Merge pull request #64 from grisuno/dev

some utils 3 jajaja

external/install_external.sh

@@ -109,6 +109,13 @@ download() {
         "git clone https://github.com/garrettfoster13/sccmhunter.git .exploit/sccmhunter"
         "git clone https://github.com/roughiz/Webmin-1.910-Exploit-Script.git .exploit/Webmin-1.910-Exploit"
         "git clone https://github.com/liquidsec/pyOracle2.git .exploit/pyOracle2"
+        "git clone https://github.com/Friends-Security/SharpExclusionFinder.git .exploit/SharpExclusionFinder"
+        "git clone https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment.git .exploit/prometheus"
+        "git clone https://github.com/edunavajas/linux-personalized.git .exploit/linux-personalized "
+        "git clone https://github.com/dafthack/MailSniper.git .exploit/mailSniper"
+        "git clone https://github.com/lefayjey/linWinPwn.git .exploit/linWinPwn"
+        "git clone https://github.com/Raptoratack/ADTools.git .exploit/ADT00lz"
+        "git cloen https://github.com/ticarpi/jwt_tool.git .exploit/jwt_tool"
     )
 
     echo "    [+] Choice the number option to clone:"

modules/lazynmap.sh

@@ -72,7 +72,7 @@ discover_network() {
 		echo "    [-] Scannign subnet $net..."
 		sudo nmap -sn $net -oG network_discovery -oN "sessions/scan_discovery_${net_sanitized}.nmap" --stylesheet "$ARCHIVO" -oX "sessions/scan_discovery_${net_sanitized}.nmap.xml"
 		echo "    [+] Active Host in the network $net:"
-		grep "Up" network_discovery | awk '{print $2}'
+		grep "Up" network_discovery | awk '{print $2}' | tee "sessions/hosts_$(echo "$net" | tr '/' '_')_discovery.txt"
 	done
 }
 

payload.json

@@ -2,8 +2,8 @@
     "binary_name": "bash",
     "api_key": "I_had_created_an_APIkey_and_published_it_for_free..._but,_someone_misused,_and_I_had_to_revoke_it...",
     "prompt": "Presentate como Lazy OWN OneLiner assistant",
-    "url": "http://members.streetfighterclub.htb/old/verify.asp",
-    "domain": "fighter.htb",
+    "url": "http://blockblock.htb/",
+    "domain": "blockblock.htb",
     "subdomain": "dc0",
     "method": "POST",
     "headers": "{\"Content-Type\": \"application/json\"}",
@@ -21,7 +21,7 @@
     "mode": "attack",
     "reverse_shell_port": 4444,
     "path": "/home/$USER",
-    "rhost": "10.10.10.72",
+    "rhost": "10.10.11.43",
     "lhost": "10.10.14.2",
     "rport": 5555,
     "lport": 5555,

sessions/download_resources.sh

@@ -55,6 +55,8 @@ download() {
         "wget https://raw.githubusercontent.com/jivoi/pentest/master/shell/insomnia_shell.aspx"
         "wget https://download.sysinternals.com/files/AccessChk.zip"
         "wget https://raw.githubusercontent.com/Alamot/code-snippets/master/winrm/winrm_shell_with_upload.rb"
+        "wget https://download.sysinternals.com/files/Strings.zip"
+
     )
 
     # Imprime los últimos argumentos de cada comando

sessions/win/PathExcludedFinder.ps1

@@ -0,0 +1,144 @@
+# Parámetros
+param (
+    [string]$BasePath,
+    [int]$MaxThreads = 3,
+    [int]$MaxDepth = [int]::MaxValue,
+    [string]$OutputFile = $null
+)
+
+# Variables
+$ExcludedDirectories = @{}
+$TotalDirectories = 0
+$Counter = 0
+$Stopwatch = [System.Diagnostics.Stopwatch]::StartNew()
+$LogWriter = if ($OutputFile) { [System.IO.StreamWriter]::new($OutputFile) } else { $null }
+
+# Función para imprimir ayuda
+function PrintHelp {
+    Write-Host "Usage: Script.ps1 -BasePath <Path> [-MaxThreads <N>] [-MaxDepth <N>] [-OutputFile <FilePath>]"
+    Write-Host "Options:"
+    Write-Host "  -MaxThreads N       Set the maximum number of threads (default 3)"
+    Write-Host "  -MaxDepth N         Set the maximum directory depth to scan (default is all)"
+    Write-Host "  -OutputFile Path    Specify a file to log exclusions and errors"
+}
+
+# Función para loggear mensajes
+function LogMessage {
+    param (
+        [string]$Message,
+        [bool]$IsError = $false
+    )
+    if ($LogWriter -and ($IsError -or $Message.Contains("[+] Folder"))) {
+        $LogWriter.WriteLine($Message)
+        $LogWriter.Flush()
+    }
+    Write-Host $Message
+}
+
+# Función para escanear directorio
+function ScanDirectory {
+    param (
+        [string]$CurrentPath
+    )
+    try {
+        $Counter++
+        if ($Counter % 500 -eq 0) {
+            Write-Host "Processed $Counter directories. Time elapsed: $($Stopwatch.Elapsed.TotalSeconds) seconds."
+        }
+
+        $Command = "C:\Program Files\Windows Defender\MpCmdRun.exe"
+        $Arguments = "-Scan -ScanType 3 -File `"$CurrentPath\|*`""
+
+        $ProcessResult = & $Command $Arguments
+        if ($ProcessResult -match "was skipped") {
+            LogMessage "[+] Folder $CurrentPath is excluded"
+            $ExcludedDirectories[$CurrentPath] = $true
+        }
+    } catch {
+        LogMessage ("An error occurred while scanning directory $CurrentPath" + ": " + $_.Exception.Message) -IsError $true
+    }
+}
+
+# Función para verificar exclusión de un directorio
+function IsDirectoryExcluded {
+    param (
+        [string]$Directory
+    )
+    $CurrentDirectory = $Directory
+    while ($CurrentDirectory) {
+        if ($ExcludedDirectories.ContainsKey($CurrentDirectory)) {
+            return $true
+        }
+        $CurrentDirectory = [System.IO.Path]::GetDirectoryName($CurrentDirectory)
+    }
+    return $false
+}
+
+# Función para obtener carpetas excluidas por niveles
+function GetExcludedFoldersByTier {
+    param (
+        [string]$BasePath,
+        [int]$CurrentDepth = 0
+    )
+
+    if ($CurrentDepth -gt $MaxDepth) { return }
+
+    try {
+        $CurrentTierDirectories = Get-ChildItem -Directory -Path $BasePath | ForEach-Object { $_.FullName }
+    } catch {
+        LogMessage ("Error retrieving top-level directories from $BasePath" + ": " + $_.Exception.Message) -IsError $true
+        return
+    }
+
+    $DirectoriesQueue = [System.Collections.Generic.Queue[System.Collections.ArrayList]]::new()
+    $DirectoriesQueue.Enqueue([System.Collections.ArrayList]$CurrentTierDirectories)
+
+    while ($DirectoriesQueue.Count -gt 0 -and $CurrentDepth -le $MaxDepth) {
+        $CurrentTier = $DirectoriesQueue.Dequeue()
+        $FilteredDirectories = $CurrentTier | Where-Object { -not (IsDirectoryExcluded $_) }
+        $TotalDirectories += $FilteredDirectories.Count
+
+        # Procesar directorios en paralelo
+        $Jobs = @()
+        foreach ($Dir in $FilteredDirectories) {
+            $Jobs += Start-Job -ScriptBlock { param($d) ScanDirectory -CurrentPath $d } -ArgumentList $Dir
+            if ($Jobs.Count -ge $MaxThreads) {
+                $Jobs | ForEach-Object { $_ | Wait-Job | Remove-Job }
+                $Jobs.Clear()
+            }
+        }
+        $Jobs | ForEach-Object { $_ | Wait-Job | Remove-Job }
+
+        $NextTierDirectories = @()
+        foreach ($Dir in $FilteredDirectories) {
+            try {
+                $SubDirs = Get-ChildItem -Directory -Path $Dir | ForEach-Object { $_.FullName }
+                $NextTierDirectories += $SubDirs
+            } catch [UnauthorizedAccessException] {
+                LogMessage "Access denied to $Dir. Skipping this directory and its subdirectories." -IsError $true
+            } catch {
+                LogMessage ("Error retrieving subdirectories from $Dir" + ": " + $_.Exception.Message) -IsError $true
+            }
+        }
+
+        if ($NextTierDirectories.Count -gt 0) {
+            $DirectoriesQueue.Enqueue([System.Collections.ArrayList]$NextTierDirectories)
+        }
+
+        $CurrentDepth++
+    }
+
+    $Stopwatch.Stop()
+    Write-Host "Scan completed up to depth $MaxDepth. Total time: $($Stopwatch.Elapsed.TotalSeconds) seconds."
+}
+
+if (!$BasePath) {
+    PrintHelp
+    return
+}
+
+GetExcludedFoldersByTier -BasePath $BasePath
+
+if ($LogWriter) {
+    $LogWriter.Close()
+}

utils.py

@@ -2073,7 +2073,7 @@ def get_command(url, lhost):
     Reads a command from standard input and initiates a thread to send the command to the target server.
     """
     try:
-        cmd = input(':\> ')
+        cmd = input('    :\> ')
         threading.Thread(target=send_command, args=(cmd,url,lhost)).start()
     except:
         sys.exit(0)