hadrian3689
hadrian3689
/ pwm_decrypt.py
Created
December 11, 2024 03:45
A PwmConfiguration.xml decryptor in Python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import hashlib | |
| from Crypto.Cipher import AES #pip install pycryptodome | |
| def pwm_cipher(): | |
| #Create a new AES cipher object using AES-128 in ECB mode. | |
| return AES.new(key=b'0'*16, mode=AES.MODE_ECB) # Placeholder key, actual key will be set later | |
| def pwm_make_key(key: str) -> bytes: | |
| #Derive a 16-byte AES key from the given input key. |
hadrian3689
/ procmon.ps1
Created
November 24, 2024 23:40
— forked from egre55/procmon.ps1
procmon.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple PowerShell process monitor | |
| while($true) | |
| { | |
| $process = Get-WmiObject Win32_Process | Select-Object CommandLine | |
| Start-Sleep 1 | |
| $process2 = Get-WmiObject Win32_Process | Select-Object CommandLine | |
| Compare-Object -ReferenceObject $process -DifferenceObject $process2 |
hadrian3689
/ winrm_decrypt.py
Created
October 14, 2023 04:24
— forked from jborean93/winrm_decrypt.py
A script that can be used to decrypt WinRM exchanges using NTLM over http
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # PYTHON_ARGCOMPLETE_OK | |
| # Copyright: (c) 2020 Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| """ | |
| Script that can read a Wireshark capture .pcapng for a WinRM exchange and decrypt the messages. Currently only supports | |
| exchanges that were authenticated with NTLM. This is really a POC, a lot of things are missing like NTLMv1 support, |
hadrian3689
/ random_session_key_calc.py
Last active
June 2, 2023 03:59
— forked from h4sh5/random_session_key_calc.py
Random Session Key calculator based off of data from a packet capture
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import hmac | |
| import argparse | |
| #stolen from impacket. Thank you all for your wonderful contributions to the community | |
| try: | |
| from Cryptodome.Cipher import ARC4 | |
| from Cryptodome.Cipher import DES | |
| from Cryptodome.Hash import MD4 | |
| except Exception: |