hackerhouse-opensource/OffensiveLua

Stars
146
Rank 252,769 (Top 5 %)
Language
Lua
Created about 1 year ago
Updated 12 months ago

hackerhouse-opensource/OffensiveLua

hackerhouse-opensource

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Offensive Lua.

Offensive Lua

Offensive Lua is a collection of offensive security scripts written in Lua with FFI. The scripts run with LuaJIT on Microsoft Windows to perform common red teaming tasks.

Download and/or Run an EXE
Bypass UAC
Files, Memory, Networking & Registry
Bind a shell
whoami.exe alternatives

Lua is a lesser used but very useful choice for post-exploitation scripting language. It's flexible, lightweight, easy to embed, runs interpreted or as bytecode from memory and allows for JIT to interact with the host OS libraries. It is also trivial to obfuscate and is very fast to learn and adapt.

Filename	Description
bin2hex.lua	Convert a binary to hex for binrun.lua
binrun.lua	Writes a hex of EXE to a random location and exec's
bindshell.lua	bind a shell on TCP port 5000
ComputerDefaultsUACBypass.lua	Bypass UAC restrictions via ms-settings
console.lua	Console App Example
downloadexec.lua	Download & Exec over HTTP
downloadexec_UACbypass.lua	Download & BypassUAC & Exec over HTTP
efspotato.lua	Incomplete efspotato
eventcode.lua	Example of Windows Event handler
filewrite.lua	Write a file
howami.lua	Always whoami.exe never howami.lua
luajit.exe	LuaJIT compiled from our internal source tree.
memorysearch.lua	searches memory for passwords
messagebox.lua	MessageBox Example
regread.lua	Read from Registry
regwrite.lua	Write to Registry
regwritedel.lua	Write and Delete from Registry
rickroll.lua	Open a browser on URL
runcmd.lua	Run a command popen
runcmd2.lua	Run a command os.execute
runswhide.lua	Run a command via CreateProcess with SW_HIDE
uac_bypass_bluetooth_win10.lua	Bypass UAC via Bluetooth on Windows10

OffensiveLuaEmbedded

An example visual studio 2022 project that can be used to embed LuaJIT into a binary for the purposes of running scripts. You will need to checkout the git submodules to get the latest LuaJIT branch.

More

You can learn more about Hacker House and Offensive Lua at our website:

https://hacker.house/services

License

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.

iscsicpl_bypassUAC

UAC bypass for x64 Windows 7 - 11

exploits

exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House

Marble

The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.

SignToolEx

Patching "signtool.exe" to accept expired certificates for code-signing.

Stinger

CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.

Artillery

CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.

ColorDataProxyUACBypass

Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass. Win 7 & up.

WMIProcessWatcher

A CIA tradecraft technique to asynchronously detect when a process is created using WMI.

tools

A collection of tools created for computer security research purposes.

cve-2018-10933

cve-2018-10933 libssh authentication bypass

backdoors

Tools for maintaining access to systems and proof-of-concept demonstrations.

CompMgmtLauncher_DLL_UACBypass

CompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive

MsSettingsDelegateExecute

Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.

pyongyang_2407

Pyongyang 2407 - Android ROM from North Korea, modified to run on WBW5511_MAINBOARD_P2 devices. Releases contains an archived ROM with all needed tools to boot DPRK Android on compatible hardware. This repository contains installation instructions, hardware documentation and exploits for disabling censorship tools of North Korea Android.

envschtasksuacbypass

Bypass UAC elevation on Windows 8 (build 9600) & above.

documents

Papers, presentations and documents from the team at Hacker House.

shellcode

shellcode are codes designed to be injected into the memory space of another process during exploitation.

electionhacking

Diebold Accuvote-TSx Election Machine Hacking

NoFaxGiven

Code Execution & Persistence in NETWORK SERVICE FAX Service

Gigabyte_ElevatePersist

Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming and performance PC's. A UAC elevation vulnerability exists that can be used for persistence in a novel fashion.

AESCrypt

AES-256 Microsoft Cryptography API Example Use.

rebirth

rebirth IOS11 - 11.3.1 jailbreak security research utility

cve-2021-34527

CVE-2021-34527 AddPrinterDriverEx() Privilege Escalation

hackerhouse-opensource

hfioquake3_DoS

ioquake3 engine is vulnerable to a remotely exploitable off-by-one overflow due to a miscalculated array index within the privileged admin console command banaddr. Attacker needs the rcon password to exploit this vulnerability.