praetorian-inc/gladius praetorian-inc/gladius

  • This repository has been archived on 09/Apr/2024
  • Stars
    star
    181
  • Rank 210,842 (Top 5 %)
  • Language
    Python
  • Created over 8 years ago
  • Updated over 8 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
praetorian-inc/gladius
github

praetorian-inc

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automated Responder/secretsdump.py cracking

Gladius

Easy mode from Responder to Credentials

Author: Cory Duplantis (@ctfhacker) / blog

Blog post on Gladius

asciicast

Gladius provides an automated method for cracking credentials from various sources during an engagement. We currently crack hashes from Responder, secretsdump.py, and smart_hashdump.

Install

pip install watchdog
git clone https://www.github.com/praetorian-inc/gladius
cd gladius
git clone https://www.github.com/praetorian-inc/Hob0Rules
cp Hob0Rules/* .
rm -rf Hob0Rules/

Start

python gladius.py --hashcat ../hashcat/hashcat-cli64.bin -r d3adhob0.rule -w rockyou.txt

Now start the responder session as normal

cd /usr/share/responder
python Responder.py -i YOUR_IP -I YOUR_INTERFACE

Working with secretsdump

Send results of secretsdump to Gladius for parsing and cracking.

for ip in $(cat ips); do secretsdump.py DOMAIN/username:password@$ip > /usr/share/responder/secretsdump_$ip; done

Help

$ python gladius.py -h
usage: gladius.py [-h] [-v] [--responder-dir RESPONDER_DIR]
                  [--hashcat HASHCAT] [-r RULESET] [-w WORDLIST] [--no-art]

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Increased output verbosity
  --responder-dir RESPONDER_DIR
                        Directory to watch for Responder output
  --hashcat HASHCAT     Path to hashcat binary
  -r RULESET, --ruleset RULESET
                        Ruleset to use with hashcat
  -w WORDLIST, --wordlist WORDLIST
                        Wordlist to use with hashcat
  --no-art              Disable the sword ascii art for displaying credentials
                        and default to only text.

Workings

Ruleset

The default ruleset is a better best64 ruleset from Julian Dunning (@hob0man) of Praetorian. His presentation on the topic can be found below:

Picture to Youtube

Responder

Watches responder log for *NTLM*txt files. For each file found, parses output, creates a temp file containing the new hashes, and passes this to hashcat with the correct hash type

To watch for NTLM hashes from hashdump, simply create a file with NTLM hashes from hashdump and drop a file with `hashdump` in its name in the Responder directory.
Note: Will have to manually examine output in `./engagement/responderhander_out/*` to check for results from `hashdump` cracking.

Credentials

Watches for output from hashcat and exports files with the following format:

Domain Username Password

Example module

To extend Gladius:

  • Create a new Handler class that inherits from GladiusHandler.
  • Add a list of regex matches for your specific file names (or '*' if the filename doesn't matter)
  • Create a process(self, event) function to perform actions on all files matching your pattern.
class YourHandler(GladiusHandler):

    patterns = ['*']

    def process(self, event):
        data = self.get_lines(event)

        # Perform work on data

Add yourself to the handlers list

handlers = [
            (ResponderHandler, args.responder,
            (CredsHandler, ResponderHandler().outpath),
            (YourHandler, CredsHandler().outpath),
            (YourHandler, '/tmp'),
           ]

More Repositories

1

gokart

A static analysis tool for securing Go code
Go
2,175
star
2

noseyparker

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Rust
1,555
star
3

Hob0Rules

Password cracking rules for Hashcat based on statistics and industry patterns
1,404
star
4

pentestly

Python and Powershell internal penetration testing framework
Python
716
star
5

purple-team-attack-automation

Praetorian's public release of our Metasploit automation of MITRE ATT&CKâ„¢ TTPs
Ruby
713
star
6

DVRF

The Damn Vulnerable Router Firmware Project
HTML
661
star
7

PortBender

TCP Port Redirection Utility
C
657
star
8

fingerprintx

Standalone utility for service discovery on open ports!
Go
547
star
9

gato

GitHub Actions Pipeline Enumeration and Attack Tool
Python
488
star
10

trudy

A transparent proxy that can modify and drop traffic for arbitrary TCP connections.
Go
275
star
11

pyshell

PyShell makes interacting with web-based command injection less painful, emulating the feel of an interactive shell as much as possible.
Python
255
star
12

mitm-vm

An easy-to-deploy virtual machine that can provide flexible man-in-the-middle capabilities.
Shell
191
star
13

snowcat

a tool to audit the istio service mesh
Go
173
star
14

vulcan

a tool to make it easy and fast to test various forms of injection
C++
172
star
15

ADFSRelay

Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
Go
172
star
16

trident

automated password spraying tool
Go
145
star
17

NTLMRecon

A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints.
Go
78
star
18

epictreasure

radare, angr, pwndbg, binjitsu, ect in a box ready for pwning
Shell
74
star
19

INTRACTABLEGIRAFFE

A Proof of Concept Rootkit Demonstrating Keylogging and Virtual File System (VFS) Capabilities
C
69
star
20

proxylogon-exploit

Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065. Unauthenticated RCE in Exchange.
Python
46
star
21

hashcatJS

An implementation of the hashcat rules engine in javascript
JavaScript
45
star
22

slack-c2bot

Slack C2bot that executes commands and returns the output.
Go
44
star
23

ruby_hashcat

Command line wrapper, Library, and Rest API for oclHashcat.
Ruby
40
star
24

dert

DNS Enumeration and Reconnaissance Tool
Ruby
37
star
25

Matryoshka

Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.
C
36
star
26

Okta_Watering_Hole

Next Generation Phishing Tool For Internal / Red Teams
Python
35
star
27

ctf-writeups

Collection of Praetorian solutions to CTF challenges
OpenEdge ABL
25
star
28

chariot-ui

Chariot Offensive Security Platform
TypeScript
21
star
29

konstellation

Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.
Cypher
19
star
30

bsidesaustin

Python
14
star
31

burp-wcf-gzip

Burp extension for decoding WCF-gzipped requests.
Python
12
star
32

gcloud-lockdown

Scripts to demonstrate VPC Service Controls between tenant and shared projects
Shell
12
star
33

chariot-launch-nuclei-templates

11
star
34

highlight

Text file to BMP image with box drawing and blurring from the command line
C
9
star
35

log4j-detector

Log4j detector and reporting server for scalable detection of vulnerable running processes.
Go
8
star
36

praetorian-cli

The command line interface for Praetorian products and services
Python
7
star
37

aws-labs

Shell
5
star
38

tpm_bound_sa_key

Go
5
star
39

rpi-setup

set up rpi for zbwardrive
Python
5
star
40

sonicwall-nsv-decrypter

C
5
star
41

product-frontend-interview

JavaScript
3
star
42

zeroqlik-detect

A Nuclei template to detect ZeroQlik (CVE-2023-41265 and CVE-2023-41266)
3
star
43

product-backend-interview

Java
1
star