{"id":23813799,"url":"https://github.com/endermanch/scripts","last_synced_at":"2025-09-06T23:31:19.525Z","repository":{"id":259113553,"uuid":"876349333","full_name":"Endermanch/scripts","owner":"Endermanch","description":"Random scripts","archived":false,"fork":false,"pushed_at":"2024-10-21T20:22:52.000Z","size":38,"stargazers_count":13,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-22T14:44:55.935Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Endermanch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-21T20:19:43.000Z","updated_at":"2024-10-22T14:44:44.000Z","dependencies_parsed_at":"2024-10-23T03:46:12.158Z","dependency_job_id":null,"html_url":"https://github.com/Endermanch/scripts","commit_stats":null,"previous_names":["endermanch/scripts"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Endermanch%2Fscripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Endermanch%2Fscripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Endermanch%2Fscripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Endermanch%2Fscripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Endermanch","download_url":"https://codeload.github.com/Endermanch/scripts/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232149978,"owners_count":18479562,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-02T03:37:24.248Z","updated_at":"2025-01-02T03:37:24.790Z","avatar_url":"https://github.com/Endermanch.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Enderman's Scripts\nThe vault of scripts that I have written for fun.\n\n## SAM Viewer\n\nThe Windows user information, including the password hash, is stored within the SAM (Security Account Manager) registry hive.\nThe following script reads the SAM file and extracts the password hash alongside extra potentially useful information.\n\n**The password hash is encrypted in 3 layers:**\n1. DES encryption with the user's RID (32-bit LE integer) as the key.\n2. AES encryption with the «boot key».\n3. AES encryption of the «boot key» with the «LSA key».\n\nWhat I call an «LSA key» (don't confuse it with an LSA secret) is split into four 4-byte chunks and stored in **class names** of\n`HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa` subkeys `JD`, `Skew1`, `GBG` and `Data`.\n\n**The LSA key is calculated as follows:**  \n    $B = JD_{class} \\mathbin\\Vert Skew1_{class} \\mathbin\\Vert GBG_{class} \\mathbin\\Vert Data_{class}$  \n    $shuffle(B_i,\\{8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7\\})$\n\n*Might be useful in computer forensics.* **Watch a full explanation on [YouTube](https://youtu.be/Hq_RgcYL9_k).**\n\n**To run the script, use the following command:**\n\n```bash\npython3 -m sam.samviewer\n```\n\n*Tested on Python 3.12.7*\n\n### Arguments\n- `-h`, `--help`: Show the help message and exit.\n\n**Mutually exclusive:**\n- `--reg`: Path to the `HKLM\\SAM` non-binary registry **export** file.\n- `--hive`:  Path to a directory containing SAM and SYSTEM hives (e.g. %systemroot%\\System32\\config), must not be in use.\n\n**Optional:**\n- `--jd`: $JD_{class}$\n- `--skew1`: $Skew1_{class}$\n- `--gbg`: $GBG_{class}$\n- `--data`: $Data_{class}$\n- `--pw`: Custom password to hash \u0026 encrypt for every user found.\n\n### Known issues\n- Custom password hashing not extensively tested yet. `--pw` argument might return wrong hash for now.\n\n## License\nThis project is licensed under the GNU GPL-3.0 License - see the [LICENSE](LICENSE) file for details.\n\n## Contributing\nIf you would like to contribute to this project, feel free to fork this repository and submit a pull request.\n\n## Contact\nIf you have any questions or suggestions, feel free to [contact me](mailto:contact@enderman.ch).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fendermanch%2Fscripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fendermanch%2Fscripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fendermanch%2Fscripts/lists"}