From what I've seen all it does is look for plain text passwords that
All,
The below SR is for a new to OBS password recovery tool (LaZagne).
the user has visibility to if they knew where to look and present
them. I have not done a code review, but I did run it to see what it
found.
In the case of running it as root, it is not looking in /home/* for
passwords, just /etc and /root
I know hacking tools are not allowed on OBS, but I argue this is more
of an auditing tool in that it lets users know what plain text
passwords they have on there system.
I can accept it into security:forensics (which is where it was
submitted), but I'd appreciate your feedback as to the appropriateness
of this package in security:forensics and/or factory before I do that.
Per the website
(http://www.kitploit.com/2015/02/the-lazagne-project-recover-most-common.html)
LaZagne can recover passwords from:
====
browsers - firefox, opera
chats - pidgin, jitsi
mails - thunderbird
adminsys - filezilla, environment variables
database - sqldeveloper, squirrel, dbvisualizer
wifi - network manager
wallet - gnome keyring
====
Summary, With openSUSE 13.2 LaZagne was able to retrieve some passwords
for filezilla and wireless lans, but the passwords were being stored
in plain text.
Thanks
Greg
---------- Forwarded message ----------
From: Luigi Baldoni
Date: Wed, Jun 10, 2015 at 3:06 AM
Subject: Request 311390 created by alois (submit security:forensics/LaZagne)
To: Greg Freemyer , Marcus Meissner
Visit https://build.opensuse.org/request/show/311390
Description:
Retrieves credentials stored locally.
Actions:
- submit home:alois:branches:security:forensics/LaZagne =>
security:forensics/LaZagne
changes files:
--------------
++++++ new changes file:
--- LaZagne.changes
+++ LaZagne.changes
@@ -0,0 +1,17 @@
+-------------------------------------------------------------------
+Fri Jun 5 07:37:17 UTC 2015 - aloisio@gmx.com
+
+- Update to version 0.71:
+ * Wifi password module from WPA Supplicant implemented (by rpesche)
+
+-------------------------------------------------------------------
+Sat May 30 12:01:35 UTC 2015 - aloisio@gmx.com
+
+- Update to version 0.7:
+ * Fix mozilla bug (special characters were not printed)
+
+-------------------------------------------------------------------
+Wed May 27 11:50:21 UTC 2015 - aloisio@gmx.com
+
+- Initial version 0.6
+
new:
----
LaZagne-0.71.tar.bz2
LaZagne.changes
LaZagne.spec
spec files:
-----------
++++++ new spec file:
--- LaZagne.spec
+++ LaZagne.spec
@@ -0,0 +1,74 @@
+#
+# spec file for package LaZagne
+#
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+Name: LaZagne
+Version: 0.71
+Release: 0
+Summary: Python tool to decode locally stored passwords
+License: GPL-3.0
+Group: Development/Languages/Python
+Url: https://github.com/AlessandroZ/LaZagne
+Source0: %{name}-%{version}.tar.bz2
+BuildRequires: fdupes
+BuildRequires: python-devel
+Requires: dbus-1-python
+Requires: python-argparse
+Requires: python-kde4
+Requires: python-pyasn1
+Requires: python-pycrypto
+BuildArch: noarch
+
+%description
+LaZagne is an open source tool to retrieve and decode
+credentials stored on your computer.
+
+%prep
+%setup -q
+
+%build
+
+%install
+pushd Linux/src
+mkdir -p %{buildroot}%{python_sitelib}/%{name}
+sed -e 's|^# !/|#!/|' -i LaZagne.py
+cp LaZagne.py* %{buildroot}%{python_sitelib}/%{name}
+cp -a config %{buildroot}%{python_sitelib}/%{name}
+cp -a softwares %{buildroot}%{python_sitelib}/%{name}
+popd
+
+pushd %{buildroot}%{python_sitelib}/%{name}/
+%py_compile .
+popd
+
+mkdir -p %{buildroot}%{_bindir}
+pushd %{buildroot}%{_bindir}
+ln -s %{python_sitelib}/%{name}/%{name}.py .
+chmod +x %{buildroot}%{python_sitelib}/%{name}/%{name}.py
+popd
+
+%fdupes -s %{buildroot}
+
+%files
+%defattr(-,root,root)
+%doc CHANGELOG LICENSE README.md
+%dir %{python_sitelib}/%{name}
+%{_bindir}/%{name}.py
+%{python_sitelib}/%{name}/%{name}.py*
+%{python_sitelib}/%{name}/config
+%{python_sitelib}/%{name}/softwares
+
+%changelog
other changes:
--------------
++++++ LaZagne-0.71.tar.bz2 (new)
To REVIEW against the previous version:
osc request show --diff 311390
To ACCEPT the request:
osc request accept 311390 --message="reviewed ok."
To DECLINE the request:
osc request decline 311390 --message="declined for reason xyz (see
... for background / policy / ...)."
To REVOKE the request:
osc request revoke 311390 --message="retracted because ..., sorry /
thx / see better version ..."
--
Configure notifications at https://build.opensuse.org/user/notifications
openSUSE Build Service (https://build.opensuse.org/)
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-security+owner@opensuse.org