Tim Sonner timsonner
timsonner
/ pass-spray.go
Last active
June 6, 2023 11:46
GoLang. Domain password spray script. Runs on Windows.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "io/ioutil" | |
| "strings" | |
| "syscall" | |
| "unicode/utf16" | |
| "unsafe" |
timsonner
/ format-users.bat
Last active
June 5, 2023 01:50
Batch. Run “net user /domain > users.txt”. Remove the first 6 lines of users.txt, then the last line and finally run this script. Drop it into pass-spray.go.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| if "%~1" == "" ( | |
| echo Usage: %0 users.txt | |
| exit /b 1 | |
| ) | |
| for /f "usebackq tokens=1,2,3*" %%A in (%1) do ( | |
| echo %%A | |
| echo %%B |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "encoding/binary" | |
| "log" | |
| "os" | |
| "reflect" | |
| "unsafe" | |
| ) |
timsonner
/ http-fuzz-unknown-password.go
Last active
June 25, 2023 00:47
GoLang. Brute force HTTP password fuzzing when username is known. Built to enumerate credentials from OWASP DVWA with Security set to Impossible. Matches PHPSESSID from cookie and hidden CSRF token from response body, success based on navigation to index.php. Fast AF. Mimics a Patator web_fuzz.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "compress/gzip" | |
| "fmt" | |
| "io/ioutil" | |
| "log" | |
| "net/http" | |
| "regexp" | |
| "strings" |
timsonner
/ match-strings-by-char-length.go
Last active
June 23, 2023 03:00
GoLang. Match strings by character length. Helps reduce brute force attempts by refining a word list. Userful when target password or username length is known.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "fmt" | |
| "os" | |
| ) | |
| func main() { | |
| // Specify the password list file path |
timsonner
/ fuzz-http-unknown-username-and-password.go
Last active
June 25, 2023 00:45
GoLang. Brute force HTTP login fuzz when username and password is unknown. Tries all username and pasword combinations. Built around enumerating OWASP DVWA credentials when Security is set to Impossible.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "compress/gzip" | |
| "fmt" | |
| "io/ioutil" | |
| "log" | |
| "net/http" | |
| "regexp" | |
| "strings" |
timsonner
/ go-cve-2012-2982-rce-webmin-file-go-cgi.go
Last active
July 3, 2023 07:26
GoLang. Exploit for CVE-2012-2982. Remote code execution on target. Webmin aka MiniServ/1.580. CVE description: file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/tls" | |
| "fmt" | |
| "io/ioutil" | |
| "math/rand" | |
| "net/http" | |
| "strings" | |
| "time" |
timsonner
/ go-rc4-shellcode-template.go
Last active
July 11, 2023 09:56
Golang. Opens an rc4 encypted byte slice of shellcode from a file, decrypts the byte slice, allocates memory and puts the byte slice of shellcode in memory. This code evades edr.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/rc4" | |
| "fmt" | |
| "io/ioutil" | |
| "syscall" | |
| "unsafe" | |
| ) |
timsonner
/ go-shellcode-skeleton.go
Created
July 10, 2023 07:26
GoLang. Allocates memory and puts shellcode in memory. Shellcode is unencrypted and thus vulnerable to edr.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "syscall" | |
| "unsafe" | |
| ) | |
| var ( | |
| kernel32 = syscall.NewLazyDLL("kernel32.dll") | |
| ntdll = syscall.NewLazyDLL("ntdll.dll") |
timsonner
/ go-rc4-encrypt-shellcode.go
Last active
July 10, 2023 07:40
GoLang. Encrypts a given bite slice of shellcode to rc4 and outputs the encrypted data to a file specified as a command line argument.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/rc4" | |
| "io/ioutil" | |
| "log" | |
| "os" | |
| ) | |
| func main() { |