Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester’s machine running Responder or smbserver to gather NTLMv1 or NTLMv2 hashes (depending on configuration of theRead More
Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes Introduction Assless CHAPs is an efficient way to recover the NT hash used in a MSCHAPv2/NTLMv1 exchange if you have the challenge and response (e.g. from a WiFi EAP WPE attack). It requires a database of NT hashes, instructions on how to make these fromRead More
Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dynamically importing APIs (especially in shellcode) Checking running process used by analysts (Anti-Analysis) Checking VM or Antivirus artifacts (Anti-Analysis) Uchihash can generate hashes with your own custom hashing algorithm, search forRead More
Why crack hashes when you can bust them? Features Automatic hash type identification Supports MD5, SHA1, SHA256, SHA384, SHA512 Can extract & crack hashes from a file Can find hashes from a directory, recursively Multi-threading Insallation & Usage Note: Hash Buster isn’t compatible with python2, run it with python3 instead. Also, Hash-Buster uses some APIsRead More
A Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes. Requires .NET Framework 4.5 and System.Net and System.Net.Sockets references. Usage :: SharpWebServer :: a Red Team oriented C# Simple HTTP Server with Net-NTLMv1/2 hashesRead More
Abuse of Google Colab for fun and profit. What is it ? Penglab is a ready-to-install setup on Google Colab for cracking hashes with an incredible power, really useful for CTFs. (See benchmarks below.) It installs by default : Hashcat John Hydra SSH (with ngrok) And now, it can also : Launch an integrated shellRead More
Karkinos is a light-weight ‘Swiss Army Knife’ for penetration testing and/or hacking CTF’s. Currently, Karkinos offers the following: Encoding/Decoding characters Encrypting/Decrypting text or files Reverse shell handling Cracking and generating hashes Dependancies Any server capable of hosting PHP; tested with Apache Server Tested with PHP 7.4.9 Python3 (in your path) pip3 Raspberry Pi Zero friendlyRead More
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The tool was developed to extract NTLMv2 hashes from files generated by native Windows binaries like NETSH.EXE and PKTMON.EXE without conversion. The following binary network packet capture formats are supported: *.pcap *.pcapng *.cap *.etl UsageRead More
Cloudtopolis is a tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended (and also, free!).RequirementsHave 1 Google account (at least). InstallationCloudtopolis installation is carried out in two phases: Phase 1Access Google Cloud Shell from the following link:https://ssh.cloud.google.com/cloudshell/editor?hl=es&fromcloudshell=true&shellonly=trueThen, run the following commands: wget https://raw.githubusercontent.com/JoelGMSec/Cloudtopolis/master/Cloudtopolis.shchmod +x Cloudtopolis.sh./Cloudtopolis.shRead More
[*] Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog, https://blog.heroku.com/terrier-open-source-identifying-analyzing-containers. Installation BinariesFor installation instructions from binaries please visit the ReleasesRead More
