With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Adam M Toscher W00t3k
W00t3k
/ decryptKerbTicket.py
Created
September 18, 2019 15:14
— forked from xan7r/decryptKerbTicket.py
Decrypt kerberos tickets and parse out authorization data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # NOTE: this script was created for educational purposes to assist learning about kerberos tickets. | |
| # Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets. | |
| # | |
| # Recommended Instructions: | |
| # Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export" | |
| # Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>" | |
| # Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket) | |
| # Run this script to decrypt: | |
| # ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./Administrator@TESTLAB.LOCAL_krbtgt~TESTLAB.LOCAL@TESTLAB.LOCAL.ccaches |
W00t3k
/ kerberos_attacks_cheatsheet.md
Created
August 29, 2019 16:39
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
W00t3k
/ Get-DNSARecords.ps1
Created
April 26, 2019 00:46
— forked from blark/Get-DNSARecords.ps1
A simple Powershell script to get DNS records from a Microsoft DNS server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-DNSARecords { | |
| <# | |
| .SYNOPSIS | |
| Dumps A Records from a Microsoft Windows DNS server. | |
| .DESCRIPTION | |
| This script dumps the conent of MicrosoftDNS_AType to a CSV file. | |
| .PARAMETER Server | |
| The name of the Computer you want to run the command against. | |
| .PARAMETER CSVPath |
W00t3k
/ Get-DNSARecords.ps1
Created
April 26, 2019 00:46
— forked from blark/Get-DNSARecords.ps1
A simple Powershell script to get DNS records from a Microsoft DNS server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-DNSARecords { | |
| <# | |
| .SYNOPSIS | |
| Dumps A Records from a Microsoft Windows DNS server. | |
| .DESCRIPTION | |
| This script dumps the conent of MicrosoftDNS_AType to a CSV file. | |
| .PARAMETER Server | |
| The name of the Computer you want to run the command against. | |
| .PARAMETER CSVPath |
W00t3k
/ 9e910797589da01a4b13ecb7fcd58f81dfc18784dd6ed4996e5a5f8f1f95e224
Created
January 27, 2019 17:19
— forked from JohnLaTwC/9e910797589da01a4b13ecb7fcd58f81dfc18784dd6ed4996e5a5f8f1f95e224
VBA DOC Malware MSBuild Scheduled Task
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## Sample Hash: 9e910797589da01a4b13ecb7fcd58f81dfc18784dd6ed4996e5a5f8f1f95e224 | |
| ## Sample evolution: | |
| ## c2e126498e61d4dc4154b5721dfd9811cd1d8c84063477e271134f0ed30e29ea | |
| ## df7fc66bcceaf9b041fe839b5cda95dfad14c8475c6e2ec49dc23d5ae3ba62ac | |
| ## b621015caa6077d7e85807c7f1509f88d5560d3e4ef439f578edc43f7b01c071 | |
| ## 7d2bf283d12bc6914708e2a4240c2cefbd1871c3b4ac3c9b2a70ea7553fb7f4a | |
| ## 13fc853eb0e59b8133f93a3f55ed4086ffa8545aecef513f0bfe8363467fb110 | |
| ## 5e53334b062c7c908a7354c77343e7d356959727930f2557b5e65b936b2cd462 |
W00t3k
/ dementor.py
Created
January 17, 2019 16:50
— forked from 3xocyte/dementor.py
rough PoC to connect to spoolss to elicit machine account authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
W00t3k
/ ssh_tunneling.md
Created
November 29, 2018 14:22
— forked from ashrithr/ssh_tunneling.md
ssh tunneling and port forwarding
###Single hop tunelling:
ssh -f -N -L 9906:127.0.0.1:3306 user@dev.example.com
where,
-fputs ssh in background-Nmakes it not execute a remote command
W00t3k
/ NETHUNTEROS.MD
Created
August 23, 2018 17:41
— forked from binkybear/NETHUNTEROS.MD
Nethunter ROM on Nexus 5 & 6P with Nexmon (testing only)
Here are instructions to install Nethunter (as a ROM) with working native monitor mode in the chroot using Nexmon. The ROM is a modified CM 14.1 (nougat) base with custom kernel which supports: HID, Drivedroid, Kexec, and external wireless.
You will need the following 3 items (maybe 4):
W00t3k
/ cbapi-ps-lsass-loop.py
Created
July 30, 2018 19:04
— forked from curi0usJack/cbapi-ps-lsass-loop.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Carbon Black Evil PowerShell LSASS Query | |
| # | |
| # Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe | |
| # | |
| # Author: Jason Lang (@curi0usJack) | |
| # | |
| # Prereqs (Windows 10) | |
| # Install bash on Win10 | |
| # sudo apt-get install python-pip | |
| # sudo pip install --upgrade requests |
W00t3k
/ PowerShellDSCLateralMovement.ps1
Created
June 29, 2018 11:32
— forked from mattifestation/PowerShellDSCLateralMovement.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This idea originated from this blog post on Invoke DSC Resources directly: | |
| # https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/ | |
| <# | |
| $MOFContents = @' | |
| instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref | |
| { | |
| ResourceID = "[Script]ScriptExample"; | |
| GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; | |
| TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; |
NewerOlder