromise our networks.
With this, I recommend:
- Never leave your computer unattended, in particular if you are signed in with administrative privileges. LaZagne needs administrative privileges to read the configuration files. I wonder why this is required because the configuration files are readable by everyone…
- Before disposing your computer securely erase the data on the disk or use a full disk encryption utility. This will prevent attackers from accessing the WiFi configuration files and your network.
- Configure your Internet router to restrict access to specific computers. That’s really annoying because you have to authorize a new device to your network before someone can start surfing.
Take care!