With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
qemu-system-aarch64 -smp 2 -m 1024 -M virt -bios QEMU_EFI.fd -nographic \ | |
-device virtio-blk-device,drive=image \ | |
-drive if=none,id=image,file=xenial-server-cloudimg-arm64-uefi1.img \ | |
-device virtio-blk-device,drive=cloud \ | |
-drive if=none,id=cloud,file=cloud.img \ | |
-netdev user,id=user0 -device virtio-net-device,netdev=user0 -redir tcp:2222::22 \ | |
-cpu cortex-a57 |
using System; | |
using System.Net; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso
package main | |
import ( | |
"database/sql" | |
"encoding/json" | |
"fmt" | |
"reflect" | |
"time" | |
"github.com/go-sql-driver/mysql" |
; This is a snippet of the original file in https://github.com/geyslan/SLAE/blob/master/1st.assignment/shell_bind_tcp.asm | |
global _start | |
section .text | |
_start: | |
; syscalls (/usr/include/asm/unistd_32.h) | |
; socketcall numbers (/usr/include/linux/net.h) |
These are the steps I used to get Ubuntu ARM aarch64 running with QEMU on OSX.
Get Ubuntu Image and QEMU EFI:
wget https://cloud-images.ubuntu.com/releases/16.04/release/ubuntu-16.04-server-cloudimg-arm64-uefi1.img
wget https://releases.linaro.org/components/kernel/uefi-linaro/latest/release/qemu64/QEMU_EFI.fd
// A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on | |
// setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET. | |
// | |
// Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables, | |
// and then resuming the process. | |
// | |
// (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) | |
#define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0" | |
#define INJECT_PARAM_LEN 43 |