gavz

import hashlib
import struct
import argparse
from Crypto.Cipher import AES #pip install pycryptodome

def decrypt(blob, key):
    """Decrypt PDQ credential blobs"""
    #Format for the blob is [header][ivlen][iv][encdata]
    #Example blob: 28656e63727970746564290010644d18eb7817dad6de5f531b1b0b60113087662f3cf0ffdaa7760418c15ee6ea
    #Example blob: [28656e637279707465642900][10][644d18eb7817dad6de5f531b1b0b6011][3087662f3cf0ffdaa7760418c15ee6ea]

gavz

#include <windows.h>
#include <iostream>
#include <fstream>
#include <string>
#include <vector>
#include <ctime>
#include <memory>
#include <optional>
#include <random>
#include <string_view>

gavz

#!/bin/sh

#
# Copyright (C) 2010 Matthias Buecher (http://www.maddes.net/)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# http://www.gnu.org/licenses/gpl-2.0.txt

gavz

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

gavz

#include <Windows.h>
#include <psapi.h>


int main()
{
    HANDLE ProcessHandle;
    ULONG Processes[4096];
    ULONG DataSize;
    ULONG NumberOfProcesses;

gavz

from impacket.dcerpc.v5 import epm, rpcrt, transport, nrpc, samr
from impacket.uuid import bin_to_uuidtup
from impacket.crypto import SamDecryptNTLMHash
from binascii import unhexlify, hexlify
from random import randbytes
import sys
import argparse

# This script perform a netsync attack. No SMB involved
# My first idea was to only use netlogon SSP, however SAMR seems not compatible

gavz

cmake_minimum_required(VERSION 3.24)
project(Stardust
  LANGUAGES CXX
)

# Build option for generating the final shellcode.bin file
option(STARDUST_BUILD_SHELLCODE "Build the final shellcode.bin file" OFF)

# Add nasm for the Stardust.asm source if building shellcode
if(${STARDUST_BUILD_SHELLCODE})

gavz

function Expand-Properties($Object, $Depth = 5, $Indent = 0) {
    if ($Depth -le 0 -or $null -eq $Object) { return } $prefix = " " * $Indent
    $Object | gm -m Property | % {
        $pValue = $Object.$($_.Name)
        if ($pValue -is [Enum]) { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "$pValue" -F Blue }
        elseif ($null -eq $pValue) { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "(null)" -F Blue }
        elseif ($pValue -is [Collections.IEnumerable] -and $pValue -isnot [string]) { Write-Host "$prefix$($_.Name): " -F Green; $pValue | % { Expand-Properties $_ ($Depth - 1) ($Indent + 4) } }
        elseif ($pValue -is [PSObject] -or $pValue.GetType().Namespace -match "^System.Reflection") { Write-Host "$prefix$($_.Name): " -F Green; Expand-Properties $pValue ($Depth - 1) ($Indent + 4) }
        else { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "$pValue" -F Blue }}}
Expand-Properties ([Reflection.PortableExecutable.PEReader]::new([IO.File]::OpenRead([IO.Path]::G

gavz

#Requires -Module PSDetour

[CmdletBinding()]
param (
    [Parameter(Mandatory)]
    [string]
    $LogPath
)

$LogPath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($LogPath)

gavz

from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc
from impacket.uuid import bin_to_uuidtup
from binascii import unhexlify
from random import randbytes
import sys

# Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3)
# Pure TCP RPC is used (ncacn_ip_tcp option)
# AES is used, so you need impacket #1848 (https://github.com/fortra/impacket/pull/1848)
# Tested with impacket 0.12.0 on GOAD