DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

Stars: ✭ 207 (+989.47%)

Mutual labels: red-team

Red Team Infrastructure Wiki

Wiki to collect Red Team infrastructure hardening resources

Stars: ✭ 2,981 (+15589.47%)

Mutual labels: red-team

Slack Watchman

Monitoring your Slack workspaces for sensitive information

Stars: ✭ 159 (+736.84%)

Mutual labels: red-team

DcRat

A simple remote tool in C#.

Stars: ✭ 709 (+3631.58%)

Mutual labels: red-team

Caldera

Automated Adversary Emulation Platform

Stars: ✭ 3,126 (+16352.63%)

Mutual labels: red-team

InlineWhispers2

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Stars: ✭ 156 (+721.05%)

Mutual labels: red-team

Satellite

easy-to-use payload hosting

Stars: ✭ 193 (+915.79%)

Mutual labels: red-team

Discover

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Stars: ✭ 2,548 (+13310.53%)

Mutual labels: red-team

hackarsenaltoolkit

Hacking arsenal. This script download the latest tools, wordlists, releases and install common hacking tools

Stars: ✭ 39 (+105.26%)

Mutual labels: red-team

Litmus test

Detecting ATT&CK techniques & tactics for Linux

Stars: ✭ 190 (+900%)

Mutual labels: red-team

AlanFramework

A C2 post-exploitation framework

Stars: ✭ 405 (+2031.58%)

Mutual labels: red-team

Community Threats

The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.

Stars: ✭ 169 (+789.47%)

Mutual labels: red-team

Physmem2profit

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

Stars: ✭ 244 (+1184.21%)

Mutual labels: red-team

readhook

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

Stars: ✭ 31 (+63.16%)

Mutual labels: red-team

aterm

It records your terminal, then lets you upload to ASHIRT

Stars: ✭ 17 (-10.53%)

Mutual labels: red-team

JALSI

JALSI - Just Another Lame Shellcode Injector

Stars: ✭ 29 (+52.63%)

Mutual labels: red-team

View All Similar Projects ➔

Passwordstate decryptor

Passwordstate decryptor is a PowerShell script for decrypting Passwordstate entries.
Usage • Examples • Issues • Information
_{Built with ❤ by the Northwave Red Team}

Info

This script will decrypt PasswordState entries. During update Passwordstate 8.9 - Build 8903 (released April 6th 2020) Clickstudios changed the way data was encrypted/decrypted. For newer versions, the folks at modzero discovered that during the update, Clickstudios decided to reverse the encryption key. The script now includes the option to reverse the encryption key before usage.

Usage

Import the PasswordStateDecryptor module.
- Import-Module .\PasswordStateDecryptor.ps1
Point the script towards the web.config file.
- Invoke-PasswordStateDecryptor -WebConfig 'C:\inetpub\PasswordState\web.config'
Watch the script get and decrypt all password entries!

All options

NAME
    Invoke-PasswordStateDecryptor

SYNOPSIS
    Connects to a PasswordState database and extracts all passwords from
    a non-FIPS installation of PasswordState. Optionally allows offline
    decryption by giving in the secrets. For more information read the
    accompanied blog or the source code.

    Author: Robert Diepeveen ([email protected])
    License: BSD 3-Clause
    Required Dependencies: None
    Optional Dependencies: None


SYNTAX
    Invoke-PasswordStateDecryptor [[-WebConfig] <String>] [[-SecretSplitterDLL] <String>] [[-FIPSMode] <Boolean>] [[-Reverse] <Boolean>] [[-ConnectionString] <String>] [[-Secret1] <String>] [[-Secret3] <String>] [[-CSVPath] <String>] [[-EncryptionKey]
    <String>] [<CommonParameters>]


DESCRIPTION
    Invoke-PasswordStateDecryptor will connect to the database, extract all of
    the information necessary to derive the encryption key, decrypt and return the
    plaintext passwords for all entries in the database.
    This script is intended to be run on a host that has all of the following:
        * SQLServer database server with PasswordState database
        * web.config from the original compromised PasswordState server
        * Moserware.SecretSplitter.dll somewhere (shipped in the repo or on the disk)
    An example of such a host is the PasswordState server itself.

    Alternatively, if you are able to compromise the database, export all entries to CSV
    and the secret1 and secret3 or the encryption key, you can use the script offline. The
    CSV should contain (at least) the following fields: UserName, Password, Description and Title


RELATED LINKS

REMARKS
    To see the examples, type: "get-help Invoke-PasswordStateDecryptor -examples".
    For more information, type: "get-help Invoke-PasswordStateDecryptor -detailed".
    For technical information, type: "get-help Invoke-PasswordStateDecryptor -full".

Examples

Issues

Issues or new features can be reported via the GitHub issue tracker. Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.

Information

The full decryption process is explained on the More info page.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

NorthwaveSecurity / passwordstate-decryptor

Programming Languages

Labels

Projects that are alternatives of or similar to passwordstate-decryptor

Passwordstate decryptor

Info

Usage

Examples

Issues

Information