Matt Creel

icon indicating a website link https://blog.tw1sm.io

icon company SpecterOps icon location Washington, DC

Results 4 issues of Matt Creel

Module to check for NTLMv1 Compatibility

2 comment

Added a small module to query the target's `LmCompatibilityLevel` to determine if the target allows NTLMv1 auth. Example: This check queries the registry which requires admin privileges - makes it...

enhancement
module

Add Shadow Credentials Commands to Ntlmrelayx's Interactive LDAP Shell

5 comment

Implemented `set_shadow_creds` and `clear_shadow_creds` commands in the interactive LDAP shell used by ntlmrelayx. Code is just slightly modified from ShutdownRepo's prior work in #1249. Setting shadow creds: Confirmation msDS-KeyCredentialLink was...

in review

Add SCCM NTLM Relay Attack

4 comment

Adapted the [sccmwtf](https://github.com/xpn/sccmwtf) by @\_xpn\_ into a `httpattack` for `ntlmrelayx.py`. Credits go to him for almost all of the code included in this PR. The attack requires machine account authentication...

in review
medium

Stealer.js Compatibility

Slight quality of life modification to include the tokens in a JSON blob that can be fed into [stealer.js](https://github.com/fkasler/cuddlephish/blob/main/stealer.js) , which can automatically open a Chromium browser and inject the...