• Stars
    star
    107
  • Rank 323,587 (Top 7 %)
  • Language
    Go
  • Created over 6 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

a pass-the-hash tool

NtlmSocks

一个工作在网络层的跨平台哈希传递工具

原理

开启一个socks代理,在流量中匹配NTLMSSP数据包,替换其中错误的NT哈希和会话密钥

使用

ntlm_socks -b 要替换的错误密码 -h NT哈希 -p socks代理要监听的端口
在Mac,Windows,Linux上均适用。

已知的缺陷

在Windows7上对Windows7进行认证时,NTLMSSP数据包中会多一个签名,使用工具修改数据包后会导致签名校验失败。Windows向下兼容,这个签名可有可无,所以在低版本Windows或者Linux上使用此工具即可避免。

可能存在的缺陷

替换Net-NTLM哈希的同时工具还会替换NTLM会话密钥,如果协商结果并没有交换会话密钥,那么后面加密或者签名使用的密钥不一致,操作会失败。

More Repositories

1

BrowserGhost

这是一个抓取浏览器密码的工具,后续会添加更多功能
C#
1,380
star
2

LuWu

红队基础设施自动化部署工具
Python
843
star
3

WeblogicEnvironment

Weblogic环境搭建工具
Shell
766
star
4

sharpwmi

sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。
C#
707
star
5

EventCleaner

A tool mainly to erase specified records from Windows event logs, with additional functionalities.
C++
584
star
6

CobaltStrike-Toolset

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
PowerShell
518
star
7

EventLogMaster

Cobalt Strike插件 - RDP日志取证&清除
PowerShell
358
star
8

ptrace

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
C
236
star
9

PandaSniper

Linux C2 框架demo,为期2周的”黑客编程马拉松“,从学习编程语言开始到实现一个demo的产物
C#
219
star
10

HideShell

A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.
Java
213
star
11

redis_lua_exploit

Python
145
star
12

SerialWriter

SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.
Java
101
star
13

ptyshell

A reverse PTY shell in C
C
100
star
14

openssh-7.6p1-patch

a patched sshd for red team activities
C
81
star
15

getpass

a mini tool to dump password and NTLM hash from WDigest & MSV1_0 & tspkg, as a result of study of mimikatz
C++
76
star
16

dcpwn

an impacket-dependent script exploiting CVE-2019-1040
Python
72
star
17

mscache

a tool to manipulate dcc(domain cached credentials) in windows registry, based mainly on the work of mimikatz and impacket
Python
67
star
18

KerberosUserEnum

Kerberos accounts enumeration taking advantage of AS-REQ
Python
43
star
19

Papers

Papers
34
star
20

CVE-2018-20250

010 Editor template for ACE archive format & CVE-2018-2025[0-3]
Python
25
star
21

sunburst_decoder

SUNBURST DGA decoder
C#
11
star
22

cisco_ppc_rsp

A debugger in Python for Cisco c3560
Python
10
star