Matt Bush 3xocyte
3xocyte
/ lazykatz.py
Last active
June 26, 2024 18:32
quickly dump creds from a box you've pwned while living off the land (feat. obfuscation and pypykatz automation)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import argparse | |
| import sys | |
| import logging | |
| import random | |
| import string | |
| import os | |
| from time import sleep |
3xocyte
/ chromedump2.py
Last active
February 8, 2021 10:22
agentless Google Chrome post-exploitation script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # by Matt Bush (@3xocyte) | |
| import os | |
| import sys | |
| import logging | |
| import argparse | |
| import traceback | |
| import time |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import sys | |
| import binascii | |
| import socket | |
| import re | |
| from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES | |
| # get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte) |
3xocyte
/ bad_sequel.py
Last active
January 11, 2024 01:42
PoC MSSQL RCE exploit using Resource-Based Constrained Delegation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html | |
| # this is a rough PoC | |
| # requirements for RCE: | |
| # - the attacker needs to either have or create an object with a service principal name | |
| # - the MSSQL server has to be running under the context of System/Network Service/a virtual account | |
| # - the MSSQL server has the WebClient service installed and running (not default on Windows Server hosts) | |
| # - NTLM has to be in use |
3xocyte
/ rbcd_relay.py
Last active
August 28, 2024 12:17
poc resource-based constrain delegation relay attack tool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html | |
| # this is a *very* rough PoC | |
| import SimpleHTTPServer | |
| import SocketServer | |
| import base64 | |
| import random | |
| import struct |
3xocyte
/ resolve_domain_computers.py
Last active
February 2, 2025 05:24
get /etc/hosts entries for computers in Active Directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # resolve domain computers by @3xocyte | |
| import argparse | |
| import sys | |
| import string | |
| # requires dnspython and ldap3 | |
| import dns.resolver | |
| from ldap3 import Server, Connection, NTLM, ALL, SUBTREE |
3xocyte
/ create_machine_account.py
Last active
February 21, 2023 03:50
simple script for experimenting with machine account creation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import sys | |
| import string | |
| import random | |
| # https://support.microsoft.com/en-au/help/243327/default-limit-to-number-of-workstations-a-user-can-join-to-the-domain | |
| # create machine account utility by @3xocyte | |
| # with thanks to Kevin Robertson for https://github.com/Kevin-Robertson/Powermad/blob/master/Powermad.ps1 |
3xocyte
/ dementor.py
Last active
February 25, 2025 00:20
rough PoC to connect to spoolss to elicit machine account authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
3xocyte
/ scriptinjector.cs
Last active
October 6, 2018 00:19
a small buggy utility inspired by chapter 10 of Black Hat Python by Justin Seitz
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.Linq; | |
| using System.Collections.Generic; | |
| // ephemeral script injector by @3xocyte | |
| // takes a target directory to watch, and an OS command to attempt to inject into any scripts that get modified | |
| namespace FileContentInjector |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.Net.NetworkInformation; | |
| using System.Management.Automation; | |
| using System.Management.Automation.Runspaces; | |
| using System.Threading; | |
| using System.Collections.ObjectModel; | |
| // .NET ICMP reverse shell client with PowerShell runspace by @3xocyte |
NewerOlder