Mr-Un1k0d3r/RedTeamScripts Mr-Un1k0d3r/RedTeamScripts

  • Stars
    star
    137
  • Rank 266,121 (Top 6 %)
  • Language
    Python
  • Created about 6 years ago
  • Updated about 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Mr-Un1k0d3r/RedTeamScripts
github

Mr-Un1k0d3r

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Repo with various Red Team scripts

RedTeamScripts

Repository with various Red Team scripts.

kill.exe

Performing all kind of activities during a red team and you have several process running that you don't want to close manually. kill.exe is for you. copy it in C:\Windows\ and simply call it with the process name you want to kill.

>kill mspaint
killing mspaint 16524
killing mspaint 5284
killing mspaint 8568
killing mspaint 32244
killing mspaint 18908
killing mspaint 12600
killing mspaint 37444
killing mspaint 20492
killing mspaint 36092
killing mspaint 3908
killing mspaint 30980
killing mspaint 37252
killing mspaint 27576

SendGrid SPF bypass

Client that use sendgrid to send email need to add 167.89.0.0/17 to their SPF record to allow sendgrid to send email on their behalf. This is introducing a design flaw that can be leveraged to bypass SPF.

How to:

  • Register an account on sendgrid
  • Get your API key
  • Send email on behalf of your target

Why it's working? sendgrid subnet is part of your target SPF which mean that sedngrid is trusted to send emails on their behalf. Since your account is using sendgrid servers you are part of the whitelist too :)

Which mean that from a Red Team perspective you can send email to your target claiming to be from their own mail domain or send email on their behalf to another organization.

This is a great way to add credibility to your phishing campaign since you can spoof their domain.

Is your target vulnerable

Simply take a look at their DNS TXT record and search for the following subnet 167.89.0.0/17. If it's present you are all set

Usage

Usage: sendgrid-spf-bypass.py apikey source destination subject emailfile

python sendgrid-spf-bypass.py apikey [email protected] [email protected] "Legitimate email" my-email.txt

The emailfile parameter should be the path to a text file that contain your email. For now the tool only support text message I will improve it in the future.

Password spraying

Install the following dependencies

pip install requests_ntlm
pip install requests

$ python password-spray.py
PasswordSpraying v1.0

Usage: %s [user list] [domain] [url] [password]

$ python password-spray.py users.txt RINGZER0 https://lyncweb.ringzer0team.com/abs/ Summer2018

Note that various end points can be used to validate the user credentials. The subdomain for Lync and on premise OWA may be different. Use the autodiscover feature to retrieve the right url for your target:

There is several other urls that can be used for Lync & On premise OWA.

CFMX6Decryptor

Some people still live in the past. In 2018 we still find ColdFusion MX 6 publicly exposed. This script may help someone retrieving the plain text version of the password that can be extract through the well known path traversal that was affecting ColdFusion.

$ java -jar CFMX6Decryptor.jar
ColdFusion MX6 Password decryptor.
Author Mr.Un1k0d3r & Psychan RingZer0 Team 2014

Usage: DecryptCFPassword [uuencoded password]

Credit

Mr.Un1k0d3r RingZer0 Team

More Repositories

1

EDRs

C
1,857
star
2

PowerLessShell

Run PowerShell command without invoking powershell.exe
Python
1,413
star
3

DKMC

DKMC - Dont kill my cat - Malicious payload evasion tool
Python
1,323
star
4

SCShell

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
C
1,268
star
5

RedTeamPowershellScripts

Various PowerShell scripts that may be useful during red team exercise
PowerShell
878
star
6

MaliciousMacroGenerator

Malicious Macro Generator
Visual Basic
811
star
7

ThunderShell

Python / C# Unmanaged PowerShell based RAT
Python
770
star
8

RedTeamCSharpScripts

C# Script used for Red Team
C#
706
star
9

RedTeamCCode

Red Team C code repo
C
464
star
10

CatMyPhish

Search for categorized domain
Python
418
star
11

PoisonHandler

lateral movement techniques that can be used during red team exercises
PowerShell
264
star
12

MaliciousClickOnceGenerator

Quick Malicious ClickOnceGenerator for Red Team
C#
234
star
13

ADHuntTool

official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
C#
229
star
14

Windows-SignedBinary

Python
224
star
15

.NetConfigLoader

.net config loader
223
star
16

Shellcoding

Shellcoding utilities
C
209
star
17

ATP-PowerShell-Scripts

Microsoft Signed PowerShell scripts
PowerShell
203
star
18

WindowsDllsExport

A list of all the DLLs export in C:\windows\system32\
C
199
star
19

AMSI-ETW-Patch

Patch AMSI and ETW
C#
196
star
20

DLLsForHackers

Dll that can be used for side loading and other attack vector.
Python
175
star
21

MaliciousDLLGenerator

DLL Generator for side loading attack
C
163
star
22

SCT-obfuscator

Cobalt Strike SCT payload obfuscator
Python
142
star
23

Elevate-System-Trusted-BOF

C
132
star
24

Cookie-Graber-BOF

C or BOF file to extract WebKit master key to decrypt user cookie
C
129
star
25

SPFAbuse

SPF are not as strong as you may think. Red Team tool to send email on behalf of your target corp
Python
128
star
26

RemoteProcessInjection

C# remote process injection utility for Cobalt Strike
C#
80
star
27

Base64-Obfuscator

Simple PowerShell Base64 encoder to avoid detection of your malicious payload
PowerShell
74
star
28

SearchIPOwner

Search public IP owner through ARIN
Python
51
star
29

RedTeamFSharp

Red Team Toolset written in F# (Experimental)
F#
26
star
30

SideChannelAttack

Side Channel script
Python
24
star
31

BOFCode

Bunch of BOF files
C
13
star
32

blog.mr.un1k0d3r.com

Mr.Un1k0d3r.com blog
HTML
9
star
33

MsGraphFunzy

Scripts to interact with Microsoft Graph APIs
Python
5
star