Skip to content

Instantly share code, notes, and snippets.

@hadrian3689
hadrian3689 / winrm_decrypt.py
Created October 14, 2023 04:24 — forked from jborean93/winrm_decrypt.py
A script that can be used to decrypt WinRM exchanges using NTLM over http
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# PYTHON_ARGCOMPLETE_OK
# Copyright: (c) 2020 Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
"""
Script that can read a Wireshark capture .pcapng for a WinRM exchange and decrypt the messages. Currently only supports
exchanges that were authenticated with NTLM. This is really a POC, a lot of things are missing like NTLMv1 support,
@hadrian3689
hadrian3689 / random_session_key_calc.py
Last active June 2, 2023 03:59 — forked from h4sh5/random_session_key_calc.py
Random Session Key calculator based off of data from a packet capture
import hashlib
import hmac
import argparse
#stolen from impacket. Thank you all for your wonderful contributions to the community
try:
from Cryptodome.Cipher import ARC4
from Cryptodome.Cipher import DES
from Cryptodome.Hash import MD4
except Exception: