Michael Ritter michiiii

## kinit_brute.sh
#!/bin/bash

# Title: kinit_brute.sh
# Author: @ropnop
# Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller
# The script configures the realm and KDC for you based on the domain provided and the domain controller
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf
# Only tested with Heimdal kerberos (error messages might be different for MIT clients)
# Note: this *will* lock out accounts if a domain lockout policy is set. Be careful

## setupiisforsslperfectforwardsecrecy_v17.ps1
# Copyright 2019, Alexander Hass
# https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12
#
# After running this script the computer only supports:
# - TLS 1.2
#
# Version 3.0.1, see CHANGELOG.txt for changes.

Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...'
Write-Host '--------------------------------------------------------------------------------'

## bin2shellcode.py
#!/usr/bin/python
# Disasm of 64-bit binary:
#   $ objdump -b binary -D -m i386:x86-64 <file>
#
# Usage:
#   $ ./bin2shellcode.py <file> num
# Where:
#   num - number of bytes to convert into array.
#         `num` can be negative, resulting in `size-num`
#         bytes be converted.

## raw2ps_shellcode.py
import sys

ps_shellcode = '@('

with open(sys.argv[1], 'rb') as shellcode:
	byte = shellcode.read(1)
	while byte != '':
		ps_shellcode += '0x{}, '.format(byte.encode('hex'))
		byte = shellcode.read(1)

## nginx-tls.conf
#
# Name: nginx-tls.conf
# Auth: Gavin Lloyd <gavinhungry@gmail.com>
# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
#
# Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related
# to SSL/TLS are not included here.
#
# Additional tips:
#
	#!/bin/bash

	# Title: kinit_brute.sh
	# Author: @ropnop
	# Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller
	# The script configures the realm and KDC for you based on the domain provided and the domain controller
	# Since this configuration is only temporary though, if you want to actually use the TGT you should actually edit /etc/krb5.conf
	# Only tested with Heimdal kerberos (error messages might be different for MIT clients)
	# Note: this will lock out accounts if a domain lockout policy is set. Be careful
	# Copyright 2019, Alexander Hass
	# https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12
	#
	# After running this script the computer only supports:
	# - TLS 1.2
	#
	# Version 3.0.1, see CHANGELOG.txt for changes.

	Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...'
	Write-Host '--------------------------------------------------------------------------------'
	#!/usr/bin/python
	# Disasm of 64-bit binary:
	# $ objdump -b binary -D -m i386:x86-64 <file>
	#
	# Usage:
	# $ ./bin2shellcode.py <file> num
	# Where:
	# num - number of bytes to convert into array.
	# `num` can be negative, resulting in `size-num`
	# bytes be converted.
	import sys

	ps_shellcode = '@('

	with open(sys.argv[1], 'rb') as shellcode:
	byte = shellcode.read(1)
	while byte != '':
	ps_shellcode += '0x{}, '.format(byte.encode('hex'))
	byte = shellcode.read(1)
	#
	# Name: nginx-tls.conf
	# Auth: Gavin Lloyd <gavinhungry@gmail.com>
	# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
	#
	# Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related
	# to SSL/TLS are not included here.
	#
	# Additional tips:
	#