With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Michael Ritter michiiii
gavinhungry
/ nginx-tls.conf
Last active
March 11, 2024 14:51
Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Name: nginx-tls.conf | |
| # Auth: Gavin Lloyd <gavinhungry@gmail.com> | |
| # Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating | |
| # | |
| # Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related | |
| # to SSL/TLS are not included here. | |
| # | |
| # Additional tips: | |
| # |
byt3bl33d3r
/ raw2ps_shellcode.py
Created
September 13, 2015 12:12
Converts raw shellcode to a PowerShell compatible byte array (helpful when using custom shellcode with Invoke-Shellcode.ps1)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| ps_shellcode = '@(' | |
| with open(sys.argv[1], 'rb') as shellcode: | |
| byte = shellcode.read(1) | |
| while byte != '': | |
| ps_shellcode += '0x{}, '.format(byte.encode('hex')) | |
| byte = shellcode.read(1) |
mgeeky
/ bin2shellcode.py
Last active
December 17, 2022 15:00
Binary blob to C-array simple converting script. Useful when embedding compiled binary shellcode within C program.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Disasm of 64-bit binary: | |
| # $ objdump -b binary -D -m i386:x86-64 <file> | |
| # | |
| # Usage: | |
| # $ ./bin2shellcode.py <file> num | |
| # Where: | |
| # num - number of bytes to convert into array. | |
| # `num` can be negative, resulting in `size-num` | |
| # bytes be converted. |
jbratu
/ setupiisforsslperfectforwardsecrecy_v17.ps1
Last active
May 3, 2024 07:40
Great powershell script for tightening HTTPS security on IIS and disabling insecure protocols and ciphers. Very useful on core installations.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2019, Alexander Hass | |
| # https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12 | |
| # | |
| # After running this script the computer only supports: | |
| # - TLS 1.2 | |
| # | |
| # Version 3.0.1, see CHANGELOG.txt for changes. | |
| Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...' | |
| Write-Host '--------------------------------------------------------------------------------' |
ropnop
/ kinit_brute.sh
Last active
June 6, 2021 18:23
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
| # Note: this *will* lock out accounts if a domain lockout policy is set. Be careful |
mikepsinn
/ install-choco-script.bat
Last active
December 30, 2021 13:36
Windows server Choco automated install script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Download this and execute as admin | |
| :: Install choco .exe and add choco to PATH | |
| @powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin" | |
| choco feature enable -n allowGlobalConfirmation | |
| :: Just install node stuff manually. Trust me. | |
| :: choco install nodejs-lts --install-directory='C:\nodejs' -fy | |
| :: npm install -g gulp cordova@6.5.0 ionic@2.2.3 bower |
psignoret
/ Get-AzureADPSPermissions.ps1
Last active
April 24, 2024 18:12
Script to list all delegated permissions and application permissions in Microsoft Entra ID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF | |
| # FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" } | |
| <# |
jhaddix
/ cloud_metadata.txt
Last active
April 30, 2024 09:38
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
jeffmcjunkin
/ gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Last active
November 12, 2023 16:35
Useful Cypher queries for BloodHound
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer | |
| RETURN u.name | |
| That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership | |
| --------------- | |
| MATCH | |
| (U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer) | |
| WITH | |
| U.name as n, |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
OlderNewer