ThePirateWhoSmellsOfSunflowers
/ netdumper.py
Last active
May 17, 2025 14:25
This script perform a netsync attack. No SMB involved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, rpcrt, transport, nrpc, samr | |
| from impacket.uuid import bin_to_uuidtup | |
| from impacket.crypto import SamDecryptNTLMHash | |
| from impacket.nt_errors import STATUS_MORE_ENTRIES | |
| from impacket.dcerpc.v5.rpcrt import DCERPCException | |
| from binascii import unhexlify, hexlify | |
| from random import randbytes | |
| import sys | |
| import argparse |
ThePirateWhoSmellsOfSunflowers
/ lsarlookupsids3_aes.py
Created
February 6, 2025 22:16
Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) (AES version)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc | |
| from impacket.uuid import bin_to_uuidtup | |
| from binascii import unhexlify | |
| from random import randbytes | |
| import sys | |
| # Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) | |
| # Pure TCP RPC is used (ncacn_ip_tcp option) | |
| # AES is used, so you need impacket #1848 (https://github.com/fortra/impacket/pull/1848) | |
| # Tested with impacket 0.12.0 on GOAD |
ThePirateWhoSmellsOfSunflowers
/ netrlogonsamlogonwithflags.py
Created
December 12, 2024 23:03
Perform a netrlogonsamlogonwithflags (LogonNetworkTransitive) with a server account, it uses netlogon as SSP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc | |
| from impacket.uuid import bin_to_uuidtup | |
| from binascii import unhexlify, hexlify | |
| from struct import pack, unpack | |
| from random import randbytes | |
| import sys | |
| # Perform a netrlogonsamlogonwithflags with a server account, it uses netlogon as SSP (see [MS-NRPC] 3.3) | |
| # Pure TCP RPC is used (ncacn_ip_tcp option) | |
| # RC4 is used here because to use AES, impacket must be patched |
ThePirateWhoSmellsOfSunflowers
/ atexec_rpc.py
Last active
May 23, 2025 03:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Impacket - Collection of Python classes for working with network protocols. | |
| # | |
| # Copyright Fortra, LLC and its affiliated companies | |
| # | |
| # All rights reserved. | |
| # | |
| # This software is provided under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. |
ThePirateWhoSmellsOfSunflowers
/ lsarlookupsids3.py
Created
November 22, 2024 13:01
Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc | |
| from impacket.uuid import bin_to_uuidtup | |
| from binascii import unhexlify | |
| from random import randbytes | |
| import sys | |
| # Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) | |
| # Pure TCP RPC is used (ncacn_ip_tcp option) | |
| # RC4 is used here because to use AES, impacket must be patched | |
| # Tested with impacket 0.12.0 on GOAD |