Rohan Vazarkar rvazarkar
rvazarkar
/ arinscraper.py
Created
January 4, 2017 16:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from bs4 import BeautifulSoup | |
| import re | |
| import sys | |
| if (len(sys.argv) < 2): | |
| print 'Usage:' | |
| print 'python arinScraper.py "target"' | |
| sys.exit() |
rvazarkar
/ gist:02f1c139630e1cdc1511d857a379b2ca
Created
September 20, 2017 16:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ╔══════════════════════╦═══════════════════════╦═════════════╦════════════════════════════════════════════════════════════════════════╗ | |
| ║ Objects in Domain ║ Time Taken ║ Cache Built ║ Other Comments ║ | |
| ╠══════════════════════╬═══════════════════════╬═════════════╬════════════════════════════════════════════════════════════════════════╣ | |
| ║ ~35000 ║ 25 minutes 34 seconds ║ No ║ ║ | |
| ║ ~3000 ║ 30 seconds ║ No ║ Enumeration over VPN ║ | |
| ║ ~370000 (not a typo) ║ 9 hours 42 minutes ║ No ║ Enumeration over VPN. Powershell ingestor never finished after 3 days ║ | |
| ║ ~130000 ║ 40 minutes ║ No ║ ║ | |
| ║ ~40500 ║ 10 minutes ║ No ║ Old inges |
rvazarkar
/ gist:93418965f479702a9a12790081040dba
Created
September 20, 2017 16:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ╔═══════════════════╦═══════════════════════╦══════════════════════╗ | |
| ║ Collection Method ║ Old Ingestor ║ New Ingestor ║ | |
| ╠═══════════════════╬═══════════════════════╬══════════════════════╣ | |
| ║ Group ║ 1 minute 10 seconds ║ 19 seconds ║ | |
| ║ LocalGroup ║ 29 minutes 57 seconds ║ 6 minutes 21 seconds ║ | |
| ║ Session ║ 29 minutes 1 second ║ 5 minutes 36 seconds ║ | |
| ║ ACL ║ 10 minutes 20 seconds ║ 37 seconds ║ | |
| ╚═══════════════════╩═══════════════════════╩══════════════════════╝ |
rvazarkar
/ gist:58647d21d777cc2db59ebd44627436ca
Last active
October 23, 2017 19:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public SearchRequest GetSearchRequest(string filter, SearchScope scope, string[] attribs, string domainName = null, string adsPath = null) | |
| { | |
| Domain targetDomain; | |
| try | |
| { | |
| targetDomain = GetDomain(domainName); | |
| } | |
| catch | |
| { | |
| return null; |
rvazarkar
/ gist:de161e75c25103ae0e479365b4024904
Last active
October 23, 2017 19:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BlockingCollection<string> collection = new BlockingCollection<string>(); | |
| foreach (var string in collection.GetConsumingEnumerable()){ | |
| DoSomething(string); | |
| } |
rvazarkar
/ gist:743afc27172fcc6b666b1b2da4703978
Last active
October 23, 2017 19:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| namespace Sharphound2 | |
| { | |
| //This class exists because of a memory leak in BlockingCollection. By setting the reference to Item to null after enumerating it, | |
| //we can force garbage collection of the internal item, while the Wrapper is held by the collection. | |
| //This is highly preferable because the internal item consumes a lot of memory while the wrapper barely uses any | |
| class Wrapper<T> | |
| { | |
| public T Item { get; set; } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| internal bool DoPing(string hostname) | |
| { | |
| try | |
| { | |
| using (var client = new TcpClient()) | |
| { | |
| var result = client.BeginConnect(hostname, 445, null, null); | |
| var success = result.AsyncWaitHandle.WaitOne(_pingTimeout); | |
| if (!success) | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "statements" : [ | |
| { | |
| "statement" : "MERGE (n:User {name:'DOMAIN ADMINS@TESTLAB.LOCAL'})-[r:AdminTo]-(m:Computer {name:'PRIMARY.TESTLAB.LOCAL'})" | |
| }, | |
| { | |
| "statement" : "MERGE (n:User {name:'DOMAIN ADMINS@TESTLAB.LOCAL'})-[r:AdminTo]-(m:Computer {name:'SECONDARY.TESTLAB.LOCAL'})" | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "statements" : [ | |
| { | |
| "statement" : "MERGE (n:Group {name:{props.name}})", | |
| "parameters" : { | |
| "props" : { | |
| "name" : "DOMAIN ADMINS@TESTLAB.LOCAL" | |
| } | |
| } | |
| } |
rvazarkar
/ TargetCheatSheet.csv
Last active
December 6, 2022 08:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Collection Method | API Call | MSDN Link | Default Targets | Stealth Targets | |
|---|---|---|---|---|---|
| Session | NetSessionEnum | https://msdn.microsoft.com/en-us/library/windows/desktop/bb525382(v=vs.85).aspx | All Computers | Domain Controllers + 'Share Servers' | |
| LocalGroup | Modified NetLocalGroupGetMembers | https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx | All Computers | GPO Files | |
| Group | Ldap | N/A | All User Group and Computer Objects | All User Group and Computer Objects | |
| Trusts | DsEnumerateDomainTrusts | https://msdn.microsoft.com/en-us/library/ms675976(v=vs.85).aspx | All Domain and TrustedDomain objects | All Domain and TrustedDomain objects | |
| LoggedOn | Remote Registry + NetWkstaUserEnum | https://msdn.microsoft.com/en-us/library/windows/desktop/aa370669(v=vs.85).aspx | All Computers | Domain Controllers + 'Share Servers' | |
| ACL | Ldap | N/A | All user group computer and domain objects | All user group computer and domain objects | |
| ObjectProps | Ldap | N/A | All user and computer objects | All user and computer objects |
OlderNewer