Tetanus is a Windows and Linux C2 agent written in rust. Installation To install Tetanus, you will need Mythic set up on a machine. In the Mythic root directory, use mythic-cli to install the agent. payload start tetanus”> sudo ./mythic-cli install github https://github.com/MythicAgents/tetanussudo ./mythic-cli payload start tetanus Tetanus supports the http C2 profile: sudo ./mythic-cliRead More
Leaked Windows processes handles identification tool. Useful for identify new LPE vulnerabilities during a pentest or simply as a new research process. Currently supports exploiting (autopwn) procesess leaked handles spawning a new arbitrary process (cmd.exe default). LHF identifies in realtime inherited handles and gives the researcher explotability tips Presented at rootedcon 2022 https://www.rootedcon.com/ponentes-rooted2022/. Presentation ->Read More
A script to dump files and folders remotely from a Windows SMB share. Features Only list shares with –list-shares. Select only files with given extensions (with –extensions) or all files. Choose the local folder to dump to with –dump-dir. Select base folder to search from in the share with –base-dir. Usage Directory to search inRead More
ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with GO $ git clone https://github.com/AidenPearce369/ADReaper$ cd ADReaper/$ go build UsageRead More
ICMP-TransferTools is a set of scripts designed to move files to and from Windows hosts in restricted network environments. This is accomplished using a total of 4 different files, consisting of a python server and powershell client for each transfer direction (Download & Upload). The only dependency required is Impacket for one of the pythonRead More
An easily modifiable shellcode template for Windows x64/x86 How does it work? This template is heavily based on Austin Hudson’s (aka SecIdiot) TitanLdr It compiles the project into a PE Executable and extracts the .text section Example The entrypoint of the shellcode looks like this. Of course, this can be changed for your need. FirstRead More
Epagneul is a tool to visualize and investigate windows event logs. Deployment Requires docker and docker-compose to be installed. Installing make Offline deployment On a machine connected to internet, build an offline release: make release This will create a release folder containing ready to go docker images. Copy the project to your air gapped machineRead More
This PoC was ported in pure PowerShell: https://github.com/DarkCoderSc/power-brute-logon Win Brute Logon (Proof Of Concept) Release date: 2020-05-14 Target: Windows XP to Latest Windows 10 Version (1909) Weakness location : LogonUserA, LogonUserW, CreateProcessWithLogonA, CreateProcessWithLogonW Usage Wordlist File WinBruteLogon.exe -u <username> -w <wordlist_file> Stdin Wordlist type <wordlist_file> | WinBruteLogon.exe -u <username> – ChangeLog 2020/05/23 Now support stdinRead More
FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user’s password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk. It can either be executed by simply running theRead More
This tools test generated ShellCodes. Usage Exemple ShellCode Tester Linux Instalation git clone https://github.com/helviojunior/shellcodetester.gitcd shellcodetester/Linuxmake Usage Without break-point: shellcodetester [file.asm] With break-point (INT3). The break-point will be inserted before our generated shellcode: shellcodetester [file.asm] –break-point Download Shellcodetester
