matterpreter

#!/usr/bin/env python3
import sys

def usage():
    print('HashMash - decrypted password to username matcher')
    print('')
    print('$ python3 %s <Hash File> <OCL Hashcat Decrypted File>' % sys.argv[0])
    print('')
    print('User Hash File format is user:hash (or JTR NTLM)')
    print('OCL Decrypted Pasword File format is, hash:password')

matterpreter

#!/bin/bash
sudo apt install -y libace-6.3.3 libc6 libgcc1 libstdc++6 libtao-2.0.1 liblzo2-2 zlib1g libssl1.0.0
mkdir debs && cd debs

#Pull all the required packages from Launchpad for Ubunutu
wget -nv http://launchpadlibrarian.net/74750902/libace-6.0.1_6.0.1-3_amd64.deb
wget -nv http://launchpadlibrarian.net/74750904/libace-ssl-6.0.1_6.0.1-3_amd64.deb
wget -nv http://launchpadlibrarian.net/74750910/libace-htbp-6.0.1_6.0.1-3_amd64.deb
wget -nv http://launchpadlibrarian.net/74750917/libacexml-6.0.1_6.0.1-3_amd64.deb
wget -nv http://launchpadlibrarian.net/74750919/libkokyu-6.0.1_6.0.1-3_amd64.deb

matterpreter

Keybase proof

I hereby claim:

• I am matterpreter on github.
• I am matterpreter (https://keybase.io/matterpreter) on keybase.
• I have a public key ASBpyi7rGq-uzLP9xeGttxt0c2ZnQh1EOkXjKv6lQm3eWgo

To claim this, I am signing this object:

matterpreter

public static void CyrillicSwap(string latinString)
{
    Console.OutputEncoding = Encoding.UTF8;
    Dictionary<string, string> CyrDict = new Dictionary<string, string>()
    {
        {"a", "а"}, // \u0430
        {"c", "с"}, // \u0441
        {"e", "е"}, // \u0435
        {"o", "о"}, // \u043e
        {"p", "р"}, // \u0440

matterpreter

//Locate RPC procecures inside of server code
//@author Matt Hand (@matterpreter) based on original work by Sektor7 Labs (@reenz0h)
//@category Functions
//@keybinding 
//@menupath 
//@toolbar

import ghidra.app.script.GhidraScript;
import ghidra.program.model.block.*;
import ghidra.program.model.symbol.*;

matterpreter

public static bool IsAdmin()
{
    WindowsIdentity identity = WindowsIdentity.GetCurrent();
    WindowsPrincipal principal = new WindowsPrincipal(identity);
    if (!principal.IsInRole(WindowsBuiltInRole.Administrator))
    {
        return false;
    }
    else
    {

matterpreter

lkd> dt -b nt!_EPROCESS
   +0x000 Pcb              : _KPROCESS
      +0x000 Header           : _DISPATCHER_HEADER
         +0x000 Lock             : Int4B
         +0x000 LockNV           : Int4B
         +0x000 Type             : UChar
         +0x001 Signalling       : UChar
         +0x002 Size             : UChar
         +0x003 Reserved1        : UChar
         +0x000 TimerType        : UChar

matterpreter

0: kd> dt -b nt!_IRP
   +0x000 Type             : Int2B
   +0x002 Size             : Uint2B
   +0x004 AllocationProcessorNumber : Uint2B
   +0x006 Reserved         : Uint2B
   +0x008 MdlAddress       : Ptr64 
   +0x010 Flags            : Uint4B
   +0x018 AssociatedIrp    : <anonymous-tag>
      +0x000 MasterIrp        : Ptr64 
      +0x000 IrpCount         : Int4B

matterpreter

using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using PeNet;
using PeNet.Header.Pe;

matterpreter

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace UnkillableTest
{
    class Program
    {
        [DllImport("ntdll.dll", SetLastError = true)]
        private static extern void RtlSetProcessIsCritical(uint bNew, uint pbOld, uint bNeedScb);