mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-22 02:21:36 +01:00
GLobalProtectDisable update.
This commit is contained in:
parent
0dc13a3ab4
commit
e8c3d8dae7
@ -23,12 +23,13 @@
|
|||||||
using namespace std;
|
using namespace std;
|
||||||
|
|
||||||
const wchar_t *processName = L"PanGPA.exe";
|
const wchar_t *processName = L"PanGPA.exe";
|
||||||
const size_t PatternsNum = 2;
|
const size_t PatternsNum = 3;
|
||||||
const size_t SizeOfReplacingBytes = 2;
|
const size_t SizeOfReplacingBytes = 2;
|
||||||
|
|
||||||
const wchar_t *versionsArray[PatternsNum] = {
|
const wchar_t *versionsArray[PatternsNum] = {
|
||||||
L"3.1.6.19",
|
L"3.1.6.19",
|
||||||
L"5.0.3.29"
|
L"5.0.3.29",
|
||||||
|
L"5.1.3.12"
|
||||||
};
|
};
|
||||||
|
|
||||||
//
|
//
|
||||||
@ -62,13 +63,27 @@ Look for strings such as:
|
|||||||
"CDisableDialog::CheckPasscode - passcode matched, ok to disable"
|
"CDisableDialog::CheckPasscode - passcode matched, ok to disable"
|
||||||
"CDisableDialog::CheckPasscode - passcode mismatch, deny disabling"
|
"CDisableDialog::CheckPasscode - passcode mismatch, deny disabling"
|
||||||
*/
|
*/
|
||||||
|
|
||||||
const BYTE patternToFind50329[] = {
|
const BYTE patternToFind50329[] = {
|
||||||
0x48, 0x83, 0xc1, 0x78, 0xff, 0x15, 0xba, 0xb3, 0x04, 0x00,
|
0x48, 0x83, 0xc1, 0x78, 0xff, 0x15, 0xba, 0xb3, 0x04, 0x00,
|
||||||
0x85, 0xc0
|
0x85, 0xc0
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
.text:000000014009E654 4C 89 B4 24 88 00 00 00 mov [rsp+0A8h+var_20], r14
|
||||||
|
.text:000000014009E65C 4C 89 BC 24 80 00 00 00 mov [rsp+0A8h+var_28], r15
|
||||||
|
.text:000000014009E664 85 D2 test edx, edx
|
||||||
|
.text:000000014009E666 0F 85 8C 00 00 00 jnz loc_14009E6F8
|
||||||
|
^--- This is byte to be patched. -------^
|
||||||
|
.text:000000014009E66C 83 3D 41 E4 34 00 05 cmp cs:dword_1403ECAB4, 5
|
||||||
|
.text:000000014009E673 72 78 jb short loc_14009E6ED
|
||||||
|
.text:000000014009E675 48 8D 4C 24 60 lea rcx, [rsp+0A8h+SystemTime] ; lpSystemTime
|
||||||
|
*/
|
||||||
|
const BYTE patternToFind51312[] = {
|
||||||
|
0x24, 0x88, 0x00, 0x00, 0x00, 0x4c, 0x89, 0xBC, 0x24, 0x80,
|
||||||
|
0x00, 0x00, 0x00, 0x85, 0xD2
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
// jne pangpa.7FF621B7D08F
|
// jne pangpa.7FF621B7D08F
|
||||||
const BYTE bytesToBeReplaced31619[SizeOfReplacingBytes] = {
|
const BYTE bytesToBeReplaced31619[SizeOfReplacingBytes] = {
|
||||||
@ -90,25 +105,39 @@ const BYTE replacingBytes50329[SizeOfReplacingBytes] = {
|
|||||||
0x74, 0x49
|
0x74, 0x49
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// jnz loc_14009E6F8
|
||||||
|
const BYTE bytesToBeReplaced51312[SizeOfReplacingBytes] = {
|
||||||
|
0x0F, 0x85
|
||||||
|
};
|
||||||
|
|
||||||
|
// jz loc_14009E6F8
|
||||||
|
const BYTE replacingBytes51312[SizeOfReplacingBytes] = {
|
||||||
|
0x0F, 0x84
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
const BYTE *patternsArray[PatternsNum] = {
|
const BYTE *patternsArray[PatternsNum] = {
|
||||||
patternToFind31619,
|
patternToFind31619,
|
||||||
patternToFind50329
|
patternToFind50329,
|
||||||
|
patternToFind51312
|
||||||
};
|
};
|
||||||
|
|
||||||
const size_t patternsSizes[PatternsNum] = {
|
const size_t patternsSizes[PatternsNum] = {
|
||||||
sizeof(patternToFind31619),
|
sizeof(patternToFind31619),
|
||||||
sizeof(patternToFind50329)
|
sizeof(patternToFind50329),
|
||||||
|
sizeof(patternToFind51312)
|
||||||
};
|
};
|
||||||
|
|
||||||
const BYTE *patternsToBeReplaced[PatternsNum] = {
|
const BYTE *patternsToBeReplaced[PatternsNum] = {
|
||||||
bytesToBeReplaced31619,
|
bytesToBeReplaced31619,
|
||||||
bytesToBeReplaced50329
|
bytesToBeReplaced50329,
|
||||||
|
bytesToBeReplaced51312
|
||||||
};
|
};
|
||||||
|
|
||||||
const BYTE *replacingBytes[PatternsNum] = {
|
const BYTE *replacingBytes[PatternsNum] = {
|
||||||
replacingBytes31619,
|
replacingBytes31619,
|
||||||
replacingBytes50329
|
replacingBytes50329,
|
||||||
|
replacingBytes51312
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -11,6 +11,11 @@
|
|||||||
|
|
||||||
- **`GlobalProtectDisable.cpp`** - Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. ([gist](https://gist.github.com/mgeeky/54ac676226a1a4bd9fd8653e24adc2e9))
|
- **`GlobalProtectDisable.cpp`** - Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. ([gist](https://gist.github.com/mgeeky/54ac676226a1a4bd9fd8653e24adc2e9))
|
||||||
|
|
||||||
|
Currently supported versions:
|
||||||
|
- 3.1.6.19
|
||||||
|
- 5.0.3.29
|
||||||
|
- 5.1.3.12
|
||||||
|
|
||||||
Steps are following:
|
Steps are following:
|
||||||
|
|
||||||
1. Launch the application as an Administrator
|
1. Launch the application as an Administrator
|
||||||
@ -20,7 +25,7 @@
|
|||||||
5. Enter some random meaningless password
|
5. Enter some random meaningless password
|
||||||
|
|
||||||
After those steps - the GlobalProtect will disable itself cleanly.
|
After those steps - the GlobalProtect will disable itself cleanly.
|
||||||
From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).
|
From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).
|
||||||
|
|
||||||
- **`impacket-binaries.sh`** - Simple one-liner that downloads all of the Windows EXE impacket binaries put out in [Impacket Binaries](https://github.com/ropnop/impacket_static_binaries) repo. [gist](https://gist.github.com/mgeeky/2f990f14f1e7cf78fce21b8761234604)
|
- **`impacket-binaries.sh`** - Simple one-liner that downloads all of the Windows EXE impacket binaries put out in [Impacket Binaries](https://github.com/ropnop/impacket_static_binaries) repo. [gist](https://gist.github.com/mgeeky/2f990f14f1e7cf78fce21b8761234604)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user