Ronnie Flathers ropnop
ropnop
/ kinit_user_brute.sh
Created
July 28, 2017 01:22
A quick script to perform horizontal password spraying against a user list by requesting TGTs from the DC with kinit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_user_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for doing horiztonal password sprays using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
ropnop
/ go-sharp-loader.go
Created
August 5, 2020 17:12
Example Go file embedding multiple .NET executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
ropnop
/ lookupadmins.py
Last active
December 4, 2021 16:00
Python script using Impacket to enumerate local administrators over SAMR
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # Title: lookupadmins.py | |
| # Author: @ropnop | |
| # Description: Python script using Impacket to query members of the builtin Administrators group through SAMR | |
| # Similar in function to Get-NetLocalGroup from Powerview | |
| # Won't work against Windows 10 Anniversary Edition unless you already have local admin | |
| # See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016 | |
| # | |
| # Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function dockershell() { | |
| docker run --rm -i -t --entrypoint=/bin/bash "$@" | |
| } | |
| function dockershellsh() { | |
| docker run --rm -i -t --entrypoint=/bin/sh "$@" | |
| } | |
| function dockershellhere() { | |
| dirname=${PWD##*/} |
ropnop
/ startTerminator.vbs
Created
September 29, 2017 00:02
VBS Script to Launch Terminator through WSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| args = "-c" & " -l " & """DISPLAY=:0 terminator""" | |
| WScript.CreateObject("Shell.Application").ShellExecute "bash", args, "", "open", 0 |
OlderNewer