unsigned_sh0rt garrettfoster13

AdSim

garrettfoster13 / decrypt.py

Created April 11, 2025 19:13

decrypting PDQ creds

	import hashlib
	import struct
	import argparse
	from Crypto.Cipher import AES #pip install pycryptodome

	def decrypt(blob, key):
	"""Decrypt PDQ credential blobs"""
	#Format for the blob is [header][ivlen][iv][encdata]
	#Example blob: 28656e63727970746564290010644d18eb7817dad6de5f531b1b0b60113087662f3cf0ffdaa7760418c15ee6ea
	#Example blob: [28656e637279707465642900][10][644d18eb7817dad6de5f531b1b0b6011][3087662f3cf0ffdaa7760418c15ee6ea]

garrettfoster13 / wrapper.py

Created March 17, 2025 22:57

wrapping minikerberos

	import sys
	import argparse
	import asyncio


	def ldap_url(auth_options):
	url_format = {
	"kerb_password": f"kerberos+password://{{domain}}\\{{username}}:{{password}}@{{fqdn}}/?dc={{dcip}}",
	"kerb_rc4": f"kerberos+rc4://{{domain}}\\{{username}}:{{nt}}@{{fqdn}}/?dc={{dcip}}",
	"kerb_aes": f"kerberos+aes://{{domain}}\\{{username}}:{{aeskey}}@{{fqdn}}/?dc={{dcip}}",

garrettfoster13 / gist:d5015133dcc728497f5941a431d6c515

Created February 13, 2025 03:14

Tweaked from Responder to Profile one remote SQL box

	#! /usr/bin/env python3
	# This file is part of Responder, a network take-over set of tools
	# created and maintained by Laurent Gaffie.
	# email: [email protected]
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,