With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
Device | Kali Support Out the Box | Driver Needed | Injection Working | 2.4 GHz | 5 GHz | |
---|---|---|---|---|---|---|
Alfa AWUS052NH | Y | N | Y | Y | Y | |
Panda Wireless PAU09 | Y | N | Y | Y | Y | |
Alfa AWUS036NEH | Y | N | Y | Y | N | |
Alfa AWUS051NH | Y | N | Y | Y | Y | |
Alfa AWUS036H | Y | N | Y | Y | N | |
Alfa AWUS1900 | N | Y | Y | Y | Y | |
Alfa AWUS036ACH | N | Y | Y | Y | Y | |
Alfa AWUS036NH | N | Y | Y | Y | N | |
TL-WN722N (Atheros Chipset) | N | Y | Y | Y | N |
#!/usr/bin/env python | |
# NOTE: this script was created for educational purposes to assist learning about kerberos tickets. | |
# Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets. | |
# | |
# Recommended Instructions: | |
# Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export" | |
# Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>" | |
# Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket) | |
# Run this script to decrypt: | |
# ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./Administrator@TESTLAB.LOCAL_krbtgt~TESTLAB.LOCAL@TESTLAB.LOCAL.ccaches |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
function Get-DNSARecords { | |
<# | |
.SYNOPSIS | |
Dumps A Records from a Microsoft Windows DNS server. | |
.DESCRIPTION | |
This script dumps the conent of MicrosoftDNS_AType to a CSV file. | |
.PARAMETER Server | |
The name of the Computer you want to run the command against. | |
.PARAMETER CSVPath |
function Get-DNSARecords { | |
<# | |
.SYNOPSIS | |
Dumps A Records from a Microsoft Windows DNS server. | |
.DESCRIPTION | |
This script dumps the conent of MicrosoftDNS_AType to a CSV file. | |
.PARAMETER Server | |
The name of the Computer you want to run the command against. | |
.PARAMETER CSVPath |
## uploaded by @JohnLaTwC | |
## Sample Hash: 9e910797589da01a4b13ecb7fcd58f81dfc18784dd6ed4996e5a5f8f1f95e224 | |
## Sample evolution: | |
## c2e126498e61d4dc4154b5721dfd9811cd1d8c84063477e271134f0ed30e29ea | |
## df7fc66bcceaf9b041fe839b5cda95dfad14c8475c6e2ec49dc23d5ae3ba62ac | |
## b621015caa6077d7e85807c7f1509f88d5560d3e4ef439f578edc43f7b01c071 | |
## 7d2bf283d12bc6914708e2a4240c2cefbd1871c3b4ac3c9b2a70ea7553fb7f4a | |
## 13fc853eb0e59b8133f93a3f55ed4086ffa8545aecef513f0bfe8363467fb110 | |
## 5e53334b062c7c908a7354c77343e7d356959727930f2557b5e65b936b2cd462 |
#!/usr/bin/env python | |
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
# some code from https://www.exploit-db.com/exploits/2879/ | |
import os | |
import sys | |
import argparse | |
import binascii | |
import ConfigParser |
###Single hop tunelling:
ssh -f -N -L 9906:127.0.0.1:3306 user@dev.example.com
where,
-f
puts ssh in background-N
makes it not execute a remote commandHere are instructions to install Nethunter (as a ROM) with working native monitor mode in the chroot using Nexmon. The ROM is a modified CM 14.1 (nougat) base with custom kernel which supports: HID, Drivedroid, Kexec, and external wireless.
You will need the following 3 items (maybe 4):
# Carbon Black Evil PowerShell LSASS Query | |
# | |
# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe | |
# | |
# Author: Jason Lang (@curi0usJack) | |
# | |
# Prereqs (Windows 10) | |
# Install bash on Win10 | |
# sudo apt-get install python-pip | |
# sudo pip install --upgrade requests |