hackerhouse-opensource/OffensiveLua hackerhouse-opensource/OffensiveLua

  • Stars
    star
    146
  • Rank 251,485 (Top 5 %)
  • Language
    Lua
  • Created 11 months ago
  • Updated 11 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
hackerhouse-opensource/OffensiveLua
github

hackerhouse-opensource

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Offensive Lua.

Offensive Lua

Offensive Lua is a collection of offensive security scripts written in Lua with FFI. The scripts run with LuaJIT on Microsoft Windows to perform common red teaming tasks.

  • Download and/or Run an EXE
  • Bypass UAC
  • Files, Memory, Networking & Registry
  • Bind a shell
  • whoami.exe alternatives

Lua is a lesser used but very useful choice for post-exploitation scripting language. It's flexible, lightweight, easy to embed, runs interpreted or as bytecode from memory and allows for JIT to interact with the host OS libraries. It is also trivial to obfuscate and is very fast to learn and adapt.

Filename Description
bin2hex.lua Convert a binary to hex for binrun.lua
binrun.lua Writes a hex of EXE to a random location and exec's
bindshell.lua bind a shell on TCP port 5000
ComputerDefaultsUACBypass.lua Bypass UAC restrictions via ms-settings
console.lua Console App Example
downloadexec.lua Download & Exec over HTTP
downloadexec_UACbypass.lua Download & BypassUAC & Exec over HTTP
efspotato.lua Incomplete efspotato
eventcode.lua Example of Windows Event handler
filewrite.lua Write a file
howami.lua Always whoami.exe never howami.lua
luajit.exe LuaJIT compiled from our internal source tree.
memorysearch.lua searches memory for passwords
messagebox.lua MessageBox Example
regread.lua Read from Registry
regwrite.lua Write to Registry
regwritedel.lua Write and Delete from Registry
rickroll.lua Open a browser on URL
runcmd.lua Run a command popen
runcmd2.lua Run a command os.execute
runswhide.lua Run a command via CreateProcess with SW_HIDE
uac_bypass_bluetooth_win10.lua Bypass UAC via Bluetooth on Windows10

OffensiveLuaEmbedded

An example visual studio 2022 project that can be used to embed LuaJIT into a binary for the purposes of running scripts. You will need to checkout the git submodules to get the latest LuaJIT branch.

More

You can learn more about Hacker House and Offensive Lua at our website:

License

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.

More Repositories

1

iscsicpl_bypassUAC

UAC bypass for x64 Windows 7 - 11
C++
727
star
2

exploits

exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House
C
389
star
3

Marble

The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.
C++
224
star
4

SignToolEx

Patching "signtool.exe" to accept expired certificates for code-signing.
C++
219
star
5

Stinger

CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
C++
205
star
6

Artillery

CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.
C
146
star
7

ColorDataProxyUACBypass

Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass. Win 7 & up.
C
130
star
8

WMIProcessWatcher

A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
C++
113
star
9

tools

A collection of tools created for computer security research purposes.
Python
108
star
10

cve-2018-10933

cve-2018-10933 libssh authentication bypass
Dockerfile
107
star
11

backdoors

Tools for maintaining access to systems and proof-of-concept demonstrations.
Python
103
star
12

CompMgmtLauncher_DLL_UACBypass

CompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive
C++
100
star
13

MsSettingsDelegateExecute

Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.
C++
74
star
14

pyongyang_2407

Pyongyang 2407 - Android ROM from North Korea, modified to run on WBW5511_MAINBOARD_P2 devices. Releases contains an archived ROM with all needed tools to boot DPRK Android on compatible hardware. This repository contains installation instructions, hardware documentation and exploits for disabling censorship tools of North Korea Android.
C
66
star
15

envschtasksuacbypass

Bypass UAC elevation on Windows 8 (build 9600) & above.
C++
53
star
16

documents

Papers, presentations and documents from the team at Hacker House.
Perl
47
star
17

shellcode

shellcode are codes designed to be injected into the memory space of another process during exploitation.
C
42
star
18

electionhacking

Diebold Accuvote-TSx Election Machine Hacking
C++
34
star
19

NoFaxGiven

Code Execution & Persistence in NETWORK SERVICE FAX Service
C++
30
star
20

Gigabyte_ElevatePersist

Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming and performance PC's. A UAC elevation vulnerability exists that can be used for persistence in a novel fashion.
C++
30
star
21

AESCrypt

AES-256 Microsoft Cryptography API Example Use.
C++
27
star
22

rebirth

rebirth IOS11 - 11.3.1 jailbreak security research utility
C
22
star
23

cve-2021-34527

CVE-2021-34527 AddPrinterDriverEx() Privilege Escalation
C++
18
star
24

hackerhouse-opensource

Github profile
11
star
25

hfioquake3_DoS

ioquake3 engine is vulnerable to a remotely exploitable off-by-one overflow due to a miscalculated array index within the privileged admin console command banaddr. Attacker needs the rcon password to exploit this vulnerability.
Python
5
star