The LaZagneForensic (LZF) application allows any user of Windows recover almost any password stored on the computer.
The LaZagneForensic program reportedly exploits the way Windows work to gain access to sensitive information stored by the users of each system. It is known that all passwords on Microsoft systems are stored encrypted by Windows. But as soon as the user is connected to the system, they are automatically decoded, so that they can be used by the functional.
Η αυθεντική εφαρμογή LaZagne χρησιμοποιεί ένα εσωτερικό API των Windows που ονομάζεται CryptUnprotectData για να αποκρυπτογραφήσει τους κωδικούς πρόσβασης των χρηστών. Αυτό το API αρχίζει να λειτουργεί με την είσοδο του χρήστη στο σύστημα, διαφορετικά δεν λειτουργεί. Εάν ο υπολογιστής δεν έχει ξεκινήσει (όταν η ανάλυση πραγματοποιείται από έναν συνδεδεμένο δίσκο εκτός connections) or if we do not place the application on a remote host, the passwords cannot be recovered.
LaZagneForensic was created to overcome this problem. The project is mainly inspired by Jean-Michel Picod's amazing work for them DPAPICK and Francesco Picasso for the Windows DPAPI laboratory.
That is why LaZagneForensic works after the user logs on to Windows. Then it can easily pick up passwords, and then store them in plain text.
The developer of the application even says that the only way to stay safe is to avoid storing passwords using the default Windows method.
This practically means that for your security you might want to use a third-party password manager.
We occasionally report the password manager KeePass. It is the password manager we recommend as it saves everything locally and with very strong encryption.
LaZagneForensic can recover passwords from the following programs: Outlook, Thunderbird, Chrome, Firefox, Internet Explorer, Opera, Pidgin, Filezilla, wifi, databases, Skype, etc.
