With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Jon bridge-four
bridge-four
/ kerberos_attacks_cheatsheet.md
Last active
March 25, 2020 17:03
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
kerberos_attacks_cheatsheet.md
bridge-four
/ EtwpTest.cs
Created
May 7, 2020 14:17
— forked from TheWover/EtwpTest.cs
Demonstrates using ntdll.dll!EtwpCreateThreadEtw for local shellcode execution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace EtwpTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
bridge-four
/ search.cna
Created
August 14, 2020 18:48
— forked from rsmudge/search.cna
Search scrollback for a Beacon (even the stuff that's cut off)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # search for and reproduce output that matches a specific regex. | |
| alias search { | |
| local('$regex $regex2 $entry $event $bid $out $when'); | |
| # take all of the args, without processing/parsing as normal. | |
| if (strlen($0) > 7) { | |
| $regex = substr($0, 7); | |
| } | |
| else { | |
| berror($1, "search [regex]"); |
bridge-four
/ forkstats.py
Created
September 6, 2020 03:11
— forked from elemongw/forkstats.py
Find most active forks of a project in GitHub. Sorts by most recently pushed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Collect all forks of a github project and return the most recently pushed. | |
| Any alternatives I could find searched only the most recent forks of a project, | |
| which does not return accurate results for projects with many forks. | |
| Note that the GitHub API has a rate limit of 60 requests per hour for unauthenticated requests. | |
| You can create a personal access token in order to circumvent this, which will raise the limit |
bridge-four
/ Named Pipes.txt
Last active
May 4, 2021 23:28
— forked from MHaggis/malleable_c2_profiles
Malleable C2 / Spawnto / Pipes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bing.profile:68:set pipename "win_svc"; | |
| bing.profile:69:set pipename_stager "win_svc"; | |
| clean_template.profile:24:set pipename "ntsvcs##"; | |
| clean_template.profile:25:set pipename_stager "scerpc##"; | |
| clean_template.profile:34:set ssh_pipename "SearchTextHarvester##"; | |
| clean_template.profile:363: set pipename "DserNamePipe##"; | |
| cobalt.profile:139:## pipename: msagent_## | |
| cobalt.profile:140:## pipename_stager: status_## | |
| cobalt.profile:142:## - Do not use an existing namedpipe, Beacon doesn't check for conflict! | |
| cobalt.profile:145:#set pipename "wkssvc_##"; |
bridge-four
/ README.md
Created
May 10, 2021 04:01
— forked from byt3bl33d3r/README.md
Remote AppDomainManager Injection
This is a variation of the technique originally discovered by subtee and described here
TL;DR It essentially allows you to turn any .NET application into a lolbin by providing a configuration file and specifying the <appDomainManagerAssembly> element pointing to a specially crafted .NET assembly which executes when the application is loaded.
This variation allows you to load the AppDomainManager assembly from a UNC path or HTTP(s) server. Also disables ETW thanks to the <etwEnable> element :)
- Copy some binary you love to say,
C:\Test. Lets useaspnet_compiler.exeas an example - Compile
test.cstotest.dllwith a signed strong name, this is required to load an assembly outside of a .NET applications base directory. - Host
test.dllon a remote SMB or HTTP(S) server
bridge-four
/ install_evilginx3.sh
Created
August 14, 2023 21:16
— forked from dunderhay/install_evilginx3.sh
bash script to install evilginx3 on a ubuntu linux host
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| GO_VERSION="1.20.6" | |
| GO_URL="https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" | |
| EXPECTED_CHECKSUM="b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb" | |
| # Log output of script | |
| exec > >(tee -i /home/ubuntu/install.log) | |
| exec 2>&1 |