Kali Linux

Tofu : Windows Offline Filesystem Hacking Tool For Linux

Tofu is a modular tool for hacking offline Windows filesystems and bypassing login screens. Can do hashdumps, OSK-Backdoors, user enumeration and more.

How It Works

When a Windows machine is shut down, unless it has Bitlocker or another encryption service enabled, it’s storage device contains everything stored on the device as if it was unlocked. This means that you can boot from an operating system on a bootable USB and access it’s files – or even just connect the filesystem to another computer.
This tool helps for when you can access the Windows filesystem from Linux (using one of the mentioned methods); it has utilities that can dump NTLM password hashes, list users, install backdoors to spawn an elevated command prompt at the login screen and more.

Modules

Because tofu works on modules, it can be expanded for different purposes. See the ‘modules’ section for examples.
Current Modules:
1. hashdump.py – Dumps NTLM hashes from the target Windows filesystem
2. osk_backdoor.py – Backdoor osk.exe to bypass the login; also includes an ‘unbackdoor’ module
3. list_users.py – List the users with a profile on the Windows filesystem
4. chrome.py – Dump chrome history and login data of all users on the Windows filesystem
5. get_dpapi_masterkeys.py – Dump DPAPI master keys from the Windows filesystem
6. enum_unattend.py – Enumerate unattend files
7. memory_strings.py – Search through the memory of the computer to find data
8. startup.py – Inject a program into a user’s startup directory
9. wifi.py – Get Wi-Fi passwords with DPAPI

Usage

‘list’ : List all storage devices at /dev/ with a format of MSDOS, NTFS or -FVE-FS- (BITLOCKER) ; This will load the drive paths into memory
‘usedrive’ : Set the drive to use; can use numbers assigned from the ‘list’ command
‘modules’ : List modules ; This will load the module names into memory, so you need to run this command before selecting a module
‘use’ : Use the selected module

Setup

(need to run as root because PyPyKatz’ import path directory is dependent on the current user, and this needs to run as root)
sudo pip3 install -r requirements.txt
sudo python3 tofu.py

Built With

PyCryptodome
PypyKatz

Warning : If you’re writing a module, make sure it won’t do any damage before running it

Download
R K

Leave a Comment
Share
Published by
R K
Tags: FilesystemHacking ToollinuxTofuWindows Offline
3 years ago

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

1 day ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

1 day ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

1 day ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

1 day ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

1 day ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

2 days ago