With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
/* | |
* (un)comment correct payload first (x86 or x64)! | |
* | |
* $ gcc cowroot.c -o cowroot -pthread | |
* $ ./cowroot | |
* DirtyCow root privilege escalation | |
* Backing up /usr/bin/passwd.. to /tmp/bak | |
* Size of binary: 57048 | |
* Racing, this may take a while.. | |
* /usr/bin/passwd overwritten |
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
# New function naming schema: | |
# Verbs: | |
# Get : retrieve full raw data sets | |
# Find : ‘find’ specific data entries in a data set |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
Mute these words in your settings here: https://twitter.com/settings/muted_keywords | |
ActivityTweet | |
generic_activity_highlights | |
generic_activity_momentsbreaking | |
RankedOrganicTweet | |
suggest_activity | |
suggest_activity_feed | |
suggest_activity_highlights | |
suggest_activity_tweet |
[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/bukotsunikki.svg?style=social&label=Follow%20%40bukotsunikki)](https://twitter.com/bukotsunikki)
{"lastUpload":"2021-08-31T08:20:42.057Z","extensionVersion":"v3.4.3"} |
##### COURTESY | |
# @CuratedIntel | |
# https://curatedintel.org | |
##### BACKGROUND | |
# Initally shared on RAMP ransomware forum | |
# Last shared on Groove ransomware extortion website | |
# Publicized by Bleeping Computer, which led to this post being issued to help blue teamers | |
# https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/ |
This tutorial is dated Oct 2021, if it's much further on than that this information might be out of date.
This is a guide on setting up a static HTTPS website on your raspberry pi using docker and nginx. The aim is to have this running on the raspberry pi and to be able to access it from a host computer on the same local network. You should already be able to ssh into your pi from your host computer and have raspberry pi OS set up.
<script> | |
var PAGE_SIZE = 16384; | |
var SIZEOF_CSS_FONT_FACE = 0xb8; | |
var HASHMAP_BUCKET = 208; | |
var STRING_OFFSET = 20; | |
var SPRAY_FONTS = 0x1000; | |
var GUESS_FONT = 0x200430000; | |
var NPAGES = 20; | |
var INVALID_POINTER = 0; | |
var HAMMER_FONT_NAME = "font8"; //must take bucket 3 of 8 (counting from zero) |
Domain: TEST.local | |
User Enumeration: | |
Windows: | |
net user | |
net user /domain | |
net user [username] | |
net user [username] /domain | |
wmic useraccount | |
Mac: | |
dscl . ls /Users |