Ronnie Flathers ropnop
ropnop
/ kinit_user_brute.sh
Created
July 28, 2017 01:22
A quick script to perform horizontal password spraying against a user list by requesting TGTs from the DC with kinit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_user_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for doing horiztonal password sprays using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
ropnop
/ kinit_brute.sh
Last active
June 6, 2021 18:23
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
| # Note: this *will* lock out accounts if a domain lockout policy is set. Be careful |
ropnop
/ make_oneliner.py
Last active
December 5, 2020 06:10
Python script to convert a file to a oneliner exec command
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # Author: @ropnop (Ronnie Flathers) | |
| # Simple script to ingest a Python file (e.g. a shell) and return a oneliner command | |
| # Useful with command injection vulns | |
| # Based entirely off of Metasploit's "reverse_python.rb" payload | |
| # Credit to Brendan Coles <bcoles[at]gmail.com> | |
| # | |
| # Example: | |
| # $ python make_oneliner.py pty_shell.py |
ropnop
/ opennms_check_password.py
Created
June 21, 2017 23:11
Script to check a plaintext password against an OpenNMS password digest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| from hashlib import sha256 | |
| def checkPassword(encrypted, plaintext, iterations=100000, verbose=False): | |
| hexstring = encrypted.decode('base64').encode('hex') # i hate working with bytes | |
| salt = hexstring[:32] | |
| correct = hexstring[32:] | |
| if verbose: |
ropnop
/ helloworld
Created
February 1, 2013 15:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| print 'Hello World' |
NewerOlder