Skip to content

Instantly share code, notes, and snippets.

hadrian3689 /
Last active November 15, 2023 07:09
An ad hoc script for decrypting the Havoc C2 framework traffic.
from Crypto.Cipher import AES
from Crypto.Util import Counter
import binascii
def decrypting(key,iv,data):
key = binascii.unhexlify(key)
iv = binascii.unhexlify(iv)
encrypted_data = binascii.unhexlify(data)
ctr_cipher =, AES.MODE_CTR,, initial_value=int.from_bytes(iv, byteorder='big')))
decrypted_data = ctr_cipher.decrypt(encrypted_data)
hadrian3689 /
Created October 14, 2023 04:24 — forked from jborean93/
A script that can be used to decrypt WinRM exchanges using NTLM over http
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Copyright: (c) 2020 Jordan Borean (@jborean93) <>
# MIT License (see LICENSE or
Script that can read a Wireshark capture .pcapng for a WinRM exchange and decrypt the messages. Currently only supports
exchanges that were authenticated with NTLM. This is really a POC, a lot of things are missing like NTLMv1 support,
hadrian3689 /
Last active June 2, 2023 03:59 — forked from h4sh5/
Random Session Key calculator based off of data from a packet capture
import hashlib
import hmac
import argparse
#stolen from impacket. Thank you all for your wonderful contributions to the community
from Cryptodome.Cipher import ARC4
from Cryptodome.Cipher import DES
from Cryptodome.Hash import MD4
except Exception: