Skip to content

Commit

Permalink
Merge pull request #14 from obscuritylabs/development
Browse files Browse the repository at this point in the history 
Development
  • Loading branch information
@killswitch-GUI
killswitch-GUI authored Sep 3, 2019
2 parents ab11af6 + 46ad884 commit e6c89eb
Show file tree
Hide file tree
Showing 26 changed files with 1,047 additions and 338 deletions.
Binary file added .github/2019-08-18 21_59_48-Command Prompt.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added .github/2019-09-03 00_41_38-Command Prompt.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions .github/ISSUE_TEMPLATE.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@

14 changes: 14 additions & 0 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,16 @@
os: windows
language: shell

env:
- MSBUILD_PATH="/C/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/MSBuild/15.0/Bin"

install:
- choco install sysinternals python2 python3 7zip
- psexec -s powershell.exe -command 'Add-WindowsCapability –Online -Name NetFx3~~~~'

before_script:
- export PATH=$MSBUILD_PATH:$PATH

script:
- msbuild.exe HastyArp/HastyArp.sln //m -p:Configuration=Release
- ls -lisa
52 changes: 52 additions & 0 deletions HastyArp/README.md
View file
Original file line number Diff line number Diff line change
@@ -1 +1,53 @@
# HastyArp
A post-explotation ARP.exe command implemented in pure C#.

## Build
All binaries in HastySeries are built targeting .NET 3.5, for windows 7+ support. The following build env should be used:

* Windows 10 - 1803
* Visual Studio 2017
* .NET 3.5
* `choco install sysinternals` or strings from SysInternals in your current path

ALL HastySeries compiled binaries can be found on the github page with the most recent releases. NOTE: THESE have many static sigs.. dont drop to disk unless you are sure they are cleared via PSP testing.

## Operate
### Command Examples:
```cmd
C:\Users\rt\Desktop\HastySeries\bin\Release>HastyArp.exe
```
### Expected Output:
```cmd
Interface: INT: 1 --- TYPE: 4 --- IP: 224.0.0.22
224.0.0.22 00-00-00-00-00-00
239.255.255.250 00-00-00-00-00-00
Interface: INT: 3 --- TYPE: 4 --- IP: 224.0.0.22
224.0.0.22 01-00-5E-00-00-16
Interface: INT: 7 --- TYPE: 3 --- IP: 192.168.137.2
192.168.137.2 00-50-56-E9-02-48
192.168.137.254 00-50-56-E3-0F-55
192.168.137.255 FF-FF-FF-FF-FF-FF
224.0.0.22 01-00-5E-00-00-16
224.0.0.251 01-00-5E-00-00-FB
224.0.0.252 01-00-5E-00-00-FC
255.255.255.255 FF-FF-FF-FF-FF-FF
Interface: INT: 8 --- TYPE: 2 --- IP: 169.254.169.254
169.254.169.254 00-00-00-00-00-00
169.254.241.22 00-00-00-00-00-00
169.254.255.255 FF-FF-FF-FF-FF-FF
224.0.0.22 01-00-5E-00-00-16
224.0.0.251 01-00-5E-00-00-FB
224.0.0.252 01-00-5E-00-00-FC
239.255.255.250 01-00-5E-7F-FF-FA
255.255.255.255 FF-FF-FF-FF-FF-F
```

## OpSec
### Strings
To prevent some basic string matching, some basic precautions where taken. of course this is a example and if OpSec is upmost concern change static key and use the `HastyFixup` string fixup project to build new strings before re-compile.

1) All strings are XOR'd with a static key
2) All strings are than encoded with Base64
3) Strings are decoded at execution
4) Strings are XOR'd with static key
5) String is presented to console
43 changes: 43 additions & 0 deletions HastyDrives/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# HastyDrives
A post-explotation command implemented in pure C# to list all drives and details that may be useful to a operator.

## Build
All binaries in HastySeries are built targeting .NET 3.5, for windows 7+ support. The following build env should be used:

* Windows 10 - 1803
* Visual Studio 2017
* .NET 3.5
* `choco install sysinternals` or strings from SysInternals in your current path

ALL HastySeries compiled binaries can be found on the github page with the most recent releases. NOTE: THESE have many static sigs.. dont drop to disk unless you are sure they are cleared via PSP testing.

## Operate
### Command Examples:
```cmd
C:\Users\rt\Desktop\HastySeries\bin\Release>HastyDrives.exe
```
### Expected Output:
```cmd
*-------------------------HastyDrives-------------------------*
|Drive C:\
| Drive type: Fixed
| Volume label:
| File system: NTFS
| Available space to current user: 21268123648 bytes
| Total available space: 21268123648 bytes
| Total size of drive: 63778582528 bytes
*--------------------------------------------------------------*
|Drive D:\
| Drive type: CDRom
*--------------------------------------------------------------*
```

## OpSec
### Strings
To prevent some basic string matching, some basic precautions where taken. of course this is a example and if OpSec is upmost concern change static key and use the `HastyFixup` string fixup project to build new strings before re-compile.

1) All strings are XOR'd with a static key
2) All strings are than encoded with Base64
3) Strings are decoded at execution
4) Strings are XOR'd with static key
5) String is presented to console
30 changes: 28 additions & 2 deletions HastyDump/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,33 @@ All binaries in HastySeries are built targeting .NET 3.5, for windows 7+ support
ALL HastySeries compiled binaries can be found on the github page with the most recent releases. NOTE: THESE have many static sigs.. dont drop to disk unless you are sure they are cleared via PSP testing.

## Operate

### Command Examples:
```cmd
C:\Users\rt\Desktop\HastySeries\bin\Release>HastyDump.exe -help
C:\Users\rt\Desktop\HastySeries\bin\Release>HastyDump.exe 13028 "C:\\Users\\rt\\Desktop\\test.bin"
```
### Expected Output:
```cmd
[*] RUNTIME TARGET CHECKS:
OperatingSystem Version: Microsoft Windows NT 6.2.9200.0
Target MachineName: DESKTOP-1VRIH74
Target DomainName: DESKTOP-1VRIH74
Target UserName: rt
Target Time Zone: Pacific Standard Time
Target Time: 8/18/2019 9:56:55 PM
Target ProcessorCount: 4
[*] SUCCESS: Obtained process image name
[*] SUCCESS: Obtained process image name
[*] INFO: target image: \Device\HarddiskVolume4\Windows\System32\cmd.exe
[*] SUCCESS: Creating file stream/handle: C:\\Users\\rt\\Desktop\\test.bin
[*] IMAGE TARGET DETAILS:
Image size: 129872 KB
Image location: C:\Users\rt\Desktop\test.bin
[*] INFO: Close file handle of: C:\\Users\\rt\\Desktop\\test.bin
[*] INFO: Close process handle of process ID: 13028
```
### Example Screenshot:
![2019-08-18 21_59_48-Command Prompt](https://user-images.githubusercontent.com/8761706/63241898-0e0da380-c25e-11e9-8c4d-a50a7688b600.png)

## OpSec
### Strings
Expand All @@ -22,4 +48,4 @@ To prevent some basic string matching, some basic precautions where taken. of co
2) All strings are than encoded with Base64
3) Strings are decoded at execution
4) Strings are XOR'd with static key
5) String is presented to console
5) String is presented to console
11 changes: 0 additions & 11 deletions HastyFixup/Pipfile
View file

This file was deleted.

Loading

0 comments on commit e6c89eb

Please sign in to comment.