With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
GeisericII
/ Get-LoggedOn.py
Last active
February 18, 2024 01:17
Stupid simple script copied and pasted from reg.py/lookupsid and inspired from itm4n's session enum via registry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from __future__ import division | |
| from __future__ import print_function | |
| import re | |
| import codecs | |
| import logging | |
| import time | |
| import argparse | |
| import sys | |
| from impacket import version |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
For adding temporary logging to help understand behavior. For when it is impractical to use Frida to instrument Frida.
Choose one of these and copy-paste it into e.g. lib/interfaces/session.vala,
then use log_event ("name='%s'", name); to log.
When something appears to be hanging, try applying: x-async-debug.patch.
mattifestation
/ FileReadPrimitive.ps1
Last active
June 12, 2023 16:33
A WMI file content read primitive - ROOT/Microsoft/Windows/Powershellv3/PS_ModuleFile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $CimSession = New-CimSession -ComputerName 10.0.0.2 | |
| $FilePath = 'C:\Windows\System32\notepad.exe' | |
| # PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation. | |
| $PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession | |
| $InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly | |
| $FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession | |
| $FileLengthBytes = $FileContents.FileData[0..3] | |
| [Array]::Reverse($FileLengthBytes) |
aescalana
/ manageFlaskSession.py
Last active
February 29, 2024 20:12
Decode and Encode Flask's session cookie. Great for testing purposes; only the secret key is needed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from flask.sessions import SecureCookieSessionInterface | |
| from itsdangerous import URLSafeTimedSerializer | |
| class SimpleSecureCookieSessionInterface(SecureCookieSessionInterface): | |
| # Override method | |
| # Take secret_key instead of an instance of a Flask app | |
| def get_signing_serializer(self, secret_key): | |
| if not secret_key: | |
| return None |
anthonysterling
/ Vagrantfile
Last active
April 29, 2020 15:28
Handy Vagrantfile for IE testing with Vagrant.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: IE={box} vagrant up | |
| # | |
| # Eg. IE=XPIE6 vagrant up | |
| boxes = { | |
| "XPIE6" => "http://aka.ms/vagrant-xp-ie6", | |
| "XPIE8" => "http://aka.ms/vagrant-xp-ie8", | |
| "VistaIE7" => "http://aka.ms/vagrant-vista-ie7", | |
| "Win7IE8" => "http://aka.ms/vagrant-win7-ie8", | |
| "Win7IE9" => "http://aka.ms/vagrant-win7-ie9", |